- SHA_CTX ctx;
- if (!SHA1_Init (&ctx))
- {
- BFD_ERR ("SHA1_Init failed");
- return 0;
- }
- /* ignore last 20 bytes - use the actual key data instead pkt data */
- if (!SHA1_Update (&ctx, with_sha1,
- sizeof (*with_sha1) - sizeof (with_sha1->sha1_auth.hash)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Update (&ctx, auth_key->key, sizeof (auth_key->key)))
- {
- BFD_ERR ("SHA1_Update failed");
- return 0;
- }
- if (!SHA1_Final (result, &ctx))
- {
- BFD_ERR ("SHA1_Final failed");
- return 0;
- }
- if (0 == memcmp (result, with_sha1->sha1_auth.hash, SHA_DIGEST_LENGTH))
- {
+
+ u8 hash_from_packet[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ u8 calculated_hash[STRUCT_SIZE_OF (bfd_auth_sha1_t, hash)];
+ clib_memcpy (hash_from_packet, with_sha1->sha1_auth.hash,
+ sizeof (with_sha1->sha1_auth.hash));
+ clib_memcpy (with_sha1->sha1_auth.hash, auth_key->key,
+ sizeof (auth_key->key));
+ vnet_crypto_op_t op;
+ vnet_crypto_op_init (&op, VNET_CRYPTO_OP_SHA1_HASH);
+ op.src = (u8 *) with_sha1;
+ op.len = sizeof (*with_sha1);
+ op.digest = calculated_hash;
+ vnet_crypto_process_ops (vm, &op, 1);
+
+ /* Restore the modified data within the packet */
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (with_sha1->sha1_auth.hash));
+
+ if (0 ==
+ memcmp (calculated_hash, hash_from_packet, sizeof (calculated_hash)))
+ {
+ clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet,
+ sizeof (hash_from_packet));