Initial attempt at a Fuchsia port.
It doesn't quite actually work yet. The client connects, keystrokes are
transmitted but nothing is shown locally. Eventually the receive window
fills. The server starts but doesn't seem to work.
Changes from upstream:
- a BUILD.gn replaces Makefiles
- a fuchsia/config.h based on the config.h generated by configure but
hacked some
- some type casts and other changes to allow openssh to build with
boringssl
- some attempts to disable PRIVSEP
- implemented a stub for chroot in fuchsia/fuchsia-compat.*
- implemented a custom auth-passwd that always fails in
fuchsia/fuchsia-compat.*
- implemented getpwent, getpwname & getpwuid that lie in
fuchsia/fuchsia-compat.c
- the start of an sshd_config for Fuchsia in fuchsia/
Change-Id: I3b3f2bd7605df8500d2b97806fabde3af3095cce
diff --git a/BUILD.gn b/BUILD.gn
new file mode 100644
index 0000000..65500c7
--- /dev/null
+++ b/BUILD.gn
@@ -0,0 +1,459 @@
+# Copyright 2017 The Fuchsia Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+group("openssh-portable") {
+ deps = [
+ ":config-files",
+ ":scp",
+ ":sftp-server",
+ ":ssh",
+ ":ssh-keygen",
+ ":sshd",
+ ]
+}
+
+config("fuchsia") {
+ include_dirs = [
+ ".",
+ "fuchsia",
+ ]
+ defines = [
+ "u_int64_t=uint64_t",
+ "SSHDIR=\"/system/data/ssh\"",
+ ]
+ cflags = [
+ "-include",
+ rebase_path("fuchsia/fuchsia-compat.h"),
+ ]
+
+ configs = [
+ "//third_party/boringssl:boringssl_config",
+ "//third_party/zlib:zlib_config",
+ ]
+}
+
+copy("config-files") {
+ sources = [
+ "fuchsia/sshd_config",
+ ]
+ outputs = [
+ "$root_out_dir/{{source_file_part}}",
+ ]
+}
+
+source_set("fuchsia-compat") {
+ sources = [
+ "fuchsia/fuchsia-compat.c",
+ "fuchsia/fuchsia-compat.h",
+ ]
+ configs += [ ":fuchsia" ]
+}
+
+# This needs to be a static library because some of its symbols are replaced
+# when it is linked into executables.
+static_library("libopenssh") {
+ sources = [
+ "bitmap.c",
+ "bitmap.h",
+ "krl.c",
+ "krl.h",
+ "ssh_api.c",
+ "ssh_api.h",
+ "sshbuf-getput-basic.c",
+ "sshbuf-getput-crypto.c",
+ "sshbuf-misc.c",
+ "sshbuf.c",
+ "sshbuf.h",
+ "ssherr.c",
+ "ssherr.h",
+ "sshkey.c",
+ "sshkey.h",
+ ]
+ configs += [ ":fuchsia" ]
+
+ deps = [
+ "//third_party/boringssl",
+ "//third_party/zlib",
+ ]
+}
+
+config("umac128_config") {
+ defines = [
+ "UMAC_OUTPUT_LEN=16",
+ "umac_new=umac128_new",
+ "umac_update=umac128_update",
+ "umac_final=umac128_final",
+ "umac_delete=umac128_delete",
+ "umac_ctx=umac128_ctx",
+ ]
+}
+
+source_set("umac128") {
+ sources = [
+ "umac.c",
+ ]
+ configs += [
+ ":umac128_config",
+ ":fuchsia",
+ ]
+}
+
+# This needs to be a static library because some of its symbols are replaced
+# when it is linked into executables.
+static_library("libssh") {
+ sources = [
+ "addrmatch.c",
+ "atomicio.c",
+ "atomicio.h",
+ "authfd.c",
+ "authfd.h",
+ "authfile.c",
+ "authfile.h",
+ "blocks.c",
+ "bufaux.c",
+ "bufbn.c",
+ "bufec.c",
+ "buffer.c",
+ "buffer.h",
+ "canohost.c",
+ "canohost.h",
+ "chacha.c",
+ "chacha.h",
+ "channels.c",
+ "channels.h",
+ "cipher-3des1.c",
+ "cipher-aes.c",
+ "cipher-aesctr.c",
+ "cipher-aesctr.h",
+ "cipher-bf1.c",
+ "cipher-chachapoly.c",
+ "cipher-chachapoly.h",
+ "cipher-ctr.c",
+ "cipher.c",
+ "cipher.h",
+ "cleanup.c",
+ "compat.c",
+ "compat.h",
+ "crc32.c",
+ "crc32.h",
+ "deattack.c",
+ "deattack.h",
+ "dh.c",
+ "dh.h",
+ "digest-libc.c",
+ "digest-openssl.c",
+ "dispatch.c",
+ "dispatch.h",
+ "dns.c",
+ "dns.h",
+ "ed25519.c",
+ "entropy.c",
+ "entropy.h",
+ "fatal.c",
+ "fe25519.c",
+ "fe25519.h",
+ "ge25519.c",
+ "ge25519.h",
+ "gss-genr.c",
+ "hash.c",
+ "hmac.c",
+ "hmac.h",
+ "hostfile.c",
+ "hostfile.h",
+ "kex.c",
+ "kex.h",
+ "kexc25519.c",
+ "kexc25519c.c",
+ "kexc25519s.c",
+ "kexdh.c",
+ "kexdhc.c",
+ "kexdhs.c",
+ "kexecdh.c",
+ "kexecdhc.c",
+ "kexecdhs.c",
+ "kexgex.c",
+ "kexgexc.c",
+ "kexgexs.c",
+ "key.c",
+ "key.h",
+ "log.c",
+ "log.h",
+ "mac.c",
+ "mac.h",
+ "match.c",
+ "match.h",
+ "md-sha256.c",
+ "misc.c",
+ "misc.h",
+ "moduli.c",
+ "monitor_fdpass.c",
+ "monitor_fdpass.h",
+ "msg.c",
+ "msg.h",
+ "nchan.c",
+ "opacket.c",
+ "opacket.h",
+ "packet.c",
+ "packet.h",
+ "platform-pledge.c",
+ "platform-tracing.c",
+ "poly1305.c",
+ "poly1305.h",
+ "progressmeter.c",
+ "progressmeter.h",
+ "readpass.c",
+ "rijndael.c",
+ "rijndael.h",
+ "rsa.c",
+ "rsa.h",
+ "sc25519.c",
+ "sc25519.h",
+ "smult_curve25519_ref.c",
+ "ssh-dss.c",
+ "ssh-ecdsa.c",
+ "ssh-ed25519.c",
+ "ssh-pkcs11.c",
+ "ssh-pkcs11.h",
+ "ssh-rsa.c",
+ "ttymodes.c",
+ "ttymodes.h",
+ "uidswap.c",
+ "uidswap.h",
+ "umac.c",
+ "umac.h",
+ "utf8.c",
+ "utf8.h",
+ "uuencode.c",
+ "uuencode.h",
+ "verify.c",
+ "xmalloc.c",
+ "xmalloc.h",
+ ]
+
+ deps = [
+ ":fuchsia-compat",
+ ":libopenssh",
+ ":openbsd-compat",
+ ":umac128",
+ "//third_party/boringssl",
+ ]
+ configs += [ ":fuchsia" ]
+}
+
+config("openbsd-compat-config") {
+ include_dirs = [ "openbsd-compat" ]
+}
+
+source_set("openbsd-compat") {
+ sources = [
+ "openbsd-compat/arc4random.c",
+ "openbsd-compat/base64.c",
+ "openbsd-compat/base64.h",
+ "openbsd-compat/basename.c",
+ "openbsd-compat/bcrypt_pbkdf.c",
+ "openbsd-compat/bindresvport.c",
+ "openbsd-compat/blowfish.c",
+ "openbsd-compat/bsd-asprintf.c",
+ "openbsd-compat/bsd-closefrom.c",
+ "openbsd-compat/bsd-cray.c",
+ "openbsd-compat/bsd-cray.h",
+ "openbsd-compat/bsd-cygwin_util.c",
+ "openbsd-compat/bsd-cygwin_util.h",
+ "openbsd-compat/bsd-err.c",
+ "openbsd-compat/bsd-getpeereid.c",
+ "openbsd-compat/bsd-misc.c",
+ "openbsd-compat/bsd-misc.h",
+ "openbsd-compat/bsd-nextstep.c",
+ "openbsd-compat/bsd-nextstep.h",
+ "openbsd-compat/bsd-openpty.c",
+ "openbsd-compat/bsd-poll.c",
+ "openbsd-compat/bsd-poll.h",
+ "openbsd-compat/bsd-setres_id.c",
+ "openbsd-compat/bsd-setres_id.h",
+ "openbsd-compat/bsd-snprintf.c",
+ "openbsd-compat/bsd-statvfs.c",
+ "openbsd-compat/bsd-statvfs.h",
+ "openbsd-compat/bsd-waitpid.c",
+ "openbsd-compat/bsd-waitpid.h",
+ "openbsd-compat/daemon.c",
+ "openbsd-compat/dirname.c",
+ "openbsd-compat/explicit_bzero.c",
+ "openbsd-compat/fake-rfc2553.c",
+ "openbsd-compat/fake-rfc2553.h",
+ "openbsd-compat/fmt_scaled.c",
+ "openbsd-compat/getcwd.c",
+ "openbsd-compat/getgrouplist.c",
+ "openbsd-compat/getopt_long.c",
+ "openbsd-compat/getrrsetbyname-ldns.c",
+ "openbsd-compat/getrrsetbyname.c",
+ "openbsd-compat/getrrsetbyname.h",
+ "openbsd-compat/glob.c",
+ "openbsd-compat/glob.h",
+ "openbsd-compat/inet_aton.c",
+ "openbsd-compat/inet_ntoa.c",
+ "openbsd-compat/inet_ntop.c",
+ "openbsd-compat/kludge-fd_set.c",
+ "openbsd-compat/md5.c",
+ "openbsd-compat/md5.h",
+ "openbsd-compat/mktemp.c",
+ "openbsd-compat/openssl-compat.c",
+ "openbsd-compat/openssl-compat.h",
+ "openbsd-compat/pwcache.c",
+ "openbsd-compat/readpassphrase.c",
+ "openbsd-compat/readpassphrase.h",
+ "openbsd-compat/reallocarray.c",
+ "openbsd-compat/realpath.c",
+ "openbsd-compat/rmd160.c",
+ "openbsd-compat/rmd160.h",
+ "openbsd-compat/rresvport.c",
+ "openbsd-compat/setenv.c",
+ "openbsd-compat/setproctitle.c",
+ "openbsd-compat/sha1.c",
+ "openbsd-compat/sha1.h",
+ "openbsd-compat/sha2.c",
+ "openbsd-compat/sha2.h",
+ "openbsd-compat/sigact.c",
+ "openbsd-compat/sigact.h",
+ "openbsd-compat/strcasestr.c",
+ "openbsd-compat/strlcat.c",
+ "openbsd-compat/strlcpy.c",
+ "openbsd-compat/strmode.c",
+ "openbsd-compat/strnlen.c",
+ "openbsd-compat/strptime.c",
+ "openbsd-compat/strsep.c",
+ "openbsd-compat/strtoll.c",
+ "openbsd-compat/strtonum.c",
+ "openbsd-compat/strtoul.c",
+ "openbsd-compat/strtoull.c",
+ "openbsd-compat/timingsafe_bcmp.c",
+ "openbsd-compat/vis.c",
+ "openbsd-compat/vis.h",
+ ]
+ configs += [
+ ":fuchsia",
+ ":openbsd-compat-config",
+ ]
+}
+
+executable("ssh") {
+ sources = [
+ "clientloop.c",
+ "mux.c",
+ "readconf.c",
+ "ssh.c",
+ "sshconnect.c",
+ "sshconnect1.c",
+ "sshconnect2.c",
+ "sshtty.c",
+ ]
+ deps = [
+ ":libssh",
+ ]
+ configs += [ ":fuchsia" ]
+}
+
+executable("sshd") {
+ sources = [
+ "audit-bsm.c",
+ "audit-linux.c",
+ "audit.c",
+ "audit.h",
+ "auth-bsdauth.c",
+ "auth-krb5.c",
+ "auth-options.c",
+ "auth-options.h",
+ "auth-pam.c",
+ "auth-pam.h",
+ "auth-passwd.c",
+ "auth-rhosts.c",
+ "auth-shadow.c",
+ "auth-sia.c",
+ "auth-sia.h",
+ "auth-skey.c",
+ "auth.c",
+ "auth.h",
+ "auth2-chall.c",
+ "auth2-gss.c",
+ "auth2-hostbased.c",
+ "auth2-kbdint.c",
+ "auth2-none.c",
+ "auth2-passwd.c",
+ "auth2-pubkey.c",
+ "auth2.c",
+ "groupaccess.c",
+ "groupaccess.h",
+ "gss-serv-krb5.c",
+ "gss-serv.c",
+ "loginrec.c",
+ "loginrec.h",
+ "md5crypt.c",
+ "md5crypt.h",
+ "monitor.c",
+ "monitor.h",
+ "monitor_wrap.c",
+ "monitor_wrap.h",
+ "platform.c",
+ "platform.h",
+ "sandbox-capsicum.c",
+ "sandbox-darwin.c",
+ "sandbox-null.c",
+ "sandbox-pledge.c",
+ "sandbox-rlimit.c",
+ "sandbox-seccomp-filter.c",
+ "sandbox-solaris.c",
+ "sandbox-systrace.c",
+ "servconf.c",
+ "servconf.h",
+ "serverloop.c",
+ "serverloop.h",
+ "session.c",
+ "session.h",
+ "sftp-common.c",
+ "sftp-common.h",
+ "sftp-server.c",
+ "sshd.c",
+ "sshlogin.c",
+ "sshlogin.h",
+ "sshpty.c",
+ "sshpty.h",
+ ]
+ configs += [ ":fuchsia" ]
+ deps = [
+ ":libssh",
+ ]
+}
+
+executable("ssh-keygen") {
+ configs += [ ":fuchsia" ]
+ sources = [
+ "ssh-keygen.c",
+ ]
+ deps = [
+ ":libssh",
+ ]
+}
+
+executable("sftp-server") {
+ sources = [
+ "sftp-common.c",
+ "sftp-server-main.c",
+ "sftp-server.c",
+ ]
+ configs += [ ":fuchsia" ]
+ deps = [
+ ":libssh",
+ ]
+}
+
+executable("scp") {
+ sources = [
+ "bufaux.c",
+ "progressmeter.c",
+ "scp.c",
+ ]
+ configs += [ ":fuchsia" ]
+ deps = [
+ ":libssh",
+ ]
+}
diff --git a/dh.c b/dh.c
index 4753124..3b14a7b 100644
--- a/dh.c
+++ b/dh.c
@@ -122,7 +122,7 @@
error("moduli:%d: could not parse prime value", linenum);
goto fail;
}
- if (BN_num_bits(dhg->p) != dhg->size) {
+ if (BN_num_bits(dhg->p) != (unsigned int)dhg->size) {
error("moduli:%d: prime has wrong size: actual %d listed %d",
linenum, BN_num_bits(dhg->p), dhg->size - 1);
goto fail;
@@ -271,7 +271,7 @@
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
* so double requested need here.
*/
- dh->length = MINIMUM(need * 2, pbits - 1);
+ dh->priv_length = MINIMUM(need * 2, pbits - 1);
if (DH_generate_key(dh) == 0 ||
!dh_pub_is_valid(dh, dh->pub_key)) {
BN_clear_free(dh->priv_key);
diff --git a/fuchsia/config.h b/fuchsia/config.h
new file mode 100644
index 0000000..802c4ba
--- /dev/null
+++ b/fuchsia/config.h
@@ -0,0 +1,1765 @@
+/* config.h. Generated from config.h.in by configure. */
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+ */
+/* #undef AIX_GETNAMEINFO_HACK */
+
+/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
+/* #undef AIX_LOGINFAILED_4ARG */
+
+/* System only supports IPv4 audit records */
+/* #undef AU_IPv4 */
+
+/* Define if your resolver libs need this for getrrsetbyname */
+/* #undef BIND_8_COMPAT */
+
+/* The system has incomplete BSM API */
+/* #undef BROKEN_BSM_API */
+
+/* Define if cmsg_type is not passed correctly */
+/* #undef BROKEN_CMSG_TYPE */
+
+/* getaddrinfo is broken (if present) */
+/* #undef BROKEN_GETADDRINFO */
+
+/* getgroups(0,NULL) will return -1 */
+/* #undef BROKEN_GETGROUPS */
+
+/* FreeBSD glob does not do what we need */
+/* #undef BROKEN_GLOB */
+
+/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
+/* #undef BROKEN_INET_NTOA */
+
+/* ia_uinfo routines not supported by OS yet */
+/* #undef BROKEN_LIBIAF */
+
+/* Define if your struct dirent expects you to allocate extra space for d_name
+ */
+/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */
+
+/* Can't do comparisons on readv */
+/* #undef BROKEN_READV_COMPARISON */
+
+/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
+ against it */
+/* #undef BROKEN_READ_COMPARISON */
+
+/* realpath does not work with nonexistent files */
+#define BROKEN_REALPATH 1
+
+/* Needed for NeXT */
+/* #undef BROKEN_SAVED_UIDS */
+
+/* Define if your setregid() is broken */
+/* #undef BROKEN_SETREGID */
+
+/* Define if your setresgid() is broken */
+/* #undef BROKEN_SETRESGID */
+
+/* Define if your setresuid() is broken */
+/* #undef BROKEN_SETRESUID */
+
+/* Define if your setreuid() is broken */
+/* #undef BROKEN_SETREUID */
+
+/* LynxOS has broken setvbuf() implementation */
+/* #undef BROKEN_SETVBUF */
+
+/* QNX shadow support is broken */
+/* #undef BROKEN_SHADOW_EXPIRE */
+
+/* Define if your snprintf is busted */
+/* #undef BROKEN_SNPRINTF */
+
+/* strnvis detected broken */
+#define BROKEN_STRNVIS 1
+
+/* tcgetattr with ICANON may hang */
+/* #undef BROKEN_TCGETATTR_ICANON */
+
+/* updwtmpx is broken (if present) */
+/* #undef BROKEN_UPDWTMPX */
+
+/* Define if you have BSD auth support */
+/* #undef BSD_AUTH */
+
+/* Define if you want to specify the path to your lastlog file */
+/* #undef CONF_LASTLOG_FILE */
+
+/* Define if you want to specify the path to your utmp file */
+/* #undef CONF_UTMP_FILE */
+
+/* Define if you want to specify the path to your wtmpx file */
+/* #undef CONF_WTMPX_FILE */
+
+/* Define if you want to specify the path to your wtmp file */
+/* #undef CONF_WTMP_FILE */
+
+/* Define if your platform needs to skip post auth file descriptor passing */
+/* #undef DISABLE_FD_PASSING */
+
+/* Define if you don't want to use lastlog */
+/* #undef DISABLE_LASTLOG */
+
+/* Define if you don't want to use your system's login() call */
+/* #undef DISABLE_LOGIN */
+
+/* Define if you don't want to use pututline() etc. to write [uw]tmp */
+/* #undef DISABLE_PUTUTLINE */
+
+/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
+/* #undef DISABLE_PUTUTXLINE */
+
+/* Define if you want to disable shadow passwords */
+/* #undef DISABLE_SHADOW */
+
+/* Define if you don't want to use utmp */
+/* #undef DISABLE_UTMP */
+
+/* Define if you don't want to use utmpx */
+/* #undef DISABLE_UTMPX */
+
+/* Define if you don't want to use wtmp */
+/* #undef DISABLE_WTMP */
+
+/* Define if you don't want to use wtmpx */
+#define DISABLE_WTMPX 1
+
+/* Enable for PKCS#11 support */
+/*#define ENABLE_PKCS11 */
+
+/* File names may not contain backslash characters */
+/* #undef FILESYSTEM_NO_BACKSLASH */
+
+/* fsid_t has member val */
+/* #undef FSID_HAS_VAL */
+
+/* fsid_t has member __val */
+/* #undef FSID_HAS___VAL */
+
+/* Define to 1 if the `getpgrp' function requires zero arguments. */
+#define GETPGRP_VOID 1
+
+/* Conflicting defs for getspnam */
+/* #undef GETSPNAM_CONFLICTING_DEFS */
+
+/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
+#define GLOB_HAS_ALTDIRFUNC 1
+
+/* Define if your system glob() function has gl_matchc options in glob_t */
+/* #undef GLOB_HAS_GL_MATCHC */
+
+/* Define if your system glob() function has gl_statv options in glob_t */
+/* #undef GLOB_HAS_GL_STATV */
+
+/* Define this if you want GSSAPI support in the version 2 protocol */
+/* #undef GSSAPI */
+
+/* Define if you want to use shadow password expire field */
+#define HAS_SHADOW_EXPIRE 1
+
+/* Define if your system uses access rights style file descriptor passing */
+/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */
+
+/* Define if you have ut_addr in utmp.h */
+#define HAVE_ADDR_IN_UTMP 1
+
+/* Define if you have ut_addr in utmpx.h */
+#define HAVE_ADDR_IN_UTMPX 1
+
+/* Define if you have ut_addr_v6 in utmp.h */
+#define HAVE_ADDR_V6_IN_UTMP 1
+
+/* Define if you have ut_addr_v6 in utmpx.h */
+#define HAVE_ADDR_V6_IN_UTMPX 1
+
+/* Define to 1 if you have the `arc4random' function. */
+/* #undef HAVE_ARC4RANDOM */
+
+/* Define to 1 if you have the `arc4random_buf' function. */
+/* #undef HAVE_ARC4RANDOM_BUF */
+
+/* Define to 1 if you have the `arc4random_stir' function. */
+/* #undef HAVE_ARC4RANDOM_STIR */
+
+/* Define to 1 if you have the `arc4random_uniform' function. */
+/* #undef HAVE_ARC4RANDOM_UNIFORM */
+
+/* Define to 1 if you have the `asprintf' function. */
+#define HAVE_ASPRINTF 1
+
+/* OpenBSD's gcc has bounded */
+/* #undef HAVE_ATTRIBUTE__BOUNDED__ */
+
+/* Have attribute nonnull */
+#define HAVE_ATTRIBUTE__NONNULL__ 1
+
+/* OpenBSD's gcc has sentinel */
+/* #undef HAVE_ATTRIBUTE__SENTINEL__ */
+
+/* Define to 1 if you have the `aug_get_machine' function. */
+/* #undef HAVE_AUG_GET_MACHINE */
+
+/* Define to 1 if you have the `b64_ntop' function. */
+/* #undef HAVE_B64_NTOP */
+
+/* Define to 1 if you have the `b64_pton' function. */
+/* #undef HAVE_B64_PTON */
+
+/* Define if you have the basename function. */
+#define HAVE_BASENAME 1
+
+/* Define to 1 if you have the `bcopy' function. */
+#define HAVE_BCOPY 1
+
+/* Define to 1 if you have the `bcrypt_pbkdf' function. */
+/* #undef HAVE_BCRYPT_PBKDF */
+
+/* Define to 1 if you have the `bindresvport_sa' function. */
+/* #undef HAVE_BINDRESVPORT_SA */
+
+/* Define to 1 if you have the `blf_enc' function. */
+/* #undef HAVE_BLF_ENC */
+
+/* Define to 1 if you have the <blf.h> header file. */
+/* #undef HAVE_BLF_H */
+
+/* Define to 1 if you have the `Blowfish_expand0state' function. */
+/* #undef HAVE_BLOWFISH_EXPAND0STATE */
+
+/* Define to 1 if you have the `Blowfish_expandstate' function. */
+/* #undef HAVE_BLOWFISH_EXPANDSTATE */
+
+/* Define to 1 if you have the `Blowfish_initstate' function. */
+/* #undef HAVE_BLOWFISH_INITSTATE */
+
+/* Define to 1 if you have the `Blowfish_stream2word' function. */
+/* #undef HAVE_BLOWFISH_STREAM2WORD */
+
+/* Define to 1 if you have the `BN_is_prime_ex' function. */
+#define HAVE_BN_IS_PRIME_EX 1
+
+/* Define to 1 if you have the <bsd/libutil.h> header file. */
+/* #undef HAVE_BSD_LIBUTIL_H */
+
+/* Define to 1 if you have the <bsm/audit.h> header file. */
+/* #undef HAVE_BSM_AUDIT_H */
+
+/* Define to 1 if you have the <bstring.h> header file. */
+/* #undef HAVE_BSTRING_H */
+
+/* Define to 1 if you have the `cap_rights_limit' function. */
+/* #undef HAVE_CAP_RIGHTS_LIMIT */
+
+/* Define to 1 if you have the `clock' function. */
+#define HAVE_CLOCK 1
+
+/* Have clock_gettime */
+#define HAVE_CLOCK_GETTIME 1
+
+/* define if you have clock_t data type */
+#define HAVE_CLOCK_T 1
+
+/* Define to 1 if you have the `closefrom' function. */
+/* #undef HAVE_CLOSEFROM */
+
+/* Define if gai_strerror() returns const char * */
+#define HAVE_CONST_GAI_STRERROR_PROTO 1
+
+/* Define if your system uses ancillary data style file descriptor passing */
+#define HAVE_CONTROL_IN_MSGHDR 1
+
+/* Define to 1 if you have the `crypt' function. */
+/*#define HAVE_CRYPT 1*/
+
+/* Define to 1 if you have the <crypto/sha2.h> header file. */
+/* #undef HAVE_CRYPTO_SHA2_H */
+
+/* Define to 1 if you have the <crypt.h> header file. */
+/*#define HAVE_CRYPT_H 1*/
+
+/* Define if you are on Cygwin */
+/* #undef HAVE_CYGWIN */
+
+/* Define if your libraries define daemon() */
+#define HAVE_DAEMON 1
+
+/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if
+ you don't. */
+#define HAVE_DECL_AI_NUMERICSERV 1
+
+/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_AUTHENTICATE */
+
+/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
+ don't. */
+#define HAVE_DECL_GLOB_NOMATCH 1
+
+/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
+ and to 0 if you don't. */
+/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
+
+/* Define to 1 if you have the declaration of `howmany', and to 0 if you
+ don't. */
+#define HAVE_DECL_HOWMANY 1
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+ don't. */
+#define HAVE_DECL_H_ERRNO 1
+
+/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_LOGINFAILED */
+
+/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
+ you don't. */
+/* #undef HAVE_DECL_LOGINRESTRICTIONS */
+
+/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_LOGINSUCCESS */
+
+/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you
+ don't. */
+#define HAVE_DECL_MAXSYMLINKS 1
+
+/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
+ don't. */
+#define HAVE_DECL_NFDBITS 1
+
+/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
+ don't. */
+#define HAVE_DECL_OFFSETOF 1
+
+/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
+ don't. */
+#define HAVE_DECL_O_NONBLOCK 1
+
+/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_PASSWDEXPIRED */
+
+/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_SETAUTHDB */
+
+/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
+ don't. */
+#define HAVE_DECL_SHUT_RD 1
+
+/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
+ */
+#define HAVE_DECL_WRITEV 1
+
+/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
+ don't. */
+#define HAVE_DECL__GETLONG 0
+
+/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
+ don't. */
+#define HAVE_DECL__GETSHORT 0
+
+/* Define to 1 if you have the `DES_crypt' function. */
+/*#define HAVE_DES_CRYPT 1*/
+
+/* Define if you have /dev/ptmx */
+/* #undef HAVE_DEV_PTMX */
+
+/* Define if you have /dev/ptc */
+/* #undef HAVE_DEV_PTS_AND_PTC */
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#define HAVE_DIRENT_H 1
+
+/* Define to 1 if you have the `dirfd' function. */
+#define HAVE_DIRFD 1
+
+/* Define to 1 if you have the `dirname' function. */
+#define HAVE_DIRNAME 1
+
+/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
+#define HAVE_DSA_GENERATE_PARAMETERS_EX 1
+
+/* Define to 1 if you have the <elf.h> header file. */
+#define HAVE_ELF_H 1
+
+/* Define to 1 if you have the `endgrent' function. */
+#define HAVE_ENDGRENT 1
+
+/* Define to 1 if you have the <endian.h> header file. */
+#define HAVE_ENDIAN_H 1
+
+/* Define to 1 if you have the `endutent' function. */
+#define HAVE_ENDUTENT 1
+
+/* Define to 1 if you have the `endutxent' function. */
+#define HAVE_ENDUTXENT 1
+
+/* Define to 1 if you have the `err' function. */
+#define HAVE_ERR 1
+
+/* Define to 1 if you have the `errx' function. */
+#define HAVE_ERRX 1
+
+/* Define to 1 if you have the <err.h> header file. */
+#define HAVE_ERR_H 1
+
+/* Define if your system has /etc/default/login */
+/* #undef HAVE_ETC_DEFAULT_LOGIN */
+
+/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
+#define HAVE_EVP_CIPHER_CTX_CTRL 1
+
+/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
+#define HAVE_EVP_DIGESTFINAL_EX 1
+
+/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
+#define HAVE_EVP_DIGESTINIT_EX 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
+#define HAVE_EVP_MD_CTX_CLEANUP 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
+#define HAVE_EVP_MD_CTX_COPY_EX 1
+
+/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
+#define HAVE_EVP_MD_CTX_INIT 1
+
+/* Define to 1 if you have the `EVP_ripemd160' function. */
+#define HAVE_EVP_RIPEMD160 1
+
+/* Define to 1 if you have the `EVP_sha256' function. */
+#define HAVE_EVP_SHA256 1
+
+/* Define if you have ut_exit in utmp.h */
+#define HAVE_EXIT_IN_UTMP 1
+
+/* Define to 1 if you have the `explicit_bzero' function. */
+/* #undef HAVE_EXPLICIT_BZERO */
+
+/* Define to 1 if you have the `fchmod' function. */
+#define HAVE_FCHMOD 1
+
+/* Define to 1 if you have the `fchown' function. */
+#define HAVE_FCHOWN 1
+
+/* Use F_CLOSEM fcntl for closefrom */
+/* #undef HAVE_FCNTL_CLOSEM */
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if the system has the type `fd_mask'. */
+#define HAVE_FD_MASK 1
+
+/* Define to 1 if you have the <features.h> header file. */
+#define HAVE_FEATURES_H 1
+
+/* Define to 1 if you have the <floatingpoint.h> header file. */
+/* #undef HAVE_FLOATINGPOINT_H */
+
+/* Define to 1 if you have the `fmt_scaled' function. */
+/* #undef HAVE_FMT_SCALED */
+
+/* Define to 1 if you have the `freeaddrinfo' function. */
+#define HAVE_FREEADDRINFO 1
+
+/* Define to 1 if the system has the type `fsblkcnt_t'. */
+#define HAVE_FSBLKCNT_T 1
+
+/* Define to 1 if the system has the type `fsfilcnt_t'. */
+#define HAVE_FSFILCNT_T 1
+
+/* Define to 1 if you have the `fstatfs' function. */
+#define HAVE_FSTATFS 1
+
+/* Define to 1 if you have the `fstatvfs' function. */
+#define HAVE_FSTATVFS 1
+
+/* Define to 1 if you have the `futimes' function. */
+#define HAVE_FUTIMES 1
+
+/* Define to 1 if you have the `gai_strerror' function. */
+#define HAVE_GAI_STRERROR 1
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#define HAVE_GETADDRINFO 1
+
+/* Define to 1 if you have the `getaudit' function. */
+/* #undef HAVE_GETAUDIT */
+
+/* Define to 1 if you have the `getaudit_addr' function. */
+/* #undef HAVE_GETAUDIT_ADDR */
+
+/* Define to 1 if you have the `getcwd' function. */
+#define HAVE_GETCWD 1
+
+/* Define to 1 if you have the `getgrouplist' function. */
+#define HAVE_GETGROUPLIST 1
+
+/* Define to 1 if you have the `getgrset' function. */
+/* #undef HAVE_GETGRSET */
+
+/* Define to 1 if you have the `getlastlogxbyname' function. */
+/* #undef HAVE_GETLASTLOGXBYNAME */
+
+/* Define to 1 if you have the `getluid' function. */
+/* #undef HAVE_GETLUID */
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#define HAVE_GETNAMEINFO 1
+
+/* Define to 1 if you have the `getopt' function. */
+#define HAVE_GETOPT 1
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#define HAVE_GETOPT_H 1
+
+/* Define if your getopt(3) defines and uses optreset */
+#define HAVE_GETOPT_OPTRESET 1
+
+/* Define if your libraries define getpagesize() */
+#define HAVE_GETPAGESIZE 1
+
+/* Define to 1 if you have the `getpeereid' function. */
+/* #undef HAVE_GETPEEREID */
+
+/* Define to 1 if you have the `getpeerucred' function. */
+/* #undef HAVE_GETPEERUCRED */
+
+/* Define to 1 if you have the `getpgid' function. */
+#define HAVE_GETPGID 1
+
+/* Define to 1 if you have the `getpgrp' function. */
+#define HAVE_GETPGRP 1
+
+/* Define to 1 if you have the `getpwanam' function. */
+/* #undef HAVE_GETPWANAM */
+
+/* Define to 1 if you have the `getrlimit' function. */
+#define HAVE_GETRLIMIT 1
+
+/* Define if getrrsetbyname() exists */
+/* #undef HAVE_GETRRSETBYNAME */
+
+/* Define to 1 if you have the `getrusage' function. */
+/* #undef HAVE_GETRUSAGE */
+
+/* Define to 1 if you have the `getseuserbyname' function. */
+/* #undef HAVE_GETSEUSERBYNAME */
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the `getttyent' function. */
+/* #define HAVE_GETTTYENT 1 */
+
+/* Define to 1 if you have the `getutent' function. */
+#define HAVE_GETUTENT 1
+
+/* Define to 1 if you have the `getutid' function. */
+#define HAVE_GETUTID 1
+
+/* Define to 1 if you have the `getutline' function. */
+#define HAVE_GETUTLINE 1
+
+/* Define to 1 if you have the `getutxent' function. */
+#define HAVE_GETUTXENT 1
+
+/* Define to 1 if you have the `getutxid' function. */
+#define HAVE_GETUTXID 1
+
+/* Define to 1 if you have the `getutxline' function. */
+#define HAVE_GETUTXLINE 1
+
+/* Define to 1 if you have the `getutxuser' function. */
+/* #undef HAVE_GETUTXUSER */
+
+/* Define to 1 if you have the `get_default_context_with_level' function. */
+/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */
+
+/* Define to 1 if you have the `glob' function. */
+#define HAVE_GLOB 1
+
+/* Define to 1 if you have the <glob.h> header file. */
+#define HAVE_GLOB_H 1
+
+/* Define to 1 if you have the `group_from_gid' function. */
+/* #undef HAVE_GROUP_FROM_GID */
+
+/* Define to 1 if you have the <gssapi_generic.h> header file. */
+/* #undef HAVE_GSSAPI_GENERIC_H */
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_H */
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
+
+/* Define to 1 if you have the <gssapi.h> header file. */
+/* #undef HAVE_GSSAPI_H */
+
+/* Define to 1 if you have the <gssapi_krb5.h> header file. */
+/* #undef HAVE_GSSAPI_KRB5_H */
+
+/* Define if HEADER.ad exists in arpa/nameser.h */
+#define HAVE_HEADER_AD 1
+
+/* Define to 1 if you have the `HMAC_CTX_init' function. */
+#define HAVE_HMAC_CTX_INIT 1
+
+/* Define if you have ut_host in utmp.h */
+#define HAVE_HOST_IN_UTMP 1
+
+/* Define if you have ut_host in utmpx.h */
+#define HAVE_HOST_IN_UTMPX 1
+
+/* Define to 1 if you have the <iaf.h> header file. */
+/* #undef HAVE_IAF_H */
+
+/* Define to 1 if you have the <ia.h> header file. */
+/* #undef HAVE_IA_H */
+
+/* Define if you have ut_id in utmp.h */
+#define HAVE_ID_IN_UTMP 1
+
+/* Define if you have ut_id in utmpx.h */
+#define HAVE_ID_IN_UTMPX 1
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#define HAVE_INET_NTOA 1
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#define HAVE_INET_NTOP 1
+
+/* Define to 1 if you have the `innetgr' function. */
+/* #define HAVE_INNETGR 1 */
+
+/* define if you have int64_t data type */
+#define HAVE_INT64_T 1
+
+/* Define to 1 if the system has the type `intmax_t'. */
+#define HAVE_INTMAX_T 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* define if you have intxx_t data type */
+#define HAVE_INTXX_T 1
+
+/* Define to 1 if the system has the type `in_addr_t'. */
+#define HAVE_IN_ADDR_T 1
+
+/* Define to 1 if the system has the type `in_port_t'. */
+#define HAVE_IN_PORT_T 1
+
+/* Define if you have isblank(3C). */
+#define HAVE_ISBLANK 1
+
+/* Define to 1 if you have the `krb5_cc_new_unique' function. */
+/* #undef HAVE_KRB5_CC_NEW_UNIQUE */
+
+/* Define to 1 if you have the `krb5_free_error_message' function. */
+/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */
+
+/* Define to 1 if you have the `krb5_get_error_message' function. */
+/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */
+
+/* Define to 1 if you have the <langinfo.h> header file. */
+#define HAVE_LANGINFO_H 1
+
+/* Define to 1 if you have the <lastlog.h> header file. */
+#define HAVE_LASTLOG_H 1
+
+/* Define if you want ldns support */
+/* #undef HAVE_LDNS */
+
+/* Define to 1 if you have the <libaudit.h> header file. */
+/* #undef HAVE_LIBAUDIT_H */
+
+/* Define to 1 if you have the `bsm' library (-lbsm). */
+/* #undef HAVE_LIBBSM */
+
+/* Define to 1 if you have the `crypt' library (-lcrypt). */
+/* #undef HAVE_LIBCRYPT */
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+/* #undef HAVE_LIBDL */
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#define HAVE_LIBGEN_H 1
+
+/* Define if system has libiaf that supports set_id */
+/* #undef HAVE_LIBIAF */
+
+/* Define to 1 if you have the `network' library (-lnetwork). */
+/* #undef HAVE_LIBNETWORK */
+
+/* Define to 1 if you have the `pam' library (-lpam). */
+/* #undef HAVE_LIBPAM */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the <libutil.h> header file. */
+/* #undef HAVE_LIBUTIL_H */
+
+/* Define to 1 if you have the `xnet' library (-lxnet). */
+/* #undef HAVE_LIBXNET */
+
+/* Define to 1 if you have the `z' library (-lz). */
+#define HAVE_LIBZ 1
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define to 1 if you have the <linux/audit.h> header file. */
+/*#define HAVE_LINUX_AUDIT_H 1*/
+
+/* Define to 1 if you have the <linux/filter.h> header file. */
+/*#define HAVE_LINUX_FILTER_H 1*/
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+/*#define HAVE_LINUX_IF_TUN_H 1*/
+
+/* Define to 1 if you have the <linux/seccomp.h> header file. */
+/*#define HAVE_LINUX_SECCOMP_H 1*/
+
+/* Define to 1 if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define to 1 if you have the `login' function. */
+/* #define HAVE_LOGIN 1 */
+
+/* Define to 1 if you have the <login_cap.h> header file. */
+/* #undef HAVE_LOGIN_CAP_H */
+
+/* Define to 1 if you have the `login_getcapbool' function. */
+/* #undef HAVE_LOGIN_GETCAPBOOL */
+
+/* Define to 1 if you have the <login.h> header file. */
+/* #undef HAVE_LOGIN_H */
+
+/* Define to 1 if you have the `logout' function. */
+/* #define HAVE_LOGOUT 1 */
+
+/* Define to 1 if you have the `logwtmp' function. */
+/* #define HAVE_LOGWTMP 1 */
+
+/* Define to 1 if the system has the type `long double'. */
+#define HAVE_LONG_DOUBLE 1
+
+/* Define to 1 if the system has the type `long long'. */
+#define HAVE_LONG_LONG 1
+
+/* Define to 1 if you have the <maillock.h> header file. */
+/* #undef HAVE_MAILLOCK_H */
+
+/* Define to 1 if you have the `mblen' function. */
+#define HAVE_MBLEN 1
+
+/* Define to 1 if you have the `mbtowc' function. */
+#define HAVE_MBTOWC 1
+
+/* Define to 1 if you have the `md5_crypt' function. */
+/* #undef HAVE_MD5_CRYPT */
+
+/* Define if you want to allow MD5 passwords */
+/* #undef HAVE_MD5_PASSWORDS */
+
+/* Define to 1 if you have the `memmove' function. */
+#define HAVE_MEMMOVE 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset_s' function. */
+/* #undef HAVE_MEMSET_S */
+
+/* Define to 1 if you have the `mkdtemp' function. */
+#define HAVE_MKDTEMP 1
+
+/* define if you have mode_t data type */
+#define HAVE_MODE_T 1
+
+/* Some systems put nanosleep outside of libc */
+#define HAVE_NANOSLEEP 1
+
+/* Define to 1 if you have the <ndir.h> header file. */
+/* #undef HAVE_NDIR_H */
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+/* #undef HAVE_NETGROUP_H */
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+/* #undef HAVE_NET_IF_TUN_H */
+
+/* Define if you are on NeXT */
+/* #undef HAVE_NEXT */
+
+/* Define to 1 if you have the `ngetaddrinfo' function. */
+/* #undef HAVE_NGETADDRINFO */
+
+/* Define to 1 if you have the `nl_langinfo' function. */
+#define HAVE_NL_LANGINFO 1
+
+/* Define to 1 if you have the `nsleep' function. */
+/* #undef HAVE_NSLEEP */
+
+/* Define to 1 if you have the `ogetaddrinfo' function. */
+/* #undef HAVE_OGETADDRINFO */
+
+/* Define if you have an old version of PAM which takes only one argument to
+ pam_strerror */
+/* #undef HAVE_OLD_PAM */
+
+/* Define to 1 if you have the `openlog_r' function. */
+/* #undef HAVE_OPENLOG_R */
+
+/* Define to 1 if you have the `openpty' function. */
+#define HAVE_OPENPTY 1
+
+/* Define if your ssl headers are included with #include <openssl/header.h> */
+#define HAVE_OPENSSL 1
+
+/* Define if you have Digital Unix Security Integration Architecture */
+/* #undef HAVE_OSF_SIA */
+
+/* Define to 1 if you have the `pam_getenvlist' function. */
+/* #undef HAVE_PAM_GETENVLIST */
+
+/* Define to 1 if you have the <pam/pam_appl.h> header file. */
+/* #undef HAVE_PAM_PAM_APPL_H */
+
+/* Define to 1 if you have the `pam_putenv' function. */
+/* #undef HAVE_PAM_PUTENV */
+
+/* Define to 1 if you have the <paths.h> header file. */
+#define HAVE_PATHS_H 1
+
+/* Define if you have ut_pid in utmp.h */
+#define HAVE_PID_IN_UTMP 1
+
+/* define if you have pid_t data type */
+#define HAVE_PID_T 1
+
+/* Define to 1 if you have the `pledge' function. */
+/* #undef HAVE_PLEDGE */
+
+/* Define to 1 if you have the `poll' function. */
+#define HAVE_POLL 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#define HAVE_POLL_H 1
+
+/* Define to 1 if you have the `prctl' function. */
+#undef HAVE_PRCTL
+
+/* Define to 1 if you have the `priv_basicset' function. */
+/* #undef HAVE_PRIV_BASICSET */
+
+/* Define to 1 if you have the <priv.h> header file. */
+/* #undef HAVE_PRIV_H */
+
+/* Define if you have /proc/$pid/fd */
+#undef HAVE_PROC_PID
+
+/* Define to 1 if you have the `pstat' function. */
+/* #undef HAVE_PSTAT */
+
+/* Define to 1 if you have the <pty.h> header file. */
+#define HAVE_PTY_H 1
+
+/* Define to 1 if you have the `pututline' function. */
+#define HAVE_PUTUTLINE 1
+
+/* Define to 1 if you have the `pututxline' function. */
+#define HAVE_PUTUTXLINE 1
+
+/* Define to 1 if you have the `readpassphrase' function. */
+/* #undef HAVE_READPASSPHRASE */
+
+/* Define to 1 if you have the <readpassphrase.h> header file. */
+/* #undef HAVE_READPASSPHRASE_H */
+
+/* Define to 1 if you have the `reallocarray' function. */
+/* #undef HAVE_REALLOCARRAY */
+
+/* Define to 1 if you have the `realpath' function. */
+#define HAVE_REALPATH 1
+
+/* Define to 1 if you have the `recvmsg' function. */
+#define HAVE_RECVMSG 1
+
+/* sys/resource.h has RLIMIT_NPROC */
+#define HAVE_RLIMIT_NPROC /**/
+
+/* Define to 1 if you have the <rpc/types.h> header file. */
+#undef HAVE_RPC_TYPES_H
+
+/* Define to 1 if you have the `rresvport_af' function. */
+#define HAVE_RRESVPORT_AF 1
+
+/* Define to 1 if you have the `RSA_generate_key_ex' function. */
+#define HAVE_RSA_GENERATE_KEY_EX 1
+
+/* Define to 1 if you have the `RSA_get_default_method' function. */
+#define HAVE_RSA_GET_DEFAULT_METHOD 1
+
+/* Define to 1 if you have the <sandbox.h> header file. */
+/* #undef HAVE_SANDBOX_H */
+
+/* Define to 1 if you have the `sandbox_init' function. */
+/* #undef HAVE_SANDBOX_INIT */
+
+/* define if you have sa_family_t data type */
+#define HAVE_SA_FAMILY_T 1
+
+/* Define to 1 if you have the `scan_scaled' function. */
+/* #undef HAVE_SCAN_SCALED */
+
+/* Define if you have SecureWare-based protected password database */
+/* #undef HAVE_SECUREWARE */
+
+/* Define to 1 if you have the <security/pam_appl.h> header file. */
+#define HAVE_SECURITY_PAM_APPL_H 1
+
+/* Define to 1 if you have the `sendmsg' function. */
+#define HAVE_SENDMSG 1
+
+/* Define to 1 if you have the `setauthdb' function. */
+/* #undef HAVE_SETAUTHDB */
+
+/* Define to 1 if you have the `setdtablesize' function. */
+/* #undef HAVE_SETDTABLESIZE */
+
+/* Define to 1 if you have the `setegid' function. */
+#define HAVE_SETEGID 1
+
+/* Define to 1 if you have the `setenv' function. */
+#define HAVE_SETENV 1
+
+/* Define to 1 if you have the `seteuid' function. */
+/*#define HAVE_SETEUID 1*/
+
+/* Define to 1 if you have the `setgroupent' function. */
+/* #undef HAVE_SETGROUPENT */
+
+/* Define to 1 if you have the `setgroups' function. */
+#define HAVE_SETGROUPS 1
+
+/* Define to 1 if you have the `setlinebuf' function. */
+#define HAVE_SETLINEBUF 1
+
+/* Define to 1 if you have the `setlogin' function. */
+/* #undef HAVE_SETLOGIN */
+
+/* Define to 1 if you have the `setluid' function. */
+/* #undef HAVE_SETLUID */
+
+/* Define to 1 if you have the `setpassent' function. */
+/* #undef HAVE_SETPASSENT */
+
+/* Define to 1 if you have the `setpcred' function. */
+/* #undef HAVE_SETPCRED */
+
+/* Define to 1 if you have the `setpflags' function. */
+/* #undef HAVE_SETPFLAGS */
+
+/* Define to 1 if you have the `setppriv' function. */
+/* #undef HAVE_SETPPRIV */
+
+/* Define to 1 if you have the `setproctitle' function. */
+/* #undef HAVE_SETPROCTITLE */
+
+/* Define to 1 if you have the `setregid' function. */
+#define HAVE_SETREGID 1
+
+/* Define to 1 if you have the `setresgid' function. */
+#define HAVE_SETRESGID 1
+
+/* Define to 1 if you have the `setresuid' function. */
+#define HAVE_SETRESUID 1
+
+/* Define to 1 if you have the `setreuid' function. */
+#define HAVE_SETREUID 1
+
+/* Define to 1 if you have the `setrlimit' function. */
+#define HAVE_SETRLIMIT 1
+
+/* Define to 1 if you have the `setsid' function. */
+#define HAVE_SETSID 1
+
+/* Define to 1 if you have the `setutent' function. */
+#define HAVE_SETUTENT 1
+
+/* Define to 1 if you have the `setutxdb' function. */
+/* #undef HAVE_SETUTXDB */
+
+/* Define to 1 if you have the `setutxent' function. */
+#define HAVE_SETUTXENT 1
+
+/* Define to 1 if you have the `setvbuf' function. */
+#define HAVE_SETVBUF 1
+
+/* Define to 1 if you have the `set_id' function. */
+/* #undef HAVE_SET_ID */
+
+/* Define to 1 if you have the `SHA256_Update' function. */
+#define HAVE_SHA256_UPDATE 1
+
+/* Define to 1 if you have the <sha2.h> header file. */
+/* #undef HAVE_SHA2_H */
+
+/* Define to 1 if you have the <shadow.h> header file. */
+#define HAVE_SHADOW_H 1
+
+/* Define to 1 if you have the `sigaction' function. */
+#define HAVE_SIGACTION 1
+
+/* Define to 1 if you have the `sigvec' function. */
+#define HAVE_SIGVEC 1
+
+/* Define to 1 if the system has the type `sig_atomic_t'. */
+#define HAVE_SIG_ATOMIC_T 1
+
+/* define if you have size_t data type */
+#define HAVE_SIZE_T 1
+
+/* Define to 1 if you have the `snprintf' function. */
+#define HAVE_SNPRINTF 1
+
+/* Define to 1 if you have the `socketpair' function. */
+#define HAVE_SOCKETPAIR 1
+
+/* Have PEERCRED socket option */
+#define HAVE_SO_PEERCRED 1
+
+/* define if you have ssize_t data type */
+#define HAVE_SSIZE_T 1
+
+/* Fields in struct sockaddr_storage */
+#define HAVE_SS_FAMILY_IN_SS 1
+
+/* Define to 1 if you have the `statfs' function. */
+#define HAVE_STATFS 1
+
+/* Define to 1 if you have the `statvfs' function. */
+#define HAVE_STATVFS 1
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#define HAVE_STDDEF_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the `strdup' function. */
+#define HAVE_STRDUP 1
+
+/* Define to 1 if you have the `strerror' function. */
+#define HAVE_STRERROR 1
+
+/* Define to 1 if you have the `strftime' function. */
+#define HAVE_STRFTIME 1
+
+/* Silly mkstemp() */
+#define HAVE_STRICT_MKSTEMP 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strlcat' function. */
+/* #undef HAVE_STRLCAT */
+
+/* Define to 1 if you have the `strlcpy' function. */
+/* #undef HAVE_STRLCPY */
+
+/* Define to 1 if you have the `strmode' function. */
+/* #undef HAVE_STRMODE */
+
+/* Define to 1 if you have the `strnlen' function. */
+#define HAVE_STRNLEN 1
+
+/* Define to 1 if you have the `strnvis' function. */
+/* #undef HAVE_STRNVIS */
+
+/* Define to 1 if you have the `strptime' function. */
+#define HAVE_STRPTIME 1
+
+/* Define to 1 if you have the `strsep' function. */
+#define HAVE_STRSEP 1
+
+/* Define to 1 if you have the `strtoll' function. */
+#define HAVE_STRTOLL 1
+
+/* Define to 1 if you have the `strtonum' function. */
+/* #undef HAVE_STRTONUM */
+
+/* Define to 1 if you have the `strtoul' function. */
+#define HAVE_STRTOUL 1
+
+/* Define to 1 if you have the `strtoull' function. */
+#define HAVE_STRTOULL 1
+
+/* define if you have struct addrinfo data type */
+#define HAVE_STRUCT_ADDRINFO 1
+
+/* define if you have struct in6_addr data type */
+#define HAVE_STRUCT_IN6_ADDR 1
+
+/* Define to 1 if `pw_change' is a member of `struct passwd'. */
+/* #undef HAVE_STRUCT_PASSWD_PW_CHANGE */
+
+/* Define to 1 if `pw_class' is a member of `struct passwd'. */
+/* #undef HAVE_STRUCT_PASSWD_PW_CLASS */
+
+/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
+/* #undef HAVE_STRUCT_PASSWD_PW_EXPIRE */
+
+/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
+#define HAVE_STRUCT_PASSWD_PW_GECOS 1
+
+/* define if you have struct sockaddr_in6 data type */
+#define HAVE_STRUCT_SOCKADDR_IN6 1
+
+/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
+#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* define if you have struct sockaddr_storage data type */
+#define HAVE_STRUCT_SOCKADDR_STORAGE 1
+
+/* Define to 1 if `st_blksize' is a member of `struct stat'. */
+#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
+
+/* Define to 1 if the system has the type `struct timespec'. */
+#define HAVE_STRUCT_TIMESPEC 1
+
+/* define if you have struct timeval */
+#define HAVE_STRUCT_TIMEVAL 1
+
+/* Define to 1 if you have the `swap32' function. */
+/* #undef HAVE_SWAP32 */
+
+/* Define to 1 if you have the `sysconf' function. */
+#define HAVE_SYSCONF 1
+
+/* Define if you have syslen in utmpx.h */
+/* #undef HAVE_SYSLEN_IN_UTMPX */
+
+/* Define to 1 if you have the <sys/audit.h> header file. */
+/* #undef HAVE_SYS_AUDIT_H */
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/bsdtty.h> header file. */
+/* #undef HAVE_SYS_BSDTTY_H */
+
+/* Define to 1 if you have the <sys/capability.h> header file. */
+#undef HAVE_SYS_CAPABILITY_H
+
+/* Define to 1 if you have the <sys/cdefs.h> header file. */
+#undef HAVE_SYS_CDEFS_H
+
+/* Define to 1 if you have the <sys/dir.h> header file. */
+#define HAVE_SYS_DIR_H 1
+
+/* Define if your system defines sys_errlist[] */
+#define HAVE_SYS_ERRLIST 1
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#define HAVE_SYS_MMAN_H 1
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#define HAVE_SYS_MOUNT_H 1
+
+/* Define to 1 if you have the <sys/ndir.h> header file. */
+/* #undef HAVE_SYS_NDIR_H */
+
+/* Define if your system defines sys_nerr */
+#define HAVE_SYS_NERR 1
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#define HAVE_SYS_POLL_H 1
+
+/* Define to 1 if you have the <sys/prctl.h> header file. */
+#undef HAVE_SYS_PRCTL_H
+
+/* Define to 1 if you have the <sys/pstat.h> header file. */
+/* #undef HAVE_SYS_PSTAT_H */
+
+/* Define to 1 if you have the <sys/ptms.h> header file. */
+/* #undef HAVE_SYS_PTMS_H */
+
+/* Define to 1 if you have the <sys/ptrace.h> header file. */
+#define HAVE_SYS_PTRACE_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/statvfs.h> header file. */
+#define HAVE_SYS_STATVFS_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/stream.h> header file. */
+/* #undef HAVE_SYS_STREAM_H */
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+#define HAVE_SYS_STROPTS_H 1
+
+/* Define to 1 if you have the <sys/strtio.h> header file. */
+/* #undef HAVE_SYS_STRTIO_H */
+
+/* Force use of sys/syslog.h on Ultrix */
+/* #undef HAVE_SYS_SYSLOG_H */
+
+/* Define to 1 if you have the <sys/sysmacros.h> header file. */
+#undef HAVE_SYS_SYSMACROS_H
+
+/* Define to 1 if you have the <sys/timers.h> header file. */
+/* #undef HAVE_SYS_TIMERS_H */
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#define HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the `tcgetpgrp' function. */
+#define HAVE_TCGETPGRP 1
+
+/* Define to 1 if you have the `tcsendbreak' function. */
+#define HAVE_TCSENDBREAK 1
+
+/* Define to 1 if you have the `time' function. */
+#define HAVE_TIME 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* Define if you have ut_time in utmp.h */
+/* #undef HAVE_TIME_IN_UTMP */
+
+/* Define if you have ut_time in utmpx.h */
+/* #undef HAVE_TIME_IN_UTMPX */
+
+/* Define to 1 if you have the `timingsafe_bcmp' function. */
+/* #undef HAVE_TIMINGSAFE_BCMP */
+
+/* Define to 1 if you have the <tmpdir.h> header file. */
+/* #undef HAVE_TMPDIR_H */
+
+/* Define to 1 if you have the `truncate' function. */
+#define HAVE_TRUNCATE 1
+
+/* Define to 1 if you have the <ttyent.h> header file. */
+#undef HAVE_TTYENT_H
+
+/* Define if you have ut_tv in utmp.h */
+#define HAVE_TV_IN_UTMP 1
+
+/* Define if you have ut_tv in utmpx.h */
+#define HAVE_TV_IN_UTMPX 1
+
+/* Define if you have ut_type in utmp.h */
+#define HAVE_TYPE_IN_UTMP 1
+
+/* Define if you have ut_type in utmpx.h */
+#define HAVE_TYPE_IN_UTMPX 1
+
+/* Define to 1 if you have the <ucred.h> header file. */
+/* #undef HAVE_UCRED_H */
+
+/* Define to 1 if the system has the type `uintmax_t'. */
+#define HAVE_UINTMAX_T 1
+
+/* define if you have uintxx_t data type */
+#define HAVE_UINTXX_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `unsetenv' function. */
+#define HAVE_UNSETENV 1
+
+/* Define to 1 if the system has the type `unsigned long long'. */
+#define HAVE_UNSIGNED_LONG_LONG 1
+
+/* Define to 1 if you have the `updwtmp' function. */
+#define HAVE_UPDWTMP 1
+
+/* Define to 1 if you have the `updwtmpx' function. */
+#define HAVE_UPDWTMPX 1
+
+/* Define to 1 if you have the <usersec.h> header file. */
+/* #undef HAVE_USERSEC_H */
+
+/* Define to 1 if you have the `user_from_uid' function. */
+/* #undef HAVE_USER_FROM_UID */
+
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
+/* Define to 1 if you have the <util.h> header file. */
+/* #undef HAVE_UTIL_H */
+
+/* Define to 1 if you have the `utimes' function. */
+#define HAVE_UTIMES 1
+
+/* Define to 1 if you have the <utime.h> header file. */
+#define HAVE_UTIME_H 1
+
+/* Define to 1 if you have the `utmpname' function. */
+#define HAVE_UTMPNAME 1
+
+/* Define to 1 if you have the `utmpxname' function. */
+#define HAVE_UTMPXNAME 1
+
+/* Define to 1 if you have the <utmpx.h> header file. */
+#define HAVE_UTMPX_H 1
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#define HAVE_UTMP_H 1
+
+/* define if you have u_char data type */
+#define HAVE_U_CHAR 1
+
+/* define if you have u_int data type */
+#define HAVE_U_INT 1
+
+/* define if you have u_int64_t data type */
+#define HAVE_U_INT64_T 1
+
+/* define if you have u_intxx_t data type */
+#define HAVE_U_INTXX_T 1
+
+/* Define to 1 if you have the `vasprintf' function. */
+#define HAVE_VASPRINTF 1
+
+/* Define if va_copy exists */
+#define HAVE_VA_COPY 1
+
+/* Define to 1 if you have the <vis.h> header file. */
+/* #undef HAVE_VIS_H */
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#define HAVE_VSNPRINTF 1
+
+/* Define to 1 if you have the `waitpid' function. */
+#define HAVE_WAITPID 1
+
+/* Define to 1 if you have the `warn' function. */
+#define HAVE_WARN 1
+
+/* Define to 1 if you have the <wchar.h> header file. */
+#define HAVE_WCHAR_H 1
+
+/* Define to 1 if you have the `wcwidth' function. */
+#define HAVE_WCWIDTH 1
+
+/* Define to 1 if you have the `_getlong' function. */
+/*#define HAVE__GETLONG 1 */
+
+/* Define to 1 if you have the `_getpty' function. */
+/* #undef HAVE__GETPTY */
+
+/* Define to 1 if you have the `_getshort' function. */
+/*#define HAVE__GETSHORT 1 */
+
+/* Define if you have struct __res_state _res as an extern */
+#define HAVE__RES_EXTERN 1
+
+/* Define to 1 if you have the `__b64_ntop' function. */
+/* #undef HAVE___B64_NTOP */
+
+/* Define to 1 if you have the `__b64_pton' function. */
+/* #undef HAVE___B64_PTON */
+
+/* Define if compiler implements __FUNCTION__ */
+#define HAVE___FUNCTION__ 1
+
+/* Define if libc defines __progname */
+/*#define HAVE___PROGNAME 1 */
+
+/* Fields in struct sockaddr_storage */
+/* #undef HAVE___SS_FAMILY_IN_SS */
+
+/* Define if __va_copy exists */
+#define HAVE___VA_COPY 1
+
+/* Define if compiler implements __func__ */
+#define HAVE___func__ 1
+
+/* Define this if you are using the Heimdal version of Kerberos V5 */
+/* #undef HEIMDAL */
+
+/* Define if you need to use IP address instead of hostname in $DISPLAY */
+/* #undef IPADDR_IN_DISPLAY */
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#define IPV4_IN_IPV6 1
+
+/* Define if your system choked on IP TOS setting */
+/* #undef IP_TOS_IS_BROKEN */
+
+/* Define if you want Kerberos 5 support */
+/* #undef KRB5 */
+
+/* Define if pututxline updates lastlog too */
+/* #undef LASTLOG_WRITE_PUTUTXLINE */
+
+/* Define to whatever link() returns for "not supported" if it doesn't return
+ EOPNOTSUPP. */
+#define LINK_OPNOTSUPP_ERRNO EPERM
+
+/* Adjust Linux out-of-memory killer */
+/*#define LINUX_OOM_ADJUST 1*/
+
+/* max value of long long calculated by configure */
+/* #undef LLONG_MAX */
+
+/* min value of long long calculated by configure */
+/* #undef LLONG_MIN */
+
+/* Account locked with pw(1) */
+#define LOCKED_PASSWD_PREFIX "!"
+
+/* String used in /etc/passwd to denote locked account */
+/* #undef LOCKED_PASSWD_STRING */
+
+/* String used in /etc/passwd to denote locked account */
+/* #undef LOCKED_PASSWD_SUBSTR */
+
+/* Some systems need a utmpx entry for /bin/login to work */
+/* #undef LOGIN_NEEDS_UTMPX */
+
+/* Set this to your mail directory if you do not have _PATH_MAILDIR */
+/* #undef MAIL_DIRECTORY */
+
+/* Need setpgrp to acquire controlling tty */
+/* #undef NEED_SETPGRP */
+
+/* compiler does not accept __attribute__ on return types */
+/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */
+
+/* Define if you don't want to use lastlog in session.c */
+/* #undef NO_SSH_LASTLOG */
+
+/* Define to disable UID restoration test */
+/* #undef NO_UID_RESTORATION_TEST */
+
+/* Define if X11 doesn't support AF_UNIX sockets on that system */
+/* #undef NO_X11_UNIX_SOCKETS */
+
+/* Define if EVP_DigestUpdate returns void */
+/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */
+
+/* OpenSSL has ECC */
+#define OPENSSL_HAS_ECC 1
+
+/* libcrypto has NID_X9_62_prime256v1 */
+#define OPENSSL_HAS_NISTP256 1
+
+/* libcrypto has NID_secp384r1 */
+#define OPENSSL_HAS_NISTP384 1
+
+/* libcrypto has NID_secp521r1 */
+#define OPENSSL_HAS_NISTP521 1
+
+/* libcrypto has EVP AES CTR */
+#define OPENSSL_HAVE_EVPCTR 1
+
+/* libcrypto has EVP AES GCM */
+#define OPENSSL_HAVE_EVPGCM 1
+
+/* libcrypto is missing AES 192 and 256 bit functions */
+/* #undef OPENSSL_LOBOTOMISED_AES */
+
+/* Define if you want the OpenSSL internally seeded PRNG only */
+#define OPENSSL_PRNG_ONLY 1
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "OpenSSH"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "OpenSSH Portable"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "openssh"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "Portable"
+
+/* Define if you are using Solaris-derived PAM which passes pam_messages to
+ the conversation function with an extra level of indirection */
+/* #undef PAM_SUN_CODEBASE */
+
+/* Work around problematic Linux PAM modules handling of PAM_TTY */
+#define PAM_TTY_KLUDGE 1
+
+/* must supply username to passwd */
+/* #undef PASSWD_NEEDS_USERNAME */
+
+/* System dirs owned by bin (uid 2) */
+/* #undef PLATFORM_SYS_DIR_UID */
+
+/* Port number of PRNGD/EGD random number socket */
+/* #undef PRNGD_PORT */
+
+/* Location of PRNGD/EGD random number socket */
+/* #undef PRNGD_SOCKET */
+
+/* read(1) can return 0 for a non-closed fd */
+/* #undef PTY_ZEROREAD */
+
+/* Sandbox using capsicum */
+/* #undef SANDBOX_CAPSICUM */
+
+/* Sandbox using Darwin sandbox_init(3) */
+/* #undef SANDBOX_DARWIN */
+
+/* no privsep sandboxing */
+#define SANDBOX_NULL 1
+
+/* Sandbox using pledge(2) */
+/* #undef SANDBOX_PLEDGE */
+
+/* Sandbox using setrlimit(2) */
+/* #undef SANDBOX_RLIMIT */
+
+/* Sandbox using seccomp filter */
+/* #define SANDBOX_SECCOMP_FILTER 1 */
+
+/* setrlimit RLIMIT_FSIZE works */
+/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */
+
+/* define if setrlimit RLIMIT_NOFILE breaks things */
+/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */
+
+/* Sandbox using Solaris/Illumos privileges */
+/* #undef SANDBOX_SOLARIS */
+
+/* Sandbox using systrace(4) */
+/* #undef SANDBOX_SYSTRACE */
+
+/* Specify the system call convention in use */
+#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64
+
+/* Define if your platform breaks doing a seteuid before a setuid */
+/* #undef SETEUID_BREAKS_SETUID */
+
+/* The size of `int', as computed by sizeof. */
+#define SIZEOF_INT 4
+
+/* The size of `long int', as computed by sizeof. */
+#define SIZEOF_LONG_INT 8
+
+/* The size of `long long int', as computed by sizeof. */
+#define SIZEOF_LONG_LONG_INT 8
+
+/* The size of `short int', as computed by sizeof. */
+#define SIZEOF_SHORT_INT 2
+
+/* Define if you want S/Key support */
+/* #undef SKEY */
+
+/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
+/* #undef SKEYCHALLENGE_4ARG */
+
+/* Define as const if snprintf() can declare const char *fmt */
+#define SNPRINTF_CONST const
+
+/* Define to a Set Process Title type if your system is supported by
+ bsd-setproctitle.c */
+#define SPT_TYPE SPT_REUSEARGV
+
+/* Define if sshd somehow reacquires a controlling TTY after setsid() */
+/* #undef SSHD_ACQUIRES_CTTY */
+
+/* sshd PAM service name */
+/* #undef SSHD_PAM_SERVICE */
+
+/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
+/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */
+
+/* Use audit debugging module */
+/* #undef SSH_AUDIT_EVENTS */
+
+/* Windows is sensitive to read buffer size */
+/* #undef SSH_IOBUFSZ */
+
+/* non-privileged user for privilege separation */
+#define SSH_PRIVSEP_USER "sshd"
+
+/* Use tunnel device compatibility to OpenBSD */
+/*#define SSH_TUN_COMPAT_AF 1*/
+
+/* Open tunnel devices the FreeBSD way */
+/* #undef SSH_TUN_FREEBSD */
+
+/* Open tunnel devices the Linux tun/tap way */
+/*#define SSH_TUN_LINUX 1*/
+
+/* No layer 2 tunnel support */
+/* #undef SSH_TUN_NO_L2 */
+
+/* Open tunnel devices the OpenBSD way */
+/* #undef SSH_TUN_OPENBSD */
+
+/* Prepend the address family to IP tunnel traffic */
+/*#define SSH_TUN_PREPEND_AF 1*/
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define if you want a different $PATH for the superuser */
+/* #undef SUPERUSER_PATH */
+
+/* syslog_r function is safe to use in in a signal handler */
+/* #undef SYSLOG_R_SAFE_IN_SIGHAND */
+
+/* Support passwords > 8 chars */
+/* #undef UNIXWARE_LONG_PASSWORDS */
+
+/* Specify default $PATH */
+#define USER_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
+
+/* Define this if you want to use libkafs' AFS support */
+/* #undef USE_AFS */
+
+/* Use BSM audit module */
+/* #undef USE_BSM_AUDIT */
+
+/* Use btmp to log bad logins */
+#define USE_BTMP 1
+
+/* Use libedit for sftp */
+/* #undef USE_LIBEDIT */
+
+/* Use Linux audit module */
+/* #undef USE_LINUX_AUDIT */
+
+/* Enable OpenSSL engine support */
+/* #undef USE_OPENSSL_ENGINE */
+
+/* Define if you want to enable PAM support */
+/* #undef USE_PAM */
+
+/* Use PIPES instead of a socketpair() */
+/* #undef USE_PIPES */
+
+/* Define if you have Solaris privileges */
+/* #undef USE_SOLARIS_PRIVS */
+
+/* Define if you have Solaris process contracts */
+/* #undef USE_SOLARIS_PROCESS_CONTRACTS */
+
+/* Define if you have Solaris projects */
+/* #undef USE_SOLARIS_PROJECTS */
+
+/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
+/* #undef WITH_ABBREV_NO_TTY */
+
+/* Define if you want to enable AIX4's authenticate function */
+/* #undef WITH_AIXAUTHENTICATE */
+
+/* Define if you have/want arrays (cluster-wide session managment, not C
+ arrays) */
+/* #undef WITH_IRIX_ARRAY */
+
+/* Define if you want IRIX audit trails */
+/* #undef WITH_IRIX_AUDIT */
+
+/* Define if you want IRIX kernel jobs */
+/* #undef WITH_IRIX_JOBS */
+
+/* Define if you want IRIX project management */
+/* #undef WITH_IRIX_PROJECT */
+
+/* use libcrypto for cryptography */
+#define WITH_OPENSSL 1
+
+/* Define if you want SELinux support. */
+/* #undef WITH_SELINUX */
+
+/* include SSH protocol version 1 support */
+/* #undef WITH_SSH1 */
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* # undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define if xauth is found in your path */
+#define XAUTH_PATH "/usr/bin/xauth"
+
+/* Enable large inode numbers on Mac OS X 10.5. */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* log for bad login attempts */
+#define _PATH_BTMP "/var/log/btmp"
+
+/* Full path of your "passwd" program */
+#define _PATH_PASSWD_PROG "/usr/bin/passwd"
+
+/* Specify location of ssh.pid */
+#define _PATH_SSH_PIDDIR "/var/run"
+
+/* Define if we don't have struct __res_state in resolv.h */
+/* #undef __res_state */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* type to use in place of socklen_t if not defined */
+/* #undef socklen_t */
diff --git a/fuchsia/fuchsia-compat.c b/fuchsia/fuchsia-compat.c
new file mode 100644
index 0000000..0fa72de
--- /dev/null
+++ b/fuchsia/fuchsia-compat.c
@@ -0,0 +1,33 @@
+#include <pwd.h>
+#include <sys/types.h>
+
+int chroot(const char *path) { return -1; }
+
+typedef struct Authctxt Authctxt;
+
+int sys_auth_passwd(Authctxt *authctxt, const char *password) {
+ // Password authentication always fails.
+ return 0;
+}
+
+struct passwd *getpwent(void) {
+ static struct passwd static_passwd = {
+ .pw_name = "fuchsia",
+ .pw_passwd = "",
+ .pw_uid = 23, // matches MX_UID
+ .pw_gid = 23,
+ .pw_gecos = "Fuchsia",
+ .pw_dir = "/",
+ .pw_shell = "/boot/bin/sh",
+ };
+
+ return &static_passwd;
+}
+
+struct passwd *getpwnam(const char *name) {
+ return getpwent();
+}
+
+struct passwd *getpwuid(uid_t uid) {
+ return getpwent();
+}
diff --git a/fuchsia/fuchsia-compat.h b/fuchsia/fuchsia-compat.h
new file mode 100644
index 0000000..db749d6
--- /dev/null
+++ b/fuchsia/fuchsia-compat.h
@@ -0,0 +1,5 @@
+#pragma once
+int chroot(const char *path);
+
+#define CUSTOM_SYS_AUTH_PASSWD
+
diff --git a/fuchsia/sshd_config b/fuchsia/sshd_config
new file mode 100644
index 0000000..08ab390
--- /dev/null
+++ b/fuchsia/sshd_config
@@ -0,0 +1,119 @@
+# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+LogLevel VERBOSE
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+PidFile /tmp/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
diff --git a/monitor_wrap.h b/monitor_wrap.h
index db5902f..e13f5ea 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -29,7 +29,8 @@
#define _MM_WRAP_H_
extern int use_privsep;
-#define PRIVSEP(x) (use_privsep ? mm_##x : x)
+//#define PRIVSEP(x) (use_privsep ? mm_##x : x)
+#define PRIVSEP(x) (x)
enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 0a07f9a..17cb022 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -134,7 +134,7 @@
memcpy(countsalt, salt, saltlen);
/* collapse password */
- crypto_hash_sha512(sha2pass, pass, passlen);
+ crypto_hash_sha512(sha2pass, (const unsigned char*)pass, passlen);
/* generate key, sizeof(out) at a time */
for (count = 1; keylen > 0; count++) {
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index d0d791b..2bf1bf2 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -152,7 +152,7 @@
if (len < 0 || len > SSHBUF_MAX_BIGNUM)
return SSH_ERR_INVALID_ARGUMENT;
*d = '\0';
- if (BN_bn2bin(v, d + 1) != len)
+ if (BN_bn2bin(v, d + 1) != (size_t)len)
return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
/* If MSB is set, prepend a \0 */
if (len > 0 && (d[1] & 0x80) != 0)
@@ -174,7 +174,7 @@
if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM)
return SSH_ERR_INVALID_ARGUMENT;
- if (BN_bn2bin(v, d) != (int)len_bytes)
+ if (BN_bn2bin(v, d) != len_bytes)
return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
explicit_bzero(d, sizeof(d));
diff --git a/sshconnect.h b/sshconnect.h
index cf1851a..19130bc 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -60,6 +60,13 @@
/*
* Macros to raise/lower permissions.
*/
+#ifdef __Fuchsia__
+#define PRIV_START do { \
+} while (0)
+
+#define PRIV_END do { \
+} while (0)
+#else
#define PRIV_START do { \
int save_errno = errno; \
if (seteuid(original_effective_uid) != 0) \
@@ -75,3 +82,4 @@
strerror(errno)); \
errno = save_errno; \
} while (0)
+#endif
diff --git a/sshkey.c b/sshkey.c
index 85fd1bd..724a526 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3544,7 +3544,7 @@
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
- if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {
+ if ((blen = BIO_get_mem_data(bio, (char**)&bptr)) <= 0) {
r = SSH_ERR_INTERNAL_ERROR;
goto out;
}
@@ -3799,7 +3799,9 @@
case ERR_LIB_PEM:
switch (pem_reason) {
case PEM_R_BAD_PASSWORD_READ:
+#ifdef PEM_R_PROBLEMS_GETTING_PASSWORD
case PEM_R_PROBLEMS_GETTING_PASSWORD:
+#endif
case PEM_R_BAD_DECRYPT:
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
@@ -3809,10 +3811,14 @@
}
case ERR_LIB_EVP:
switch (pem_reason) {
+#ifdef EVP_R_BAD_DECRYPT
case EVP_R_BAD_DECRYPT:
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
+#endif
+#ifdef EVP_R_BN_DECODE_ERROR
case EVP_R_BN_DECODE_ERROR:
+#endif
case EVP_R_DECODE_ERROR:
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
