openbsd
10 years agoAdd support for RTL8168GU
jsg [Wed, 23 Apr 2014 02:39:28 +0000 (02:39 +0000)]
Add support for RTL8168GU
from Rafael Neves

10 years agoUnify the model name to LUNA-88K{,2}, that is considered the
aoyama [Tue, 22 Apr 2014 22:58:02 +0000 (22:58 +0000)]
Unify the model name to LUNA-88K{,2}, that is considered the
`official' name.

ok jmc@ miod@

10 years agounifdef -UAES_LONG for we do not intend to run on platforms where int is smaller
miod [Tue, 22 Apr 2014 22:21:32 +0000 (22:21 +0000)]
unifdef -UAES_LONG for we do not intend to run on platforms where int is smaller
than 32 bits.

10 years agoUse calloc() instead of malloc(n * s) followed by memset(). Not
millert [Tue, 22 Apr 2014 22:11:23 +0000 (22:11 +0000)]
Use calloc() instead of malloc(n * s) followed by memset().  Not
actually used on OpenBSD but changed to avoid false positives in
audits.  From Jean-Philippe Ouellet.

10 years agoSo it turns out that libcrypto on i386 platforms, unconditionaly compiles this
miod [Tue, 22 Apr 2014 21:52:21 +0000 (21:52 +0000)]
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.

In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?

Better not give that much attack surface, and remove this undocumented
entry point.

ok beck@ tedu@

10 years agoWhen compiling with AES_WRAP_TEST, make main() return a meaningful value
miod [Tue, 22 Apr 2014 21:27:11 +0000 (21:27 +0000)]
When compiling with AES_WRAP_TEST, make main() return a meaningful value
instead of garbage, and add this to the libcrypto regress. Note these tests
are incomplete, as they always use the default IV.

10 years agouse reallocarray
tedu [Tue, 22 Apr 2014 21:24:20 +0000 (21:24 +0000)]
use reallocarray

10 years agoMention 16-bit sound is supported nowadays.
miod [Tue, 22 Apr 2014 21:01:10 +0000 (21:01 +0000)]
Mention 16-bit sound is supported nowadays.

10 years agoremove dead stores to error. from Fritjof Bornebusch
tedu [Tue, 22 Apr 2014 20:48:41 +0000 (20:48 +0000)]
remove dead stores to error. from Fritjof Bornebusch

10 years agomalloc/memset -> calloc. from peter malone
tedu [Tue, 22 Apr 2014 20:42:01 +0000 (20:42 +0000)]
malloc/memset -> calloc. from peter malone

10 years agoRemove the certs directory that contains ancient files not used
lteo [Tue, 22 Apr 2014 20:41:43 +0000 (20:41 +0000)]
Remove the certs directory that contains ancient files not used
by anything.

"yes, blow it away" beck@

10 years agomalloc/memset->calloc. with bonus null check. from peter malone.
tedu [Tue, 22 Apr 2014 20:40:37 +0000 (20:40 +0000)]
malloc/memset->calloc. with bonus null check. from peter malone.

10 years agonull a pointer to prevent double free. from Dirk Engling
tedu [Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)]
null a pointer to prevent double free. from Dirk Engling

10 years agoRemove files which look like actual code compiled in libcrypto, but isn't.
miod [Tue, 22 Apr 2014 20:33:29 +0000 (20:33 +0000)]
Remove files which look like actual code compiled in libcrypto, but isn't.
One even says (in comments): HAS BUGS! DON'T USE

10 years agofix memory leaks. from Dirk Engling
tedu [Tue, 22 Apr 2014 20:31:57 +0000 (20:31 +0000)]
fix memory leaks. from Dirk Engling

10 years agoRemove meat which either duplicates code found in apps/, or is only of value
miod [Tue, 22 Apr 2014 20:31:38 +0000 (20:31 +0000)]
Remove meat which either duplicates code found in apps/, or is only of value
for 20th century historians, and can be put in the Attic.

10 years agomalloc/memset -> calloc. from peter malone
tedu [Tue, 22 Apr 2014 20:25:16 +0000 (20:25 +0000)]
malloc/memset -> calloc. from peter malone

10 years agoFix issue where we could jump into getdirtybuf without splbio() on a retry
beck [Tue, 22 Apr 2014 20:14:39 +0000 (20:14 +0000)]
Fix issue where we could jump into getdirtybuf without splbio() on a retry
that probably crashed espie.
ok tedu@

10 years agoturns out there are exactly 3 ports that actually use longnames:
espie [Tue, 22 Apr 2014 18:22:20 +0000 (18:22 +0000)]
turns out there are exactly 3 ports that actually use longnames:

eclipse-plugins-wtp-sdk
openclipart
qt4-html

so switch to pax extended headers now, the transition period is not
really needed. :)

10 years agoTrojan horse is still a noun. noted by fritjof
tedu [Tue, 22 Apr 2014 16:58:20 +0000 (16:58 +0000)]
Trojan horse is still a noun. noted by fritjof

10 years agoRemove RX checksum offloading support. The chip is too limited, and
naddy [Tue, 22 Apr 2014 15:52:05 +0000 (15:52 +0000)]
Remove RX checksum offloading support.  The chip is too limited, and
examining higher protocol layers to adjust the checksum and calculate
the pseudo-header in the driver is too complex to be worthwhile.
ok henning@

10 years agoadd closing parenthesis.
sobrado [Tue, 22 Apr 2014 15:22:04 +0000 (15:22 +0000)]
add closing parenthesis.

ok millert@

10 years ago- one more mallocarray -> reallocarray
jmc [Tue, 22 Apr 2014 15:02:16 +0000 (15:02 +0000)]
- one more mallocarray -> reallocarray
- use <>

10 years agoNuke the last of the windows related defines from the openssl apps.
jsing [Tue, 22 Apr 2014 14:54:13 +0000 (14:54 +0000)]
Nuke the last of the windows related defines from the openssl apps.

ok deraadt@

10 years agothis commit is really florian@'s, since he's the one who made removal
henning [Tue, 22 Apr 2014 14:47:23 +0000 (14:47 +0000)]
this commit is really florian@'s, since he's the one who made removal
of our forked apache possible by his work on nginx and slowcgi, but he
doesn't want it - so it is my pleasure to tedu it. I spent so much work
on chroot in it 10 years ago - and am very happy to see it go now, nginx
is a far better choice today.
Bye bye, Apache, won't miss you.

10 years agoFinally remove KERBEROS5? from the Makefile infrastructure.
reyk [Tue, 22 Apr 2014 14:42:53 +0000 (14:42 +0000)]
Finally remove KERBEROS5? from the Makefile infrastructure.

ok henning@

10 years agoRemove some altq tentacles.
mpi [Tue, 22 Apr 2014 14:41:03 +0000 (14:41 +0000)]
Remove some altq tentacles.

ok pelikan@, henning@

10 years agoswitch to reallocarray
tedu [Tue, 22 Apr 2014 14:27:25 +0000 (14:27 +0000)]
switch to reallocarray

10 years agochange mallocarray to reallocarray. useful in a few more situations.
tedu [Tue, 22 Apr 2014 14:26:26 +0000 (14:26 +0000)]
change mallocarray to reallocarray. useful in a few more situations.
malloc can, as always, be emulated via realloc(NULL).
ok deraadt

10 years agoKNF.
jsing [Tue, 22 Apr 2014 14:22:51 +0000 (14:22 +0000)]
KNF.

10 years agomore kerberos zapping;
jmc [Tue, 22 Apr 2014 14:19:04 +0000 (14:19 +0000)]
more kerberos zapping;

10 years agozap eol whitespace;
jmc [Tue, 22 Apr 2014 14:16:30 +0000 (14:16 +0000)]
zap eol whitespace;

10 years agozap stray Pp;
jmc [Tue, 22 Apr 2014 14:15:55 +0000 (14:15 +0000)]
zap stray Pp;

10 years agoMore KNF.
jsing [Tue, 22 Apr 2014 14:05:40 +0000 (14:05 +0000)]
More KNF.

10 years agomalloc -> calloc
gilles [Tue, 22 Apr 2014 13:57:58 +0000 (13:57 +0000)]
malloc -> calloc

10 years agoMore KNF.
jsing [Tue, 22 Apr 2014 13:48:29 +0000 (13:48 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Tue, 22 Apr 2014 13:32:17 +0000 (13:32 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Tue, 22 Apr 2014 13:13:58 +0000 (13:13 +0000)]
More KNF.

10 years agono more kerb, ok kettenis
henning [Tue, 22 Apr 2014 12:53:48 +0000 (12:53 +0000)]
no more kerb, ok kettenis

10 years agono more kerberos authentication styles.
sobrado [Tue, 22 Apr 2014 12:48:17 +0000 (12:48 +0000)]
no more kerberos authentication styles.

ok henning@, reyk@

10 years agoMore KNF.
jsing [Tue, 22 Apr 2014 12:43:34 +0000 (12:43 +0000)]
More KNF.

10 years agoDocument sftp upload resume.
logan [Tue, 22 Apr 2014 12:42:04 +0000 (12:42 +0000)]
Document sftp upload resume.

OK from djm@, with feedback from okan@.

10 years agoInstead of special casing ftpd, uucpd and others that may have entries
okan [Tue, 22 Apr 2014 12:36:36 +0000 (12:36 +0000)]
Instead of special casing ftpd, uucpd and others that may have entries
in wtmp, go the other way and exclude entries we know ('console' and
'tty') from pid stripping, then strip the rest.

idea, feedback and ok millert@

10 years agoifa_ifwithroute() is the only magic place where an AF_LINK sockaddr
mpi [Tue, 22 Apr 2014 12:35:00 +0000 (12:35 +0000)]
ifa_ifwithroute() is the only magic place where an AF_LINK sockaddr
can be given to ifa_ifwithnet().

Handle this specific case directly and let ifa_ifwithnet() do only
one thing:  iterate on all the addresses of all the interfaces in a
given routing domain to return the most specific matching address.

ok mikeb@

10 years agopure reindent
espie [Tue, 22 Apr 2014 12:21:17 +0000 (12:21 +0000)]
pure reindent

10 years agoNULL is cooler than 0 when pointers are concerned
henning [Tue, 22 Apr 2014 12:07:20 +0000 (12:07 +0000)]
NULL is cooler than 0 when pointers are concerned
ok gcc & md5 (aka no binary change)

10 years agoUpdate iked to use the same proc.c that relayd uses.
reyk [Tue, 22 Apr 2014 12:00:03 +0000 (12:00 +0000)]
Update iked to use the same proc.c that relayd uses.
Less differences, less code to audit.

ok mikeb@

10 years agoIf VLAN_HWTAGGING is disabled, we tell the chip not to strip the
naddy [Tue, 22 Apr 2014 11:54:46 +0000 (11:54 +0000)]
If VLAN_HWTAGGING is disabled, we tell the chip not to strip the
tag from the received frame.  Do not add the tag from the receive
descriptor in this case so that the packet isn't tagged twice.
Matches FreeBSD.
ok brad@

10 years agocomment out the .if (${KERBEROS5:L} block for now, breaks the build
henning [Tue, 22 Apr 2014 11:47:55 +0000 (11:47 +0000)]
comment out the .if (${KERBEROS5:L} block for now, breaks the build
once the bsd.own.mk KERBEROS5 is removed otherwise. this way suggested
by theo.

10 years agowe used to handle the vlan tag etc insertion very very very late,
henning [Tue, 22 Apr 2014 11:43:07 +0000 (11:43 +0000)]
we used to handle the vlan tag etc insertion very very very late,
on al already ass embed ethernet frame, which meant:
-copy (most of) the existing ethernet header into a ether_vlan_header
on the stack
-fill the extra fields in ether_vlan_header
-set the ether type
-m_adj() to make room for the extra space ether_vlan_header needs
-m_copyback the ether_vlan_header into the mbuf
that involves moving data around, which isn't all that cheap.
cleaner & easier to have ether_output prepend the ether_vlan_header instead
of the regular ethernet header, which makes the vlan tagging essentially
free in most cases.
help & ok reyk, naddy; waste of time bikeshedding tech@

10 years agosync
deraadt [Tue, 22 Apr 2014 11:29:29 +0000 (11:29 +0000)]
sync

10 years agono more kerberos, ok theo reyk
henning [Tue, 22 Apr 2014 11:15:05 +0000 (11:15 +0000)]
no more kerberos, ok theo reyk

10 years agoRemove the kerberos login methods.
reyk [Tue, 22 Apr 2014 11:06:22 +0000 (11:06 +0000)]
Remove the kerberos login methods.

10 years ago-KERBEROS5
henning [Tue, 22 Apr 2014 11:05:22 +0000 (11:05 +0000)]
-KERBEROS5

10 years agoRemove the kerberos login methods.
reyk [Tue, 22 Apr 2014 11:03:39 +0000 (11:03 +0000)]
Remove the kerberos login methods.

ok henning@

10 years agokerberos has been tedu'd, ok reyk
henning [Tue, 22 Apr 2014 10:50:15 +0000 (10:50 +0000)]
kerberos has been tedu'd, ok reyk

10 years agoRemove kerberosV, it is not special anymore.
reyk [Tue, 22 Apr 2014 10:48:36 +0000 (10:48 +0000)]
Remove kerberosV, it is not special anymore.

ok henning@

10 years agolist VSCSI_STAT_RESET.
dlg [Tue, 22 Apr 2014 10:25:12 +0000 (10:25 +0000)]
list VSCSI_STAT_RESET.

claudio didnt believe it existed cos it wasnt documented. i didnt believe
there was a manpage. i guess we were both wrong.

10 years agoRemove kerberosV from etc/
reyk [Tue, 22 Apr 2014 10:24:29 +0000 (10:24 +0000)]
Remove kerberosV from etc/

ok deraadt@ guenther@

10 years agoRemove KERBEROS5 from the Makefiles (except ssh for now, where it is
reyk [Tue, 22 Apr 2014 10:21:56 +0000 (10:21 +0000)]
Remove KERBEROS5 from the Makefiles (except ssh for now, where it is
already manually disabled).

ok deraadt@

10 years agofor consistency's sake, use the terminology from the 802.1Q standard
henning [Tue, 22 Apr 2014 10:11:32 +0000 (10:11 +0000)]
for consistency's sake, use the terminology from the 802.1Q standard
here too. pt out by alexey suslikov via mpi, ok reyk

10 years agoOh yeah, MLINKS for errc family
guenther [Tue, 22 Apr 2014 10:08:54 +0000 (10:08 +0000)]
Oh yeah, MLINKS for errc family

Prodded by deraadt@

10 years agoSort the sftp command list.
logan [Tue, 22 Apr 2014 10:07:12 +0000 (10:07 +0000)]
Sort the sftp command list.

OK from djm@

10 years agoThe complexity and quality of kerberosV and the fact that almost
reyk [Tue, 22 Apr 2014 10:01:15 +0000 (10:01 +0000)]
The complexity and quality of kerberosV and the fact that almost
nobody is using it doesn't justify to have it in base - disable and
remove it.  If the 2 two people who use it still want it, they can
make a port or recompile OpenBSD on their own.

There is a quote in theo.c from August 2010: "basically, dung beetles
fucking.  that's what kerberosV + openssl is like".

Discussed with many.  Tests by henning@ reyk@ and others.
ok deraadt@ henning@

10 years agoThe complexity and quality of kerberosV and the fact that almost
reyk [Tue, 22 Apr 2014 09:48:51 +0000 (09:48 +0000)]
The complexity and quality of kerberosV and the fact that almost
nobody is using it doesn't justify to enable it by default.  It will
be disabled and removed from base and possibly be moved to ports.

Discussed with many.  Tests by henning@ reyk@ and others.
ok henning@

10 years agomove vscsi from using scsi_req_probe and scsi_req_detach to using
dlg [Tue, 22 Apr 2014 08:48:51 +0000 (08:48 +0000)]
move vscsi from using scsi_req_probe and scsi_req_detach to using
the newly minted scsi_probe and scsi_detach respectively from a
task it runs itself.

the probe and detach ioctls requests work the same before and after
this change, but this paves the way for vscsi being able to report
the status of these requests back to userland.

discussed with claudio@
tested with current iscsid and an md3200i

10 years agoeffectively use emult_realloc, okay guenther@
espie [Tue, 22 Apr 2014 08:26:31 +0000 (08:26 +0000)]
effectively use emult_realloc, okay guenther@

10 years agoSupport the CA key for SSL inspection in the ca process. Instead of
reyk [Tue, 22 Apr 2014 08:04:23 +0000 (08:04 +0000)]
Support the CA key for SSL inspection in the ca process.  Instead of
looking up the keys by relay id, add all keys to a list and look them
up by key id.

ok benno@

10 years agofactor out the code that figures out whether you're probing or detaching
dlg [Tue, 22 Apr 2014 07:29:11 +0000 (07:29 +0000)]
factor out the code that figures out whether you're probing or detaching
a whole bus, a target, or a specific lun on a target from the bioctl
and scsi_req paths.

i want to reuse this factored code for something claudio wants.

10 years agoerrx when errno won't be set.
tedu [Tue, 22 Apr 2014 05:44:40 +0000 (05:44 +0000)]
errx when errno won't be set.

10 years agogets() is gone
lteo [Tue, 22 Apr 2014 02:29:52 +0000 (02:29 +0000)]
gets() is gone

10 years agoAdd errc/verrc/warnc/vwarnc family: versions of err/... that take the errno
guenther [Tue, 22 Apr 2014 00:33:02 +0000 (00:33 +0000)]
Add errc/verrc/warnc/vwarnc family: versions of err/... that take the errno
value to use for the strerror() message as an argument.  Originally from
FreeBSD 3.0

Patch from Steffen Nurpmeso (sdaoden (at) gmail.com) with minor tweaks.

10 years agoClarify an err() message
guenther [Tue, 22 Apr 2014 00:23:35 +0000 (00:23 +0000)]
Clarify an err() message

10 years agoConvert a malloc(x*y)+memset to calloc(x,y)
guenther [Tue, 22 Apr 2014 00:22:41 +0000 (00:22 +0000)]
Convert a malloc(x*y)+memset to calloc(x,y)

From Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)

10 years agoAvoid a loop during autoinstall in case the path in the responsefile does
rpe [Mon, 21 Apr 2014 23:15:09 +0000 (23:15 +0000)]
Avoid a loop during autoinstall in case the path in the responsefile does
not exist.

OK halex@ krw@

10 years agorepair regress tests broken by server-side default cipher/kex/mac changes
djm [Mon, 21 Apr 2014 22:15:37 +0000 (22:15 +0000)]
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's
algorithm list

10 years agoPrint bytes read and written in human readable form, like:
claudio [Mon, 21 Apr 2014 20:20:37 +0000 (20:20 +0000)]
Print bytes read and written in human readable form, like:
2849359 I2T calls (5 read, 2849352 writes)
5 data reads (2.3K bytes read)
2849352 data writes (43.5G bytes written)
2849358 T2I calls (2849358 done, 0 sense errors, 0 errors)

10 years agoCopy the updated proc.c from relayd to use the same file. Adjust
reyk [Mon, 21 Apr 2014 19:47:27 +0000 (19:47 +0000)]
Copy the updated proc.c from relayd to use the same file.  Adjust
snmpd accordingly.

ok sthen@

10 years agoChange dhcp_request() and v4_config() to be able to configure dhcp
rpe [Mon, 21 Apr 2014 19:05:40 +0000 (19:05 +0000)]
Change dhcp_request() and v4_config() to be able to configure dhcp
for an interface without an active network connection.

- Don't write options to dhclient.conf that are default. Only use
  the 'host-name' option for hostname associated dhcp requests.

- Run dhclient with options to reduce the time it takes to finish
  in case it gets no answer from a DHCP server.

- Don't bother removing the interface from group dhcp and save the
  configuration files even if dhclient fails. If the same interface
  is statically configured later, it is removed from the group dhcp.

- Add 'dhcp' to hostname.if file regardless whether dhcp_request()
  was successful or not.

- Change the Netmask question to be more autoinstaller friendly.

based on krw's work
discussed with and OK krw@

10 years agoBind to localAddr if specified and add some XXX comments about stuff
claudio [Mon, 21 Apr 2014 18:59:05 +0000 (18:59 +0000)]
Bind to localAddr if specified and add some XXX comments about stuff
that is not prefect yet.

10 years agog/c hdrcmplt var, we can just set the esrc ptr earlier and re-set it in
henning [Mon, 21 Apr 2014 18:52:25 +0000 (18:52 +0000)]
g/c hdrcmplt var, we can just set the esrc ptr earlier and re-set it in
the pseudo_AF_HDRCMPLT case, ok claudio reyk

10 years ago__inline -> inline
henning [Mon, 21 Apr 2014 18:38:36 +0000 (18:38 +0000)]
__inline -> inline

10 years agoyou must have S_ISDIR to play
deraadt [Mon, 21 Apr 2014 18:35:01 +0000 (18:35 +0000)]
you must have S_ISDIR to play

10 years agoDocument show summary
claudio [Mon, 21 Apr 2014 18:05:45 +0000 (18:05 +0000)]
Document show summary

10 years agoPrint the target and initiator name in show command.
claudio [Mon, 21 Apr 2014 18:01:08 +0000 (18:01 +0000)]
Print the target and initiator name in show command.

10 years agoStart passing the initiator and target name in the show command.
claudio [Mon, 21 Apr 2014 18:00:23 +0000 (18:00 +0000)]
Start passing the initiator and target name in the show command.

10 years agoCope with the iscsid changes. Makes the msg handling a lot easier.
claudio [Mon, 21 Apr 2014 17:44:47 +0000 (17:44 +0000)]
Cope with the iscsid changes. Makes the msg handling a lot easier.
This also introduces some stuff that is work in progress.

10 years agoRedo most of the control message handling. Switch it back to use
claudio [Mon, 21 Apr 2014 17:41:52 +0000 (17:41 +0000)]
Redo most of the control message handling. Switch it back to use
SOCK_SEQPACKET and provide functions to build the control messages that
can also be used by iscsictl.

10 years agoAdd a few missing free's in the grammar.
reyk [Mon, 21 Apr 2014 17:33:31 +0000 (17:33 +0000)]
Add a few missing free's in the grammar.

10 years agoIt does not make sense to specify a port for the initiatoraddr.
claudio [Mon, 21 Apr 2014 17:33:20 +0000 (17:33 +0000)]
It does not make sense to specify a port for the initiatoraddr.

10 years agoUse RSA_set_ex_data()/RSA_get_ex_data() directly instead of
reyk [Mon, 21 Apr 2014 17:22:06 +0000 (17:22 +0000)]
Use RSA_set_ex_data()/RSA_get_ex_data() directly instead of
the undocumented RSA_set_app_data()/RSA_get_app_data() wrappers.

10 years agoKNF.
jsing [Mon, 21 Apr 2014 17:15:24 +0000 (17:15 +0000)]
KNF.

10 years agoKNF.
jsing [Mon, 21 Apr 2014 16:59:26 +0000 (16:59 +0000)]
KNF.

10 years agoKNF.
jsing [Mon, 21 Apr 2014 16:49:02 +0000 (16:49 +0000)]
KNF.

10 years agouse mallocarray(a,b) instead of malloc(a*b)
deraadt [Mon, 21 Apr 2014 16:48:59 +0000 (16:48 +0000)]
use mallocarray(a,b) instead of malloc(a*b)

10 years agomore malloc/realloc/calloc cleanups; ok beck kettenis
deraadt [Mon, 21 Apr 2014 16:34:43 +0000 (16:34 +0000)]
more malloc/realloc/calloc cleanups; ok beck kettenis

10 years agoKNF.
jsing [Mon, 21 Apr 2014 16:32:06 +0000 (16:32 +0000)]
KNF.

10 years agouse the language from the 802.1Q standard which just talks about tags,
henning [Mon, 21 Apr 2014 16:21:08 +0000 (16:21 +0000)]
use the language from the 802.1Q standard which just talks about tags,
not encap, not header. reyk happy & ok.

10 years agoRemove historical comment about <varargs.h> and warn people from using
guenther [Mon, 21 Apr 2014 16:13:24 +0000 (16:13 +0000)]
Remove historical comment about <varargs.h> and warn people from using
the _* functions outside libc

10 years agoThe OpenSSL engine passes a "const u_char *" to the callback but
reyk [Mon, 21 Apr 2014 16:08:47 +0000 (16:08 +0000)]
The OpenSSL engine passes a "const u_char *" to the callback but
relayd's RSA privsep engine uses an iovec that expects a non-cast
"void *".  Cast it and disable the -Wcast-qual warning because I don't
want to copy the data and I didn't find a better way to implement it.

ok guenther@