instead of simply zapping it. this can save many syscalls in a program
that repeatedly grows and shrinks a buffer, as observed in the wild.

routines on hppa, the cause for sha512-parisc subtly misbehaving has been
found: despite having fallback pa1.1 code when running on a 32-bit cpu, the
shift constants used in the sigma computations in sha512 are >= 32 and are
silently truncated to 5 bits by the assembler, so there is no chance of
getting this code to work on a non-pa2.0 processor.
However, the pa1.1 fallback code for sha256 is safe, as it never attempts to
shift by more than 31, so reenable it again.

What's worse, the tzfile.h that gets installed is over 20 years old
and doesn't match the real tzfile.h in libc/time.  This makes the
tree safe for /usr/include/tzfile.h removal.  The TM_YEAR_BASE
define has been moved to time.h temporarily until its usage is
replaced by 1900 in the tree.  Actual removal of tzfile.h is pending
a ports build.  Based on a diff from deraadt@

for overflow. stop talking about old broken systems, there's little use
for such info.

regress tests but causes tls ciphersuite using sha386 to fail; found the
hard way by henning@.
I can't see anything wrong in the generated assembly code yet, but building
a libcrypto with no assembler code but sha512_block_data_order() is enough
to trigger Henning's issue, so the bug lies there.
No ABI change; ok deraadt@

Printing strerror() in that case will say result too large, even if rounds is
actually too small. invalid is less specific, but less incorrect.
ok millert

Discussed with/requested by deraadt@ at the conclusion of s2k15.

ok dlg

No actual change, but makes it easier to reuse the code elsewhere.
Suggested by Andre Smagin

to avoid swamping it;

be enabled, mostly since people use SANs instead.
ok beck@ guenther@

be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@

This code is not compiled in and OPENSSL_NO_STORE is already defined in
opensslfeatures.h. No symbol removal for libcrypto.
ok beck@

Requested by deraadt@

ok tedu@

this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@

also fixing one typo in fts(3) while here

remove .Tn, and a few minor macro adjustments.
Patch from Kaspars at Bankovskis dot net.

friendlier for users. requested by deraadt

instead of disk.  OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files.  X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@

The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@

1. it's not a bug; it's a caveat.
2. "slightly unsafe" gives me the willies.
3. one .Xr to malloc should suffice
ok deraadt jmc

review by millert, binary checking process with doug, concept with guenther

ok tedu@

OK deraadt@ djm@

other systems to fit into the same mold, so add copyright

nor are they the same size.

(sorry, my other changes were accidentally premature)

remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.

patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@

what's going on.

guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.

ok deraadt miod

from this case where we have a static buffer and cant realloc.
ok phessler, claudio, reyk

use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.