usr.sbin/relayd: handle HTTP responses without bodies
RFC 9112 section 6.3 specifies that responses to HEAD requests, and
responses with 1xx, 204, or 304 status codes, are terminated by the
empty line after the header section regardless of Content-Length or
Transfer-Encoding. They cannot contain a message body or trailer
section.
Teach relayd to apply that framing rule before deciding whether a
response body is bounded. Otherwise relayd treats these responses as
unbounded, adds Connection: close, and can forward both the backend's
Connection: keep-alive and its own Connection: close.
Tweaks and OK: rsadowski@
repair more prototypes for pseudo-device attach functions
pppattach and spppattach should have a single int parameter to match
what's in ioconf.c.
also noticed independently by jsg@; ok jsg@
relayd: use explicit_bzero in ssl_password_cb
This replaces bzero with explicit_bzero in the SSL password callback. Since
ssl_password_cb handles sensitive data a standard bzero could be optimized
away by the compiler.
Additionally, this ensures the buffer is cleared if strlcpy fails due to
truncation, preventing password fragments from lingering in memory.
OK renaud@, kirill@
repair prototype for pseudo-device attach function
The dtattach function was declared with an autoconf style prototype, but
should have been declared with a single int parameter. Repair this.
ok deraadt@, jsg@
Exclude hidden files and directories when synchronizing via Rsync
According to RFC 9286 section 4.2.2, filenames in the RPKI cannot start
with a dot. And RFC 6481 section 1.1 describes the concept of a publication
point as a "directory in a publicly accessible filesystem". From there it
follows there is no need to transfer hidden files and directories. This may
help in avoiding exposure to intermediate states (e.g., /a/.~tmp~/b.roa).
Thanks to by Ben Cartwright-Cox for raising this.
OK tb@
Introduce and use dtls12_handshake_msg.
Add struct dtls12_handshake_msg and various related functions, which
allow for the construction of DTLS handshake messages and associated
fragments.
Use this on the DTLS write path for sending handshake message fragments.
This means that we no longer modify the init buffer, which also fixes a
bug where the message callback is called with a corrupted handshake
message when multiple fragments have been sent.
We also now correctly track fragment offsets when sending a handshake
message that results in multiple calls to dtls1_do_write_handshake_message().
This is the first step towards further untangling of the write path in
the legacy TLS stack.
ok kenjiro@ tb@
unknown_ext_print: avoid casting away const
The BIO_dump_indent() API masterpiece expects a const char pointer as
input. Don't cast away const when suppressing pointer sign warnings.
Prompted by a report by N. Dossche
ok kenjiro
Ensure X509V3_EXT_print() only returns 0 and 1
In a rare mistake by schwarze, X509V3_EXT_print() is documented to return
0 and 1. This is also what most internal callers expect.
However, if either X509V3_EXT_DUMP_UNKNOWN or X509V3_EXT_PARSE_UNKNOWN is
set, the extension has an unknown NID or on failure to deserialize the
extension value, the return values of BIO_dump_indent() (which is number
of bytes written or -1 on error) and ASN1_parse_dump() (which is 0, 1, or
2 on EOC) are propagated.
Follow what OpenSSL did and translate to Boolean returns. Error indicators
are rather useless here since most errors are ignored anyway. Most callers
do if (!X509V3_EXT_print(...)) but they also pass a zero flag.
Reported by N. Dossche
ok kenjiro
After ifconfig qwz0 down followed by ifconfig qwz0 up, the second up
would fail with SIOCSIFFLAGS: Resource temporarily unavailable, and
after the first failure the device could not be brought up at all
until reboot. The same symptom appeared when changing nwid while the
interface was up (which internally does down+up).
To fix this issue, we do following changes:
1. Keep the firmware running for the lifetime of the device attachment,
matching what Linux ath12k does. ifconfig down/up no longer power-cycles
the chip; it only tears down and re-establishes the per-BSS association.
2. Reset wmi.unified_ready before sending WMI_INIT so the host
actually waits for the firmware's ready event instead of returning
immediately from a stale flag.
3. Transition firmware to MHI state M3 before resetting the device in
power_down, so the chip starts from a clean slate on the next power-up.
relayd: allow explicit paths for certificates, keys and OCSP staples
Extend the "keypair" keyword in relayd.conf to support optional explicit paths.
Previously, relayd enforced a naming convention, looking up files in /etc/ssl
and /etc/ssl/private based on the keypair name.
This change allows other applications to manage their certificates without
having to comply with relayd's internal naming logic.
Input and OK kirill@, help form tb@
frag6_input(): must always decrement counter when dropping fragment
Currently frag6_input() does not decrement counter in one case:
- it is processing fragment with offset 0 which arrives after
the last fragment (fragment with max. offset)
- there are more IPv6 extension headers between IPv6 header
and IPv6 fragment header
- re-assembled packet exceeds IPV6_MAXPACKET size limit
if conditions above are met, then fragment gets dropped without
decrementing counters. This commit fixes that.
The issue was pointed out by Frank Denis.
OK bluhm@