ouroboros/include, branch be

lib: Fix certificate DER encoding and key buffers

2026-03-14T10:23:59+00:00

i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free it with freebuf() which uses free(). Fix by allocating with malloc() and encoding directly into the buffer. Also replaces MSGBUFSZ with CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover debug logging. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

include: Fix irm header connect/disconnect

2026-03-14T10:23:39+00:00

The order of the 'comp' and 'dst' char * parameters were reversed in the header compared to the implementation. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix missing cleanup in authentication path

2026-03-14T10:23:24+00:00

When auth_verify_crt fails (e.g., missing root CA), crypt_get_pubkey_crt has already allocated pk but only crt was freed. Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL lazily initializes a global decoder/provider registry the first time PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this leaves some memory owned by OpenSSL that triggers the leak sanitizer. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

include: Suppress coredumpctl entries for tests

2026-03-02T07:28:12+00:00

With DISABLE_TESTS_CORE_DUMPS, setrlimit(RLIMIT_CORE, 0) only prevents core dump files from being written, but when systemd-coredump is configured as a piped handler (via core_pattern), the kernel still invokes it regardless of RLIMIT_CORE, so entries appear in coredumpctl. Adding prctl(PR_SET_DUMPABLE, 0) marks the process as non-dumpable, which prevents the kernel from invoking the core dump handler entirely — including piped ones. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Add git hash to version string

2026-02-18T07:02:16+00:00

Embed git commit hash into version.h and irmd --version output using git describe. Regenerated at build time to stay current across commits. Ouroboros version MAJOR.MINOR.PATCH (TAG-COMMITS-GHASH-dirty) Example for dirty work tree (uncommitted changes): $ irmd --version Ouroboros version 0.22.0 (0.22.0-36-g86dba544-dirty) Example after commit: $ sudo irmd --version Ouroboros version 0.22.0-37-g55fa9445 Officical release (on tag): Ouroboros version 0.22.0 Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add struct llist for lists tracking len

2026-02-18T06:58:21+00:00

The DHT uses a struct {struct list_head, size_t len} pattern, which is also useful in the registry and other places. Having a struct llist (defined in list.h) with consistent macros for addition/deletion etc removes a lot of duplication and boilerplate and reduces the risk of inconsistent updates. The list management is now a macro-only implementation. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Update copyright to 2026

2026-02-18T06:54:56+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add SLH-DSA tests and per-algorithm PQC gating

2026-02-18T06:53:35+00:00

This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

irmd: Add strength-based crypto negotiation

2026-02-18T06:52:56+00:00

Each side's configured cipher, KDF, and KEX algorithm now represents a minimum security floor ("at least this strong"). Cipher and KDF use strongest-wins: the server compares ranks and selects the stronger of client vs server config. The negotiated values are sent in the response header. The client verifies the server's response meets its own minimum, which prevents downgrade attacks on the wire. KEX uses a minimum-floor check: the server extracts the client's algorithm from its public key and rejects if it ranks below the server's configured algorithm. A server configured with ML-KEM will reject all classical algorithms. Special case: for client-encap KEM, the client has already derived its key using its KDF, so the server must use the same KDF and can only reject if it is too weak. The supported_nids arrays are ordered weakest to strongest and serve as the single source of truth for ranking. Cipher ranking (weakest to strongest): aes-128-ctr, aes-192-ctr, aes-256-ctr, aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-poly1305 KDF ranking (weakest to strongest): blake2s256, sha256, sha3-256, sha384, sha3-384, blake2b512, sha512, sha3-512 KEX ranking (weakest to strongest): ffdhe2048, prime256v1, X25519, ffdhe3072, secp384r1, ffdhe4096, X448, secp521r1, ML-KEM-512, ML-KEM-768, ML-KEM-1024, X25519MLKEM768, X448MLKEM1024 Negotiation outcomes: strong srv cipher + weak cli cipher -> use strongest weak srv cipher + strong cli cipher -> use strongest srv encryption + cli none -> server rejects srv none + cli encryption -> use client's strong srv KEX + weak cli KEX -> server rejects weak srv KEX + strong cli KEX -> succeeds wire tamper to weaker cipher -> client rejects Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add per-user packet pools

2026-02-13T08:22:28+00:00

The IRMd will now check the user UID and GID for privileged access, avoiding unprivileged users being able to disrupt all IPC (e.g. by shm_open the single pool and corrupting its metadata). Non-privileged users are now limited to a PUP (per-user pool) for sending/receiving packets. It is still created by the IRMd, but owned by the user (uid) with 600 permissions. It does not add additional copies for local IPC between their own processes (i.e. over the local IPCP), but packets between processes owned by a different user or destined over the network (other IPCPs) will incur a copy when crossing the PUP / PUP or the PUP / GSPP boundary. Privileged users and users in the ouroboros group still have direct access to the GSPP (globally shared private pool) for packet transfer that will avoid additional copies when processing packets between processes owned by different users and to the network. This aligns the security model with UNIX trust domains defined by UID and GID by leveraging file permission on the pools in shared memory. ┌─────────────────────────────────────────────────────────────┐ │ Source Pool │ Dest Pool │ Operation │ Copies │ ├─────────────────────────────────────────────────────────────┤ │ GSPP │ GSPP │ Zero-copy │ 0 │ │ PUP.uid │ PUP.uid │ Zero-copy │ 0 │ │ PUP.uid1 │ PUP.uid2 │ memcpy() │ 1 │ │ PUP.uid │ GSPP │ memcpy() │ 1 │ │ GSPP │ PUP.uid │ memcpy() │ 1 │ └─────────────────────────────────────────────────────────────┘ This also renames the struct ai ("application instance") in dev.c to struct proc (process). Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders