Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.43 / (download) - annotate - [select for diffs], Sun Jul 16 09:23:33 2023 UTC (10 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.42: +10 -138 lines
Diff to previous 1.42 (colored)
relayd: remove ENGINE dependency What is achieved here through ENGINE can be done in a much simpler way by setting the default RSA implementation. Drop a number of indirections that only add a bit of logging. This removes a lot of boiler plate and shows where the actual magic happens more clearly. ok op tobhe
Revision 1.42 / (download) - annotate - [select for diffs], Sun Jun 11 10:30:26 2023 UTC (11 months, 3 weeks ago) by op
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
fix typo: 'hash buffer to small' -> too small
Revision 1.41 / (download) - annotate - [select for diffs], Sun Mar 26 18:04:47 2023 UTC (14 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.40: +3 -2 lines
Diff to previous 1.40 (colored)
Add missing #include <openssl/err.h>
Revision 1.40 / (download) - annotate - [select for diffs], Thu Nov 10 00:44:12 2022 UTC (18 months, 3 weeks ago) by mbuhl
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.39: +4 -2 lines
Diff to previous 1.39 (colored)
In case RSA_meth_new fails, errstr would be passed to fatalx without initialization. OK tb
Revision 1.39 / (download) - annotate - [select for diffs], Thu Jan 20 17:56:35 2022 UTC (2 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.38: +4 -2 lines
Diff to previous 1.38 (colored)
catch poll() returning EINTR. ok millert@ claudio@
Revision 1.38 / (download) - annotate - [select for diffs], Tue Jan 11 19:06:23 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.37: +55 -56 lines
Diff to previous 1.37 (colored)
Convert relayd for opaque RSA_METHOD This is a mostly mechanical diff which will hopefully be superseded soon by work in libtls. ok jsing
Revision 1.37 / (download) - annotate - [select for diffs], Wed Dec 8 03:40:44 2021 UTC (2 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
zap a stray space
Revision 1.36 / (download) - annotate - [select for diffs], Tue Mar 23 16:34:31 2021 UTC (3 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.35: +22 -5 lines
Diff to previous 1.35 (colored)
Timed out RSA key ops, may leave uncalled for responses in the imsg return path. These have to be dropped or every subsequent call will cause decrypt errors. Use a sequence number cookie to keep the systems in sync. Diff from niklas@ with some minor adjustments by myself.
Revision 1.35 / (download) - annotate - [select for diffs], Fri May 31 15:15:37 2019 UTC (5 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.34: +48 -45 lines
Diff to previous 1.34 (colored)
Move the relay keys/certs into a separate global list and look them up by id. Moving the certs out of the relay struct will help to add multiple SNI certs. Tested by many users (thanks!) Feedback & OK rob@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Sep 19 11:28:02 2018 UTC (5 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.33: +4 -3 lines
Diff to previous 1.33 (colored)
Do not abort when the ca privenc runs into a timeout. OK claudio@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Jan 24 13:51:36 2018 UTC (6 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.32: +7 -5 lines
Diff to previous 1.32 (colored)
Log some more errors in the ca code, since there seems to be still a bug hidden somewhere. Also return after a poll timeout, there is no reason to wait longer than a second for the answer of the ca process. OK jsing@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Jan 1 15:01:09 2018 UTC (6 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.31: +12 -6 lines
Diff to previous 1.31 (colored)
RSA_private_{en,de}crypt() can fail and will return -1 in that case. Check for this in the ca process and return a valid answer to the relay process. This fixes rsae_send_imsg poll timeouts blocking relay processes as seen by Mischa Peters and myself. OK benno@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Nov 28 00:20:23 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
relay_load_fd() is no longer clobering errno in the error case so use fatal() instead of fatalx()
Revision 1.30 / (download) - annotate - [select for diffs], Mon Nov 27 23:05:50 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.29: +7 -7 lines
Diff to previous 1.29 (colored)
Make ca_launch error messages unique. OK claudio@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Nov 27 21:06:25 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.28: +21 -11 lines
Diff to previous 1.28 (colored)
Use file descriptor passing to load certificates into the relays. Especially the ca file (having all the trusted certs in them) can be so big that loading via imsg fails. OK beck@
Revision 1.28 / (download) - annotate - [select for diffs], Wed Aug 9 21:31:16 2017 UTC (6 years, 9 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Use X509_pubkey_digest() like libtls to hash the keys for the TLS privsep code. This fixes interception mode (since there we rewrite the CERT which would alter the hash of the cert but the keys still remain the same). OK bluhm@ and jsing@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jul 28 13:58:52 2017 UTC (6 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.26: +20 -20 lines
Diff to previous 1.26 (colored)
Always calculate the hash value of the x509 cert in ssl_load_pkey(). Check whether TLS server object is available before using it. With these fixes the ssl inspect regress test just fails and does not crash relayd. OK claudio@
Revision 1.26 / (download) - annotate - [select for diffs], Sun May 28 10:39:15 2017 UTC (7 years ago) by benno
Branch: MAIN
Changes since 1.25: +14 -17 lines
Diff to previous 1.25 (colored)
use __func__ in log messages. fix some whitespace while here. From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks! ok florian, claudio
Revision 1.25 / (download) - annotate - [select for diffs], Sat May 27 08:33:25 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.24: +69 -19 lines
Diff to previous 1.24 (colored)
Migrate relayd to use libtls for TLS. Still does the TLS privsep via the engine but at least we can use a sane API for new features. Going in now so it is possible to work with this in tree. General agreement at d2k17.
Revision 1.24 / (download) - annotate - [select for diffs], Thu Apr 6 12:20:48 2017 UTC (7 years, 1 month ago) by gsoares
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
fix format string found by clang -Wformat-security OK deraadt millert
Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 28 15:03:03 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
Add -Wcast-qual and cast away one false positive where we use a const u_char * variable for an iovec from within the libcrypto engine callback. OK millert@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Sep 3 14:09:04 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Use the fork+exec privsep model in relayd; based on rzalamena@'s work for httpd with some (current and previous) changes for relayd. Once again, both daemons now share the same proc.c where most of the privsep "magic" happens. OK benno@ rzalamena@
Revision 1.21 / (download) - annotate - [select for diffs], Fri Sep 2 14:45:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
Split "struct relayd" into two structs: "struct relayd" and "struct relayd_config". This way we can send all the relevant global configuration to the children, not just the flags and the opts. With input from and OK claudio@ benno@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Sep 2 14:31:47 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
proc_id has been replaced by ps->ps_instance. OK claudio@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Sep 2 12:12:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)
As done in httpd, remove ps_ninstances and p_instance. OK benno@ rzalamena@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Sep 2 11:51:49 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Terminate relayd using the socket status instead of watching SIGCHLD or killing child processes. - Based on rzalamena@'s diff for httpd. OK deraadt@ rzalamena@
Revision 1.17 / (download) - annotate - [select for diffs], Thu Sep 1 10:40:38 2016 UTC (7 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.16: +16 -2 lines
Diff to previous 1.16 (colored)
Do not busy loop in the rsa engine callback waiting for the ca. Instead use poll(2) to wait for up to 1sec for a response. This is not the nicest way to fix this issue but the smallest. Goal is to reduce the contention on the kernel big lock on busy relayd systems. reyk@ agrees (especially about the nastyness of this)
Revision 1.16 / (download) - annotate - [select for diffs], Sat Dec 5 13:13:11 2015 UTC (8 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
EAGAIN handling for imsg_read. OK henning@ benno@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 2 13:41:27 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
In most cases we don't need all arguments of proc_compose*_imsg(), so add a shortcut proc_compose*() that skips all of them. Only use the full argument list if needed. The functions with full argument lists can eventually be replaced with a nicer transaction-based approach later. OK benno@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Oct 10 00:16:23 2015 UTC (8 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.13: +4 -1 lines
Diff to previous 1.13 (colored)
relayd's ca process pledges to only use stdio. ok deraadt@
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Sun Sep 20 11:20:16 2015 UTC (8 years, 8 months ago) by benno
Branch: OPENBSD_5_7
Changes since 1.12: +5 -2 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
maintainance diff for relayd MFC the following changes - Missing free(3) in error path (ssl.c,v 1.29) - fix a memory leak. (pfe.c,v 1.80) - allocate se_log evbuffer before loging errors with relay_close() (relay.c,v 1.192) - fix a file descriptor leak in http protocol handling (relay.c,v 1.193 and relay_http.c,v 1.44) - Fix obvious problems with relayd config reload (ca.c,v 1.13; config.c,v 1.25; parse.y,v 1.204; relayd.c,v 1.139; relayd.h,v 1.209) - http protocol: you cannot append to the previous key-value before line three of a request (relay_http.c,v 1.45) - fix a crash / use after free (relay.c,v 1.194; relay_http.c,v 1.46) - fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE (relay_http.c,v 1.47) - Plug a memory leak by simplifying kv_free() (relayd.c,v 1.141) - Fix memory leak in error case (relay_http.c,v 1.48) - track the connection state of a session and stops doing double opens in certain situations (relay.c,v 1.195; relay_http.c,v 1.49; relayd.h,v 1.210) - coding style (relay.c,v 1.196; relay_http.c,v 1.50; relayd.h,v 1.212) ok claudio@, sthen@ and feedback tedu@
Revision 1.13 / (download) - annotate - [select for diffs], Sat May 2 13:15:24 2015 UTC (9 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.12: +5 -2 lines
Diff to previous 1.12 (colored)
Fix obvious problems with relayd config reload. - fix a TAILQ corruption because of a use after free - do not reinit the SSL engine since that fails OK sthen, benno
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jan 22 17:42:09 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.11: +4 -9 lines
Diff to previous 1.11 (colored)
Clean up the relayd headers with help of include-what-you-use and some manual review. Based on common practice, relayd.h now includes the necessary headers for itself. OK benno@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 16 15:06:40 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)
Adapt to <limits.h> universe. ok millert
Revision 1.10 / (download) - annotate - [select for diffs], Fri Dec 12 10:05:09 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.9: +23 -23 lines
Diff to previous 1.9 (colored)
Change the keyword "ssl" to "tls" to reflect reality since we effectively disabled support for the SSL protocols. SSL remains a common term describing SSL/TLS, there is some controvery about this change, and the name really doesn't matter, but I feel confident about it now. (btw., sthen@ pointed out some historical context: http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html) OK benno@, with input from tedu@
Revision 1.9 / (download) - annotate - [select for diffs], Thu Oct 2 19:16:31 2014 UTC (9 years, 8 months ago) by gilles
Branch: MAIN
Changes since 1.8: +1 -3 lines
Diff to previous 1.8 (colored)
no need to set the same field NULL twice ;-) ok reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Sun May 4 16:38:19 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.7: +39 -10 lines
Diff to previous 1.7 (colored)
Create a new default RSA engine instead of patching the existing one if none is available. Fixes SSL/TLS and a possible fatalx() on machines without a default RSA engine. Thanks to Bjorn Ketelaars for reporting and testing. ok gilles@ (for the relayd part)
Revision 1.7 / (download) - annotate - [select for diffs], Tue Apr 22 08:04:23 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.6: +32 -14 lines
Diff to previous 1.6 (colored)
Support the CA key for SSL inspection in the ca process. Instead of looking up the keys by relay id, add all keys to a list and look them up by key id. ok benno@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Apr 21 17:22:06 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
Use RSA_set_ex_data()/RSA_get_ex_data() directly instead of the undocumented RSA_set_app_data()/RSA_get_app_data() wrappers.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 21 16:08:47 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
The OpenSSL engine passes a "const u_char *" to the callback but relayd's RSA privsep engine uses an iovec that expects a non-cast "void *". Cast it and disable the -Wcast-qual warning because I don't want to copy the data and I didn't find a better way to implement it. ok guenther@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 18 16:08:06 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.3: +22 -24 lines
Diff to previous 1.3 (colored)
spacing
Revision 1.3 / (download) - annotate - [select for diffs], Fri Apr 18 15:53:28 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.2: +20 -15 lines
Diff to previous 1.2 (colored)
Fix SSL client-only mode when no RSA private key is needed. Found by andre@ with the args-ssl-server.pl regress test. ok andre@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 18 14:32:22 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.1: +4 -1 lines
Diff to previous 1.1 (colored)
The RSA_FLAG_SIGN_VER is not yet supported and the current code uses the rsa_priv_enc() and rsa_pub_dec() callbacks for sign and verify operations. A tale from OpenSSL's rsa.h: New sign and verify functions: some libraries don't allow arbitrary data to be signed/verified: this allows them to be used. Note: for this to work the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: for backwards compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER option is set in 'flags'. In OpenSSL, RSA engines should provide the rsa_sign() and rsa_verify() callbacks and this should be the default. By the "default" is disabled by default and RSA engines that provide extra sign and verify callbacks have to set the non-default RSA_FLAG_SIGN_VER flag. This is not used by OpenSSL's own RSA code and was only set by two non-default RSA engines: IBM 4758 and Windows CAPI - both of them got removed from our library. And btw., this comment about the new non-default default was added in 1999. Thanks to Piotr Sikora, who pointed out that I didn't handle the sign/verify case.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Apr 18 13:55:26 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Introduce privsep for private keys: - Move RSA private keys to a new separate process instead of copying them to the relays. A custom RSA engine is used by the SSL/TLS code of the relay processes to send RSA private key encryption/decryption (also used for sign/verify) requests to the new "ca" processes instead of operating on the private key directly. - Each relay process gets its own related ca process. Setting "prefork 5" in the config file will spawn 10 processes (5 relay, 5 ca). This diff also reduces the default number of relay processes from 5 to 3 which should be suitable in most installations without a very heavy load. - Don't keep text versions of the keys in memory, parse them once and keep the binary representation. This might still be the case in OpenSSL's internals but will be fixed in the library. This diff doesn't prevent something like "heartbleed" but adds an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS. With feedback from many ok benno@