Ouroboros main repository http://133.ip-51-38-114.eu/cgit/ouroboros/atom?h=be 2026-05-20T06:17:05+00:00 2026-05-20T06:17:05+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-05-02T13:38:00+00:00 urn:sha1:b8fa5686097337ffb289ecfc00b2558ee54de74e Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-05-20T06:17:05+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-05-01T21:41:49+00:00 urn:sha1:2ddcad3989cd8d2314453ed31ff43e122118663f A duplicating link could deliver the same alloc request twice. OAP detected the replay but still replied over the wire, so the requester saw a second flow_alloc_reply on an already-allocated flow and reg_respond_alloc tripped its PENDING-state assertion. Add EREPLAY so the OAP server can signal replays distinctly; flow_accept drops them silently. As a safety net, reg_respond_alloc warn-drops late replies instead of asserting. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14T10:23:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-03-07T19:54:31+00:00 urn:sha1:044da08973957b32703fe338eb95c5171ce471ba i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free it with freebuf() which uses free(). Fix by allocating with malloc() and encoding directly into the buffer. Also replaces MSGBUFSZ with CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover debug logging. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14T10:23:24+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-03-03T08:00:18+00:00 urn:sha1:369d1c90453be23270a30229cbf4f731e4080407 When auth_verify_crt fails (e.g., missing root CA), crypt_get_pubkey_crt has already allocated pk but only crt was freed. Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL lazily initializes a global decoder/provider registry the first time PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this leaves some memory owned by OpenSSL that triggers the leak sanitizer. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14T10:23:18+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-03-02T23:19:05+00:00 urn:sha1:4ec416e77395df1cccee39a57a826ff751cbecd7 This adds authentication tests to verify flows are rejected with a missing root CA certificate in the store. Also adds one for the OAP protocol. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-22T15:02:16+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-19T21:03:16+00:00 urn:sha1:c3636005831064e71b03a5f8796a21e89b2a714f This allows bypassing the IPCP for local processes that share the same packet pool, lowering latency between processes to comparable levels as Unix sockets (RTT in the order of a microsecond). For local processes, no IPCPs are needed: $ irm b prog oping n oping $ oping -l Ouroboros ping server started. New flow 64. Received 64 bytes on fd 64. The direct IPC can be disabled with the DISABLE_DIRECT_IPC build flag. Note that this is needed for rumba 'local' experiments to emulate network topologies. Without this flag all processes will just communicate directly. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:54:56+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T09:21:02+00:00 urn:sha1:0d72b59c2964208ea34ce2322978344d7ff1a223 Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:53:35+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-17T21:37:39+00:00 urn:sha1:040bdfb18684d809cb5edacf9867d3378b7e093b This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:53:29+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T21:39:52+00:00 urn:sha1:2c717b2fc9773a74d6c9df01a2f873deea163918 The IRMd will now report a PQC algorithm in the enc.conf file if it is not supported, instead of failing on KEM key generation. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:53:23+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T21:31:33+00:00 urn:sha1:46cc58fe1a89903f4ef928caeee1bec96ab5967b When the server had no cipher configured, sk->nid was set to NID_undef before negotiation and never updated, causing the response header to encode NID_undef as the cipher — even though negotiate_kex() correctly populated kcfg.c.nid from the client's request. Adds a test for the KEM case where the client request encryption with nothing specified server-side. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>