regress tests but causes tls ciphersuite using sha386 to fail; found the
hard way by henning@.
I can't see anything wrong in the generated assembly code yet, but building
a libcrypto with no assembler code but sha512_block_data_order() is enough
to trigger Henning's issue, so the bug lies there.
No ABI change; ok deraadt@

Printing strerror() in that case will say result too large, even if rounds is
actually too small. invalid is less specific, but less incorrect.
ok millert

Discussed with/requested by deraadt@ at the conclusion of s2k15.

ok dlg

No actual change, but makes it easier to reuse the code elsewhere.
Suggested by Andre Smagin

to avoid swamping it;

be enabled, mostly since people use SANs instead.
ok beck@ guenther@

be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@

This code is not compiled in and OPENSSL_NO_STORE is already defined in
opensslfeatures.h. No symbol removal for libcrypto.
ok beck@

Requested by deraadt@

ok tedu@

this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@

also fixing one typo in fts(3) while here

remove .Tn, and a few minor macro adjustments.
Patch from Kaspars at Bankovskis dot net.

friendlier for users. requested by deraadt

instead of disk.  OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files.  X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@

The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@

1. it's not a bug; it's a caveat.
2. "slightly unsafe" gives me the willies.
3. one .Xr to malloc should suffice
ok deraadt jmc

review by millert, binary checking process with doug, concept with guenther

ok tedu@

OK deraadt@ djm@

other systems to fit into the same mold, so add copyright

nor are they the same size.

(sorry, my other changes were accidentally premature)

remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.

patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@

what's going on.

guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.

ok deraadt miod

from this case where we have a static buffer and cant realloc.
ok phessler, claudio, reyk

use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.

ramdisk libc builds.  there has to be a better way without #ifdef's
in gross places, but I don't see it yet.

naddy found sparc64 gets a little slower when unrolled.
ok deraadt