Added a EVP_CIPHER_CTX_init() call

* In OpenSSL when you alloc an EVP_CIPHER_CTX you must then init it
  (which just zeroes the allocated memory). If you do not then it is
  possible for things to kerplode when passing the uninitialized context
  to EVP_EncryptInit_ex(). This patch fixes that.

2 files changed, 3 insertions, 0 deletions

diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index d648d491..28437576 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -56,6 +56,8 @@ class API(object):
 
     def create_block_cipher_context(self, cipher, mode):
         ctx = self.ffi.new("EVP_CIPHER_CTX *")
+        res = self.lib.EVP_CIPHER_CTX_init(ctx)
+        assert res != 0
         ctx = self.ffi.gc(ctx, self.lib.EVP_CIPHER_CTX_cleanup)
         # TODO: compute name using a better algorithm
         ciphername = "{0}-{1}-{2}".format(
diff --git a/cryptography/bindings/openssl/evp.py b/cryptography/bindings/openssl/evp.py
index 8d2230fd..0bc5cffc 100644
--- a/cryptography/bindings/openssl/evp.py
+++ b/cryptography/bindings/openssl/evp.py
@@ -35,4 +35,5 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *);
 int EVP_CIPHER_block_size(const EVP_CIPHER *);
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
 """