From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 22 Jan 2024 08:23:52 +0000 (+0100)
Subject: Merge pull request #13650 from rgacogne/ddist-sym-libcrypto
X-Git-Tag: dnsdist-1.9.0-rc1~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f048494b0d67bace298a9a2c5d4733fa9f051e8;p=thirdparty%2Fpdns.git

Merge pull request #13650 from rgacogne/ddist-sym-libcrypto

dnsdist: Fall back to libcrypto for authenticated encryption
---

2f048494b0d67bace298a9a2c5d4733fa9f051e8
diff --cc pdns/dnsdistdist/doq-common.cc
index c81193fc0a,5358c1c560..e92ccffdea
--- a/pdns/dnsdistdist/doq-common.cc
+++ b/pdns/dnsdistdist/doq-common.cc
@@@ -54,11 -54,9 +54,11 @@@ PacketBuffer mintToken(const PacketBuff
      plainTextToken.insert(plainTextToken.end(), addrBytes.begin(), addrBytes.end());
      plainTextToken.insert(plainTextToken.end(), dcid.begin(), dcid.end());
      //	NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
-     const auto encryptedToken = sodEncryptSym(std::string_view(reinterpret_cast<const char*>(plainTextToken.data()), plainTextToken.size()), s_quicRetryTokenKey, nonce, false);
+     const auto encryptedToken = dnsdist::crypto::authenticated::encryptSym(std::string_view(reinterpret_cast<const char*>(plainTextToken.data()), plainTextToken.size()), s_quicRetryTokenKey, nonce, false);
      // a bit sad, let's see if we can do better later
 -    auto encryptedTokenPacket = PacketBuffer(encryptedToken.begin(), encryptedToken.end());
 +    PacketBuffer encryptedTokenPacket;
 +    encryptedTokenPacket.reserve(encryptedToken.size() + nonce.value.size());
 +    encryptedTokenPacket.insert(encryptedTokenPacket.begin(), encryptedToken.begin(), encryptedToken.end());
      encryptedTokenPacket.insert(encryptedTokenPacket.begin(), nonce.value.begin(), nonce.value.end());
      return encryptedTokenPacket;
    }
@@@ -100,9 -98,9 +100,9 @@@ std::optional<PacketBuffer> validateTok
  
      memcpy(nonce.value.data(), token.data(), nonce.value.size());
  
 -    //	NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 +    // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
      auto cipher = std::string_view(reinterpret_cast<const char*>(&token.at(nonce.value.size())), token.size() - nonce.value.size());
-     auto plainText = sodDecryptSym(cipher, s_quicRetryTokenKey, nonce, false);
+     auto plainText = dnsdist::crypto::authenticated::decryptSym(cipher, s_quicRetryTokenKey, nonce, false);
  
      if (plainText.size() <= sizeof(now) + addrBytes.size()) {
        return std::nullopt;