summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/crypto_openssl/main.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 7b645f4be88..c1e744fc839 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -111,16 +111,23 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
{
vnet_crypto_op_t *op = ops[i];
unsigned int out_len;
+ size_t sz = op->hmac_trunc_len ? op->hmac_trunc_len : EVP_MD_size (md);
HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
HMAC_Update (ctx, op->src, op->len);
- if (op->hmac_trunc_len)
+ HMAC_Final (ctx, buffer, &out_len);
+
+ if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
{
- HMAC_Final (ctx, buffer, &out_len);
- clib_memcpy_fast (op->dst, buffer, op->hmac_trunc_len);
+ if ((memcmp (op->dst, buffer, sz)))
+ {
+ n_ops -= 1;
+ op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
+ continue;
+ }
}
else
- HMAC_Final (ctx, op->dst, &out_len);
+ clib_memcpy_fast (op->dst, buffer, sz);
op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
}
return n_ops;