diff options
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/crypto_openssl/main.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index 7b645f4be88..c1e744fc839 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -111,16 +111,23 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, { vnet_crypto_op_t *op = ops[i]; unsigned int out_len; + size_t sz = op->hmac_trunc_len ? op->hmac_trunc_len : EVP_MD_size (md); HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL); HMAC_Update (ctx, op->src, op->len); - if (op->hmac_trunc_len) + HMAC_Final (ctx, buffer, &out_len); + + if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK) { - HMAC_Final (ctx, buffer, &out_len); - clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len); + if ((memcmp (op->dst, buffer, sz))) + { + n_ops -= 1; + op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; + continue; + } } else - HMAC_Final (ctx, op->dst, &out_len); + clib_memcpy_fast (op->dst, buffer, sz); op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; } return n_ops; |