6.11.5 - Storage-class specifiers:
The placement of a storage-class specifier other than at the
beginning of the declaration specifiers in a declaration is
an obsolescent feature.
Diff from Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)

it shows up in libraries.  Even the system call is probably not finalized.
Bit dissapointed it has turned out to be a descriptor-less read() with
EINVAL and EINTR error conditions, but we can work with it.

into one if a system has an awesome getentropy().  In that case it
is valid to totally throw away the rsx state in the child.  If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix.  _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew

1. Use "len" parameter instead of sizeof(*rs).
2. Simplify the atfork handler to be strictly async signal safe by
simply writing to a global volatile sig_atomic_t object, and then
checking for this in _rs_forkdetect().  (Idea from discussions with
Szabolcs Nagy and Rich Felker.)
3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO
fork semantics to avoid any skew in behavior across platforms.
ok deraadt

Reminded by Rafael Neves

align with POSIX and other systems.
Pointed out by Elliott Hughes on tech
ok deraadt

making it much easier for libressl -portable to fill in the gaps.
ok bcook beck

and random().  Sigh.

address space, and once allocated rs is never deallocated."
document the forkhandler to save reviewers time, with matthew

Linux (such as Ubuntu 12.04LTS) that don't have it yet.  Seems the AT_XXX
defines are pulled in by <link.h> now.
ok beck@

ok deraadt@ beck@ kettenis@

high bit as required by posix. wouldn't want to break any standards.
idea and ok deraadt

into the hash; hoping the system has some ASLR or PIE.  This replaces and
substantially improves upon &main which proved problematic with some picky
linkers.
Work with kettenis, testing by beck

ok beck

makes it much harder.
ok bcook@ kettenis@

distractions to people testing and seeing link errors in some setups.
This will come back in another form
ok deraadt@

OK: beck@

add a function to use function pointers that does not take sizeof(fptr).
OK beck@

done for other symmetric algorithms recently.

can copy this file (plus chacha_private.h) directly and reuse it
trivially.  Well, as long as they have a getentropy() as well..
ok beck

keep linux distros happy that don't have it.
ok bcook@

now using this as upstream code.  The particular problem is systems
that contain older arc4random derivations lacking arc4random_uniform().
ok tedu miod

using O_NOFOLLOW - cope with it as best as possible by trying two
different paths. - written by deraadt@ and kettenis@

is

probably ok beck jsing miod

can know...
ok jsing@

__atexit tables and touches global variables.  From Srinavasa Nagaraju
through Android/Elliott Hughes.
ok tedu@, guenther@

ok deraadt

handlers. if this happens, restart the loop.
ok kettenis matthew millert miod

ok otto

new wording agreed by at least kettenis@ millert@ otto@

ok jsing@

ok beck@ deraadt@ jsing@ guenther@

ok beck@

compiled-in, with nonfunctional code, to be able to cope with the RSA
patent.
However, we don't use this option, and the RSA patent has expired more than 10
years ago, so just drop this piece.

which had never been installed, so it's unlikely something ever used this
in the last 15~20 years.
ok deraadt@ jsing@ beck@