high bit as required by posix. wouldn't want to break any standards.
idea and ok deraadt

into the hash; hoping the system has some ASLR or PIE.  This replaces and
substantially improves upon &main which proved problematic with some picky
linkers.
Work with kettenis, testing by beck

ok beck

makes it much harder.
ok bcook@ kettenis@

distractions to people testing and seeing link errors in some setups.
This will come back in another form
ok deraadt@

OK: beck@

add a function to use function pointers that does not take sizeof(fptr).
OK beck@

done for other symmetric algorithms recently.

can copy this file (plus chacha_private.h) directly and reuse it
trivially.  Well, as long as they have a getentropy() as well..
ok beck

keep linux distros happy that don't have it.
ok bcook@

now using this as upstream code.  The particular problem is systems
that contain older arc4random derivations lacking arc4random_uniform().
ok tedu miod

using O_NOFOLLOW - cope with it as best as possible by trying two
different paths. - written by deraadt@ and kettenis@

is

probably ok beck jsing miod

can know...
ok jsing@

__atexit tables and touches global variables.  From Srinavasa Nagaraju
through Android/Elliott Hughes.
ok tedu@, guenther@

ok deraadt

handlers. if this happens, restart the loop.
ok kettenis matthew millert miod

ok otto

new wording agreed by at least kettenis@ millert@ otto@

ok jsing@

ok beck@ deraadt@ jsing@ guenther@

ok beck@

compiled-in, with nonfunctional code, to be able to cope with the RSA
patent.
However, we don't use this option, and the RSA patent has expired more than 10
years ago, so just drop this piece.

which had never been installed, so it's unlikely something ever used this
in the last 15~20 years.
ok deraadt@ jsing@ beck@

Since we assume the PRNG above is doing "something old, something new"
folding, shortcut and do fewer repeats through the timing loop.
ok beck

portable code path must handle that; with brent cook

improve the random stream itself (it doesn't), but to introduce
noise in the arc4random calling pattern. Thanks to matthew@ who
pointed out bias in a previous diff, ok deraadt@ matthew@

mechanism, to aid in portability to other systems as requested.
ok matthew

use the address, not what it points to (which is always the same)
ok deraadt@

ok deraadt@

by getauxval if we have it.
ok deraadt@

we are running supports it.
from enh@google.com