ouroboros/src/ipcpd, branch be

lib: Fix certificate DER encoding and key buffers

2026-03-14T10:23:59+00:00

i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free it with freebuf() which uses free(). Fix by allocating with malloc() and encoding directly into the buffer. Also replaces MSGBUFSZ with CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover debug logging. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix rejected flow allocation on local

2026-03-14T10:23:32+00:00

When the server rejects the flow, the local didn't send the flow_alloc response back to the IRMd, causing the irmd and client to time out instead of being notified of the failed allocation immediately. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Skip vertices with empty forwarding lists

2026-02-22T15:05:00+00:00

Fixes ECMP routing table to skip unreachable vertices with empty forwarding lists, avoiding uninitialized nhop access. Replace inner vertex list walk with bounded index loop instead of using a list_for_each to track indices (which confuses the static analyzer as it seems it can't prove the index remains valid). Remove spurious free(*dist) on ECMP success path (caller frees). Extract edge cleanup into free_edges helper in del_vertex to avoid a static analyzer false positive. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix unused values in unicast IPCP

2026-02-22T15:04:16+00:00

Use the key in the store operation in the DHT, to avoid static analyzer seeing it as being set without being used in release builds. The length of the packet buffer is only used when tracking DT stats, so should be set within the IPCP_FLOW_STATS guard. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix lsdb being renamed to lspb

2026-02-18T07:00:14+00:00

A recent bulk rename of sdb -> spb (shm du buff to shm pkt buff) unintentionally renamed the lsdb. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add struct llist for lists tracking len

2026-02-18T06:58:21+00:00

The DHT uses a struct {struct list_head, size_t len} pattern, which is also useful in the registry and other places. Having a struct llist (defined in list.h) with consistent macros for addition/deletion etc removes a lot of duplication and boilerplate and reduces the risk of inconsistent updates. The list management is now a macro-only implementation. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Update copyright to 2026

2026-02-18T06:54:56+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add SLH-DSA tests and per-algorithm PQC gating

2026-02-18T06:53:35+00:00

This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Fix invisible IPCP_TARGET variables

2026-02-13T08:22:29+00:00

The IPCP_*_TARGET variables (e.g., set(IPCP_LOCAL_TARGET ipcpd-local)) were defined locally in each IPCP's CMakeLists.txt (e.g., CMakeLists.txt), but the configure_file() that substitutes @IPCP_LOCAL_TARGET@ into config.h.in runs in a sibling scope that is processed before ipcpd. Since CMake variables don't propagate between sibling directory scopes, all @IPCP_*_TARGET@ substituted to empty strings, resulting in IPCP_LOCAL_EXEC "". Moved the IPCP_*_TARGET definitions into the cmake/config/ipcp/*.cmake files so they are known when generating config.h. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Refactor CMake back to in-tree CMakeLists

2026-02-13T08:22:29+00:00

This moves the build definitions back to src/ subdirectories (CMakeLists.txt per component). Configuration and dependencies are kept out of tree. Configuration options are bundled into cmake/config/ modules. Dependencies are grouped by component (system/, crypt/, eth/, coverage/, etc.). It now consistently uses target-based commands (target_include_directories, target_link_libraries) instead of global include_directories(). Proper PRIVATE/PUBLIC visibility for executable link libraries. CONFIG_OUROBOROS_DEBUG now properly set based on being a valid debug config (not just checking the string name). It also adds OuroborosTargets export for find_package() support and CMake package config files (OuroborosConfig.cmake) for easier integration with CMake projects. The build logic now follows more idiomatic CMake practices with configuration separated from target definitions. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders