refactor: improve group stability, moderation determinism, and DHT dual-stack handling

* DHT Routing: Fixed dual-stack handling to clear stale IPv4/IPv6 associations when a node's address updates.
* Performance: Switched to memcmp for public key/hash comparisons (safe for non-secrets).
* Group Chat Reliability:
    * Added logic to use friend connection IPs as a fallback if DHT discovery is slow, with a fix to prevent overwriting existing valid IPs.
    * Increased handshake connection limits and fixed full-group sync behavior.
    * Enforced list sorting and fixed timestamps to ensure consistent moderation state hashes across all peers.

Author: iphydf

toxcore/DHT.c

@@ -591,9 +591,18 @@ static bool client_or_ip_port_in_list(const Logger *_Nonnull log, const Mono_Tim
 
     LOGGER_DEBUG(log, "coipil[%u]: switching public_key (ipv%d)", index, ip_version);
 
-    /* kill the other address, if it was set */
-    const IPPTsPng empty_ipptspng = {{{{0}}}};
-    *assoc = empty_ipptspng;
+    /* kill the other address, if it was set.
+     * We just updated `assoc` (which is either assoc4 or assoc6) with the new public_key.
+     * If there was an association for the other IP version, it's now invalid for this new identity.
+     */
+    if (ip_version == 4) {
+        const IPPTsPng empty_ipptspng = {{{{0}}}};
+        list[index].assoc6 = empty_ipptspng;
+    } else {
+        const IPPTsPng empty_ipptspng = {{{{0}}}};
+        list[index].assoc4 = empty_ipptspng;
+    }
+
     return true;
 }
 
@@ -641,12 +650,6 @@ static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *_Nonnull pub
 
     for (uint32_t i = 0; i < client_list_length; ++i) {
         const Client_data *const client = &client_list[i];
-
-        /* node already in list? */
-        if (index_of_node_pk(nodes_list, MAX_SENT_NODES, client->public_key) != UINT32_MAX) {
-            continue;
-        }
-
         const IPPTsPng *ipptp;
 
         if (net_family_is_ipv4(sa_family)) {
@@ -677,6 +680,11 @@ static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *_Nonnull pub
 
 #endif /* CHECK_ANNOUNCE_NODE */
 
+        /* node already in list? */
+        if (index_of_node_pk(nodes_list, num_nodes, client->public_key) != UINT32_MAX) {
+            continue;
+        }
+
         if (num_nodes < MAX_SENT_NODES) {
             memcpy(nodes_list[num_nodes].public_key, client->public_key, CRYPTO_PUBLIC_KEY_SIZE);
             nodes_list[num_nodes].ip_port = ipptp->ip_port;

toxcore/crypto_core.c

@@ -142,12 +142,7 @@ bool crypto_memunlock(void *data, size_t length)
 
 bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPTO_PUBLIC_KEY_SIZE])
 {
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-    // Hope that this is better for the fuzzer
     return memcmp(pk1, pk2, CRYPTO_PUBLIC_KEY_SIZE) == 0;
-#else
-    return crypto_verify_32(pk1, pk2) == 0;
-#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
 void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBLIC_KEY_SIZE])
@@ -167,12 +162,7 @@ bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t ck
 
 bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE])
 {
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-    // Hope that this is better for the fuzzer
     return memcmp(cksum1, cksum2, CRYPTO_SHA256_SIZE) == 0;
-#else
-    return crypto_verify_32(cksum1, cksum2) == 0;
-#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
 uint8_t random_u08(const Random *rng)

toxcore/group.c

@@ -3717,6 +3717,10 @@ Group_Chats *new_groupchats(const Mono_Time *mono_time, const Memory *mem, Messe
 /** main groupchats loop. */
 void do_groupchats(Group_Chats *g_c, void *userdata)
 {
+    if (g_c == nullptr) {
+        return;
+    }
+
     for (uint16_t i = 0; i < g_c->num_chats; ++i) {
         Group_c *g = get_group_c(g_c, i);