6 files changed, 44 insertions, 18 deletions

diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/bindings/__init__.py
index eb828999..bd158198 100644
--- a/cryptography/hazmat/bindings/__init__.py
+++ b/cryptography/hazmat/bindings/__init__.py
@@ -14,7 +14,10 @@
 from cryptography.hazmat.bindings import openssl
 
 
-_default_backend = openssl.backend
 _ALL_BACKENDS = [
     openssl.backend
 ]
+
+
+def default_backend():
+    return openssl.backend
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index db4d18e7..9f8ea939 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -193,6 +193,33 @@ class Backend(object):
     def create_symmetric_decryption_ctx(self, cipher, mode):
         return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT)
 
+    def _handle_error(self):
+        code = self.lib.ERR_get_error()
+        assert code != 0
+        lib = self.lib.ERR_GET_LIB(code)
+        func = self.lib.ERR_GET_FUNC(code)
+        reason = self.lib.ERR_GET_REASON(code)
+        return self._handle_error_code(lib, func, reason)
+
+    def _handle_error_code(self, lib, func, reason):
+        if lib == self.lib.ERR_LIB_EVP:
+            if func == self.lib.EVP_F_EVP_ENCRYPTFINAL_EX:
+                if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
+                    raise ValueError(
+                        "The length of the provided data is not a multiple of "
+                        "the block length"
+                    )
+            elif func == self.lib.EVP_F_EVP_DECRYPTFINAL_EX:
+                if reason == self.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
+                    raise ValueError(
+                        "The length of the provided data is not a multiple of "
+                        "the block length"
+                    )
+
+        raise SystemError(
+            "Unknown error code from OpenSSL, you should probably file a bug."
+        )
+
 
 class GetCipherByName(object):
     def __init__(self, fmt):
@@ -268,7 +295,9 @@ class _CipherContext(object):
         buf = self._backend.ffi.new("unsigned char[]", self._cipher.block_size)
         outlen = self._backend.ffi.new("int *")
         res = self._backend.lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
-        assert res != 0
+        if res == 0:
+            self._backend._handle_error()
+
         res = self._backend.lib.EVP_CIPHER_CTX_cleanup(self._ctx)
         assert res == 1
         return self._backend.ffi.buffer(buf)[:outlen[0]]
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index 6a36dee0..3dac6948 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -21,6 +21,13 @@ struct ERR_string_data_st {
     const char *string;
 };
 typedef struct ERR_string_data_st ERR_STRING_DATA;
+
+static const int ERR_LIB_EVP;
+
+static const int EVP_F_EVP_ENCRYPTFINAL_EX;
+static const int EVP_F_EVP_DECRYPTFINAL_EX;
+
+static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH;
 """
 
 FUNCTIONS = """
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index d046a012..9f84d667 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -19,12 +19,7 @@ from cryptography.hazmat.primitives import interfaces
 
 
 class Cipher(object):
-    def __init__(self, algorithm, mode, backend=None):
-        if backend is None:
-            from cryptography.hazmat.bindings import (
-                _default_backend as backend,
-            )
-
+    def __init__(self, algorithm, mode, backend):
         if not isinstance(algorithm, interfaces.CipherAlgorithm):
             raise TypeError("Expected interface of interfaces.CipherAlgorithm")
 
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 93fc8c42..bee188b3 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -22,15 +22,11 @@ from cryptography.hazmat.primitives import interfaces
 
 @utils.register_interface(interfaces.HashContext)
 class Hash(object):
-    def __init__(self, algorithm, backend=None, ctx=None):
+    def __init__(self, algorithm, backend, ctx=None):
         if not isinstance(algorithm, interfaces.HashAlgorithm):
             raise TypeError("Expected instance of interfaces.HashAlgorithm.")
         self.algorithm = algorithm
 
-        if backend is None:
-            from cryptography.hazmat.bindings import _default_backend
-            backend = _default_backend
-
         self._backend = backend
 
         if ctx is None:
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 08dfae01..618bccc5 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -22,15 +22,11 @@ from cryptography.hazmat.primitives import interfaces
 
 @utils.register_interface(interfaces.HashContext)
 class HMAC(object):
-    def __init__(self, key, algorithm, ctx=None, backend=None):
+    def __init__(self, key, algorithm, backend, ctx=None):
         if not isinstance(algorithm, interfaces.HashAlgorithm):
             raise TypeError("Expected instance of interfaces.HashAlgorithm.")
         self.algorithm = algorithm
 
-        if backend is None:
-            from cryptography.hazmat.bindings import _default_backend
-            backend = _default_backend
-
         self._backend = backend
         self._key = key
         if ctx is None: