Merge pull request #699 from public/max-md-size
Use buffer of EVP_MAX_MD_SIZE bytes for digests
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index aa6dc83..0dc6803 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -534,14 +534,14 @@
def finalize(self):
buf = self._backend._ffi.new("unsigned char[]",
- self.algorithm.digest_size)
+ self._backend._lib.EVP_MAX_MD_SIZE)
outlen = self._backend._ffi.new("unsigned int *")
res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen)
assert res != 0
assert outlen[0] == self.algorithm.digest_size
res = self._backend._lib.EVP_MD_CTX_cleanup(self._ctx)
assert res == 1
- return self._backend._ffi.buffer(buf)[:]
+ return self._backend._ffi.buffer(buf)[:outlen[0]]
@utils.register_interface(interfaces.HashContext)
@@ -593,7 +593,7 @@
def finalize(self):
buf = self._backend._ffi.new("unsigned char[]",
- self.algorithm.digest_size)
+ self._backend._lib.EVP_MAX_MD_SIZE)
outlen = self._backend._ffi.new("unsigned int *")
res = self._backend._lib.Cryptography_HMAC_Final(
self._ctx, buf, outlen
@@ -601,7 +601,7 @@
assert res != 0
assert outlen[0] == self.algorithm.digest_size
self._backend._lib.HMAC_CTX_cleanup(self._ctx)
- return self._backend._ffi.buffer(buf)[:]
+ return self._backend._ffi.buffer(buf)[:outlen[0]]
@utils.register_interface(interfaces.AsymmetricSignatureContext)