Merge pull request #13650 from rgacogne/ddist-sym-libcrypto

author Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)

committer GitHub <noreply@github.com>

Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)
committer GitHub <noreply@github.com>
Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)
diff --cc .github/actions/spell-check/allow.txt
Simple merge
diff --cc .not-formatted
Simple merge
diff --cc pdns/dnsdist-lua.cc
Simple merge
diff --cc pdns/dnsdist.cc
Simple merge
diff --cc pdns/dnsdistdist/doh3.cc
Simple merge
diff --cc pdns/dnsdistdist/doq-common.cc

index c81193fc0acd35ea2efef522e8aa552245993a7e,5358c1c56050b8daac4ff542e26dbf255d27c35c..e92ccffdea4ee61354f8fa5b565e6f5113c39799
--- 1/pdns/dnsdistdist/doq-common.cc
--- 2/pdns/dnsdistdist/doq-common.cc
+++ b/pdns/dnsdistdist/doq-common.cc
@@@ -54,11 -54,9 +54,11 @@@ PacketBuffer mintToken(const PacketBuff
       plainTextToken.insert(plainTextToken.end(), addrBytes.begin(), addrBytes.end());
       plainTextToken.insert(plainTextToken.end(), dcid.begin(), dcid.end());
       //        NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
-     const auto encryptedToken = sodEncryptSym(std::string_view(reinterpret_cast<const char*>(plainTextToken.data()), plainTextToken.size()), s_quicRetryTokenKey, nonce, false);
+     const auto encryptedToken = dnsdist::crypto::authenticated::encryptSym(std::string_view(reinterpret_cast<const char*>(plainTextToken.data()), plainTextToken.size()), s_quicRetryTokenKey, nonce, false);
       // a bit sad, let's see if we can do better later
- -    auto encryptedTokenPacket = PacketBuffer(encryptedToken.begin(), encryptedToken.end());
+ +    PacketBuffer encryptedTokenPacket;
+ +    encryptedTokenPacket.reserve(encryptedToken.size() + nonce.value.size());
+ +    encryptedTokenPacket.insert(encryptedTokenPacket.begin(), encryptedToken.begin(), encryptedToken.end());
       encryptedTokenPacket.insert(encryptedTokenPacket.begin(), nonce.value.begin(), nonce.value.end());
       return encryptedTokenPacket;
     }
@@@ -100,9 -98,9 +100,9 @@@ std::optional<PacketBuffer> validateTok
   
       memcpy(nonce.value.data(), token.data(), nonce.value.size());
   
- -    //        NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
+ +    // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
       auto cipher = std::string_view(reinterpret_cast<const char*>(&token.at(nonce.value.size())), token.size() - nonce.value.size());
-     auto plainText = sodDecryptSym(cipher, s_quicRetryTokenKey, nonce, false);
+     auto plainText = dnsdist::crypto::authenticated::decryptSym(cipher, s_quicRetryTokenKey, nonce, false);
   
       if (plainText.size() <= sizeof(now) + addrBytes.size()) {
         return std::nullopt;
diff --cc pdns/dnsdistdist/doq-common.hh
Simple merge
diff --cc pdns/dnsdistdist/doq.cc
Simple merge
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)
committer	GitHub <noreply@github.com>
	Mon, 22 Jan 2024 08:23:52 +0000 (09:23 +0100)
		1	2
.github/actions/spell-check/allow.txt	patch \|	diff1 \|	diff2 \|	blob \| history
.not-formatted	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdist-lua.cc	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdist.cc	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdistdist/doh3.cc	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdistdist/doq-common.cc	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdistdist/doq-common.hh	patch \|	diff1 \|	diff2 \|	blob \| history
pdns/dnsdistdist/doq.cc	patch \|	diff1 \|	diff2 \|	blob \| history