From 66d368b3e75898a0d1067a6713eec63d639081dd Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 9 Aug 2013 10:11:29 -0700
Subject: Clear the sensitive data

---
 cryptography/bindings/openssl/api.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index abdaef02..20a85cad 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -42,6 +42,7 @@ class API(object):
         int EVP_EncryptUpdate(EVP_CIPHER_CTX *, unsigned char *, int *,
                               unsigned char *, int);
         int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
+        int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
         """)
 
     def create_block_cipher_context(self, cipher, mode):
@@ -75,6 +76,11 @@ class API(object):
         buf = self._ffi.new("unsigned char[]", 16)
         outlen = self._ffi.new("int *")
         res = self._lib.EVP_EncryptFinal_ex(ctx, buf, outlen)
+        if res == 0:
+            # TODO: figure out openssl errors
+            raise Exception
+        # TODO: this should also be called if the cipher isn't finalized.
+        res = self._lib.EVP_CIPHER_CTX_cleanup(ctx)
         if res == 0:
             # TODO: figure out openssl errors
             raise Exception
-- 
cgit v1.2.3