commit ff406edb79fde6e36f8b963e0b46c1dee0c02a78
from: Rafael Sadowski <rafael@sizeofvoid.org>
date: Tue Mar  3 19:58:39 2026 UTC

Fix relayd reload race crash

Instead of terminating with fatalx() when a private key hash cannot be
found, log a warning and send an error signal back to the relay worker.

This prevents a race condition during "reload" where a request might
reach the CA process while keys are being repopulated.

Reported by Nick Owens; thanks!

OK tb@

commit - 7d3002f34b21f1b776e623940190ca244b453503
commit + ff406edb79fde6e36f8b963e0b46c1dee0c02a78
blob - 167fb1cf75628c63f321115879eb9d46a33befe5
blob + 33e3003f60611f5c3178b54ec3c1ccfc0e640a5c
--- ca.c
+++ ca.c
@@ -234,9 +234,21 @@ ca_dispatch_relay(int fd, struct privsep_proc *p, stru
 			fatalx("%s: invalid relay proc", __func__);
 		if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))
 			fatalx("%s: invalid key operation", __func__);
-		if ((pkey = pkey_find(env, cko.cko_hash)) == NULL)
-			fatalx("%s: invalid relay hash '%s'",
+
+		if ((pkey = pkey_find(env, cko.cko_hash)) == NULL) {
+			log_warnx("%s: invalid relay hash '%s'",
 			    __func__, cko.cko_hash);
+			/* Signal failure to the waiting relay worker. */
+			cko.cko_tlen = -1;
+			iov[c].iov_base = &cko;
+			iov[c++].iov_len = sizeof(cko);
+			if (proc_composev_imsg(env->sc_ps, PROC_RELAY,
+			    cko.cko_proc, imsg->hdr.type, -1, -1, iov,
+			     c) == -1)
+				log_warn("%s: proc_composev_imsg", __func__);
+			break;
+		}
+
 		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
 			fatalx("%s: invalid relay key", __func__);
 
@@ -392,7 +404,11 @@ rsae_send_imsg(int flen, const u_char *from, u_char *t
 				fatalx("invalid response");
 
 			ret = cko.cko_tlen;
-			if (ret > 0) {
+			if (ret == -1) {
+				log_warnx("%s: priv%s failed for key %s",
+				    __func__, cmd == IMSG_CA_PRIVENC ?
+				    "enc" : "dec", cko.cko_hash);
+			} else if (ret > 0) {
 				if (IMSG_DATA_SIZE(&imsg) !=
 				    (sizeof(cko) + ret))
 					fatalx("data size");