to avoid swamping it;

be enabled, mostly since people use SANs instead.
ok beck@ guenther@

be enabled.
Removes one symbol from libcrypto, however there is no ABI change.
ok beck@ miod@ tedu@

This code is not compiled in and OPENSSL_NO_STORE is already defined in
opensslfeatures.h. No symbol removal for libcrypto.
ok beck@

Requested by deraadt@

ok tedu@

this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@

also fixing one typo in fts(3) while here

remove .Tn, and a few minor macro adjustments.
Patch from Kaspars at Bankovskis dot net.

friendlier for users. requested by deraadt

instead of disk.  OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files.  X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@

The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@

1. it's not a bug; it's a caveat.
2. "slightly unsafe" gives me the willies.
3. one .Xr to malloc should suffice
ok deraadt jmc

review by millert, binary checking process with doug, concept with guenther

ok tedu@

OK deraadt@ djm@

other systems to fit into the same mold, so add copyright

nor are they the same size.

(sorry, my other changes were accidentally premature)

remember to set EACCES in bcrypt_checkpass for hash differences.
the higher level crypt_checkpass function will reset errno to EACCES in
all cases, which is probably the right behavior, but this change gives code
working with the lower level functions the correct errno if they care.

patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@

what's going on.

guenther suggested using thread time, which actually may improve accuracy
if somebody puts this in a threaded program.

ok deraadt miod

from this case where we have a static buffer and cant realloc.
ok phessler, claudio, reyk

use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.

ramdisk libc builds.  there has to be a better way without #ifdef's
in gross places, but I don't see it yet.

naddy found sparc64 gets a little slower when unrolled.
ok deraadt

update SYNOPSIS and DESCRIPTION and add STANDARDS

rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze

It may take a few iterations to get the tone right.
previously discussed with millert

the same thingies.  Therefore these "lists of functions" man pages can go
away.
Hurray!  I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)