Merge pull request #697 from reaperhulk/hmac-fix

Fix HMAC finalize buflen issue

2 files changed, 6 insertions, 6 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index c7ae9141..d0c6488b 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -593,12 +593,12 @@ class _HMACContext(object):
     def finalize(self):
         buf = self._backend._ffi.new("unsigned char[]",
                                      self.algorithm.digest_size)
-        buflen = self._backend._ffi.new("unsigned int *",
-                                        self.algorithm.digest_size)
+        outlen = self._backend._ffi.new("unsigned int *")
         res = self._backend._lib.Cryptography_HMAC_Final(
-            self._ctx, buf, buflen
+            self._ctx, buf, outlen
         )
         assert res != 0
+        assert outlen[0] == self.algorithm.digest_size
         self._backend._lib.HMAC_CTX_cleanup(self._ctx)
         return self._backend._ffi.buffer(buf)[:]
 
diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py
index 5f9e0945..4b81c9df 100644
--- a/cryptography/hazmat/bindings/openssl/hmac.py
+++ b/cryptography/hazmat/bindings/openssl/hmac.py
@@ -55,11 +55,11 @@ int Cryptography_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
 }
 
 int Cryptography_HMAC_Final(HMAC_CTX *ctx, unsigned char *digest,
-    unsigned int *digest_len) {
+    unsigned int *outlen) {
 #if OPENSSL_VERSION_NUMBER >= 0x010000000
-    return HMAC_Final(ctx, digest, digest_len);
+    return HMAC_Final(ctx, digest, outlen);
 #else
-    HMAC_Final(ctx, digest, digest_len);
+    HMAC_Final(ctx, digest, outlen);
     return 1;
 #endif
 }