From 53ecc9837e39f596bb6b17980aef19c1668c732b Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 28 Feb 2014 19:53:18 +0000 Subject: Use buffer of EVP_MAX_MD_SIZE bytes for digests OpenSSL doesn't actually guarantee to only write to digest_size worth of bytes in the output buffer. The examples and docs claim this constant is the max. --- cryptography/hazmat/backends/openssl/backend.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index aa6dc83a..0dc6803e 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -534,14 +534,14 @@ class _HashContext(object): def finalize(self): buf = self._backend._ffi.new("unsigned char[]", - self.algorithm.digest_size) + self._backend._lib.EVP_MAX_MD_SIZE) outlen = self._backend._ffi.new("unsigned int *") res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen) assert res != 0 assert outlen[0] == self.algorithm.digest_size res = self._backend._lib.EVP_MD_CTX_cleanup(self._ctx) assert res == 1 - return self._backend._ffi.buffer(buf)[:] + return self._backend._ffi.buffer(buf)[:outlen[0]] @utils.register_interface(interfaces.HashContext) @@ -593,7 +593,7 @@ class _HMACContext(object): def finalize(self): buf = self._backend._ffi.new("unsigned char[]", - self.algorithm.digest_size) + self._backend._lib.EVP_MAX_MD_SIZE) outlen = self._backend._ffi.new("unsigned int *") res = self._backend._lib.Cryptography_HMAC_Final( self._ctx, buf, outlen @@ -601,7 +601,7 @@ class _HMACContext(object): assert res != 0 assert outlen[0] == self.algorithm.digest_size self._backend._lib.HMAC_CTX_cleanup(self._ctx) - return self._backend._ffi.buffer(buf)[:] + return self._backend._ffi.buffer(buf)[:outlen[0]] @utils.register_interface(interfaces.AsymmetricSignatureContext) -- cgit v1.2.3