From 7df9094221fd7cf2a76dbc21546569322d770072 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 28 Feb 2014 11:15:03 -0400
Subject: be more pedantic in checking the written size of the digest (refs
 #696)

---
 cryptography/hazmat/backends/openssl/backend.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index c7ae9141..f3febd94 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -535,9 +535,10 @@ class _HashContext(object):
     def finalize(self):
         buf = self._backend._ffi.new("unsigned char[]",
                                      self.algorithm.digest_size)
-        res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf,
-                                                    self._backend._ffi.NULL)
+        outlen = self._backend._ffi.new("unsigned int *")
+        res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen)
         assert res != 0
+        assert outlen[0] == self.algorithm.digest_size
         res = self._backend._lib.EVP_MD_CTX_cleanup(self._ctx)
         assert res == 1
         return self._backend._ffi.buffer(buf)[:]
-- 
cgit v1.2.3