3 files changed, 10 insertions, 2 deletions

diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 09d726749e1..7b645f4be88 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -102,6 +102,7 @@ static_always_inline u32
 openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
 		  const EVP_MD * md)
 {
+  u8 buffer[64];
   openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
 						     vm->thread_index);
   HMAC_CTX *ctx = ptd->hmac_ctx;
@@ -113,7 +114,13 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
 
       HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
       HMAC_Update (ctx, op->src, op->len);
-      HMAC_Final (ctx, op->dst, &out_len);
+      if (op->hmac_trunc_len)
+	{
+	  HMAC_Final (ctx, buffer, &out_len);
+	  clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len);
+	}
+      else
+	HMAC_Final (ctx, op->dst, &out_len);
       op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
     }
   return n_ops;
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h
index 4c9467f272f..7b65aa5c43d 100644
--- a/src/vnet/crypto/crypto.h
+++ b/src/vnet/crypto/crypto.h
@@ -77,7 +77,7 @@ typedef struct
   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
   vnet_crypto_op_type_t op:16;
   vnet_crypto_op_status_t status:8;
-  u8 key_len;
+  u8 key_len, hmac_trunc_len;
   u16 flags;
 #define VNET_CRYPTO_OP_FLAG_INIT_IV 1
   u32 len;
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 74ab1f05778..8e61d9d751d 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -219,6 +219,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len,
   op->src = data;
   op->len = data_len;
   op->dst = signature;
+  op->hmac_trunc_len = sa->integ_trunc_size;
 #if 0
 
   HMAC_Init_ex (ctx, key, key_len, md, NULL);