Fix connection ids. They were broken for the last 14 years and never used more than the remote ip as seed. Thanks to Tracy Rogers

author: Dirk Engling <erdgeist@erdgeist.org> 2026-05-26 16:55:09 +0200
committer: Dirk Engling <erdgeist@erdgeist.org> 2026-05-26 16:55:09 +0200
commit: ec74b833bfd1b5036e414a23b7f6536c939d9cc4 (patch)
tree: 3c52f4df867bf34dbccb823a3ed70b7c2e9f4dc8 /ot_udp.c
parent: 716dcfbbed55cc8b9896d05e58f8958869078dd7 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ot_udp.c b/ot_udp.c
index 990868c..a625dba 100644
--- a/ot_udp.c
+++ b/ot_udp.c
@@ -52,7 +52,7 @@ static void     udp_generate_rijndael_round_key(void) {
 static void udp_make_connectionid(uint32_t connid[2], const ot_ip6 remoteip, int age) {
  uint32_t plain[4], crypt[4];
  int      i;
-  if (g_now_minutes + 60 > g_hour_of_the_key) {
+  if (g_now_minutes - g_hour_of_the_key >= 60) {
    g_hour_of_the_key    = g_now_minutes;
    g_key_of_the_hour[1] = g_key_of_the_hour[0];
 #ifdef WANT_ARC4RANDOM
@@ -65,7 +65,7 @@ static void udp_make_connectionid(uint32_t connid[2], const ot_ip6 remoteip, int
  memcpy(plain, remoteip, sizeof(plain));
  for (i = 0; i < 4; ++i)
    plain[i] ^= g_key_of_the_hour[age];
-  rijndaelEncrypt128(g_rijndael_round_key, (uint8_t *)remoteip, (uint8_t *)crypt);
+  rijndaelEncrypt128(g_rijndael_round_key, (uint8_t *)plain, (uint8_t *)crypt);
  connid[0] = crypt[0] ^ crypt[1];
  connid[1] = crypt[2] ^ crypt[3];
 }
author	Dirk Engling <erdgeist@erdgeist.org>	2026-05-26 16:55:09 +0200
committer	Dirk Engling <erdgeist@erdgeist.org>	2026-05-26 16:55:09 +0200
commit	ec74b833bfd1b5036e414a23b7f6536c939d9cc4 (patch)
tree	3c52f4df867bf34dbccb823a3ed70b7c2e9f4dc8 /ot_udp.c
parent	716dcfbbed55cc8b9896d05e58f8958869078dd7 (diff)

diff --git a/ot_udp.c b/ot_udp.c index 990868c..a625dba 100644 --- a/ot_udp.c +++ b/ot_udp.c
@@ -52,7 +52,7 @@ static void udp_generate_rijndael_round_key(void) {
52	static void udp_make_connectionid(uint32_t connid[2], const ot_ip6 remoteip, int age) {	52	static void udp_make_connectionid(uint32_t connid[2], const ot_ip6 remoteip, int age) {
53	uint32_t plain[4], crypt[4];	53	uint32_t plain[4], crypt[4];
54	int i;	54	int i;
55	if (g_now_minutes + 60 > g_hour_of_the_key) {	55	if (g_now_minutes - g_hour_of_the_key >= 60) {
56	g_hour_of_the_key = g_now_minutes;	56	g_hour_of_the_key = g_now_minutes;
57	g_key_of_the_hour[1] = g_key_of_the_hour[0];	57	g_key_of_the_hour[1] = g_key_of_the_hour[0];
58	#ifdef WANT_ARC4RANDOM	58	#ifdef WANT_ARC4RANDOM
@@ -65,7 +65,7 @@ static void udp_make_connectionid(uint32_t connid[2], const ot_ip6 remoteip, int
65	memcpy(plain, remoteip, sizeof(plain));	65	memcpy(plain, remoteip, sizeof(plain));
66	for (i = 0; i < 4; ++i)	66	for (i = 0; i < 4; ++i)
67	plain[i] ^= g_key_of_the_hour[age];	67	plain[i] ^= g_key_of_the_hour[age];
68	rijndaelEncrypt128(g_rijndael_round_key, (uint8_t )remoteip, (uint8_t )crypt);	68	rijndaelEncrypt128(g_rijndael_round_key, (uint8_t )plain, (uint8_t )crypt);
69	connid[0] = crypt[0] ^ crypt[1];	69	connid[0] = crypt[0] ^ crypt[1];
70	connid[1] = crypt[2] ^ crypt[3];	70	connid[1] = crypt[2] ^ crypt[3];
71	}	71	}