ouroboros/src, branch be

irmd: Remove dead code

2026-03-14T10:24:06+00:00

The oap.c source code was split into separate modules in the oap/ folder but some of it was never correctly removed. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix certificate DER encoding and key buffers

2026-03-14T10:23:59+00:00

i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free it with freebuf() which uses free(). Fix by allocating with malloc() and encoding directly into the buffer. Also replaces MSGBUFSZ with CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover debug logging. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix initialization when listing names

2026-03-14T10:23:52+00:00

Now uses calloc to zero the previously uninitialized security path fields. Also fixes a check in protobuf.c Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

irmd: Relax test flow accept timeout

2026-03-14T10:23:47+00:00

The reg_test still had false-positive failures on slow machines / woodpecker. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix rejected flow allocation on local

2026-03-14T10:23:32+00:00

When the server rejects the flow, the local didn't send the flow_alloc response back to the IRMd, causing the irmd and client to time out instead of being notified of the failed allocation immediately. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix missing cleanup in authentication path

2026-03-14T10:23:24+00:00

When auth_verify_crt fails (e.g., missing root CA), crypt_get_pubkey_crt has already allocated pk but only crt was freed. Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL lazily initializes a global decoder/provider registry the first time PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this leaves some memory owned by OpenSSL that triggers the leak sanitizer. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add tests for missing root CA

2026-03-14T10:23:18+00:00

This adds authentication tests to verify flows are rejected with a missing root CA certificate in the store. Also adds one for the OAP protocol. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix chown of GSPP to ouroboros group

2026-03-14T10:23:02+00:00

The Global Shared Packet Pool (GSPP) was not correctly chowned to the ouroboros group. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

irmd: Fix bad merge in reg.c

2026-02-22T17:33:20+00:00

A merge conflict was left unresolved, resulting in compilation errors. Signed-off-by: Sander Vrijders Signed-off-by: Dimitri Staessens

irmd: Fix memleak in reg tests

2026-02-22T15:06:49+00:00

Call freebuf(pbuf) before returning from each test thread function. Since clrbuf zeroes pbuf.data to NULL on the success path, free(NULL) is safe. On the failure path of reg_respond_*, it now properly frees the still-allocated data. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders