aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-03-25 15:54:40 +0100
committerDamjan Marion <dmarion@me.com>2019-03-29 12:04:35 +0000
commitb4fff3a39715c3e405b92442026bfddc3be37b27 (patch)
tree7fa86a7ccd351adf22aaca060a482b04c90d45ac /src/plugins
parentd7603d97e046d59aba6864b208c181b39fc72b52 (diff)
ipsec: esp-decrypt rework
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/crypto_openssl/main.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 7b645f4be88..c1e744fc839 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -111,16 +111,23 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
{
vnet_crypto_op_t *op = ops[i];
unsigned int out_len;
+ size_t sz = op->hmac_trunc_len ? op->hmac_trunc_len : EVP_MD_size (md);
HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
HMAC_Update (ctx, op->src, op->len);
- if (op->hmac_trunc_len)
+ HMAC_Final (ctx, buffer, &out_len);
+
+ if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
{
- HMAC_Final (ctx, buffer, &out_len);
- clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len);
+ if ((memcmp (op->dst, buffer, sz)))
+ {
+ n_ops -= 1;
+ op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
+ continue;
+ }
}
else
- HMAC_Final (ctx, op->dst, &out_len);
+ clib_memcpy_fast (op->dst, buffer, sz);
op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
}
return n_ops;