ok deraadt@

for login.conf, and we don't want to go lower.

correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung

or otherwise change Dt to reflect the name of an existing function;
feedback/ok schwarze

Hide bcrypt_autorounds(), prefixing with an underbar for static builds.

verified that they are there via isdigit() so we can convert from
ASCII to an int without using atoi().  OK guenther@ deraadt@

C standard are all weak.
Apply __{BEGIN,END}_HIDDEN_DECLS to gdtoa{,imp}.h, hiding the
arch-specific __strtorx, __ULtox_D2A, __strtorQ, __ULtoQ_D2A symbols.

Delete unused 'fd' argument from internal function oldttyname()

ok deraadt@

By default, MSVC's stdlib.h defines min(), so we need to spell out something
less common to avoid picking it up.
ok deraadt@ beck@ miod@

99% of the world calls it.
allow just "bcrypt" without params to mean auto-tune ("bcrypt,a").
default remains 8 rounds (for now)
ok deraadt

OK tedu@

ok deraadt jeremy

of some undefined value.
OK tedu@

Printing strerror() in that case will say result too large, even if rounds is
actually too small. invalid is less specific, but less incorrect.
ok millert

to avoid swamping it;

friendlier for users. requested by deraadt

review by millert, binary checking process with doug, concept with guenther

ok tedu@

other systems to fit into the same mold, so add copyright

nor are they the same size.

remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.

guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.

ok deraadt miod

use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.

ok deraadt naddy

entries.

better to find one instead of continuing to mangle this mess.

only doing what's needed for crypt_hashpass. sigh.

write out a hash. also simplify writing out the hash.

ok tedu@ on a previous version

ok tedu@

pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt

does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)