<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Aug 31, 2013 at 1:47 AM, Alex Gaynor <span dir="ltr"><<a href="mailto:alex.gaynor@gmail.com" target="_blank">alex.gaynor@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">So I gave up on trying to test the paths, until we know how they're supposed to fail, I just made them asserts, this way errors do not pass silently, and we have coverage (this is particularly important since we'd further have untested code for figuring out what the current openssl error is).</div>
</blockquote><div><br>Might OpenSSL's ERR_get_error() and ERR_GET_REASON() help in figuring out what the current OpenSSL error is?<br><br><a href="http://www.openssl.org/docs/crypto/ERR_get_error.html">http://www.openssl.org/docs/crypto/ERR_get_error.html</a><br>
<a href="http://www.openssl.org/docs/crypto/ERR_GET_LIB.html">http://www.openssl.org/docs/crypto/ERR_GET_LIB.html</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><div>
<br></div><div>We still need an answer to "change the API" vs. init on first method. Anyone have strong opinions?</div><span class=""><font color="#888888"><div><br></div><div>Alex</div></font></span></div><div class="gmail_extra">
<div><div class="h5"><br><br><div class="gmail_quote">
On Tue, Aug 27, 2013 at 5:53 AM, Donald Stufft <span dir="ltr"><<a href="mailto:donald@stufft.io" target="_blank">donald@stufft.io</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="word-wrap:break-word"><br><div><div><div>On Aug 27, 2013, at 8:50 AM, Hynek Schlawack <<a href="mailto:hs@ox.cx" target="_blank">hs@ox.cx</a>> wrote:</div><br><blockquote type="cite"><div dir="auto">
<div><br></div><blockquote type="cite"><div dir="ltr"><div>We've slowed a bit in the last week or so. I want to get the AES patch landed so we can get the momentum back up (<a href="https://github.com/alex/cryptography/pull/28" target="_blank">https://github.com/alex/cryptography/pull/28</a>). There's a few outstanding issues we need to resolve:</div>
<div><br></div><div>* How the heck do we test error conditions in OpenSSL? OpenSSL is totally negligent in how we reproduce them. Should we monkeypatching the cffi functions to return error codes so we can at least test our code paths?</div>
</div></blockquote><div><br></div><div>That sounds rather sketchy TBH but I don't know the innards of both.</div></div></blockquote><div><br></div></div><div>I agree on this sounding sketchy but it might be the best way forward.</div>
<div><br><blockquote type="cite"><div dir="auto"><br><blockquote type="cite"><div dir="ltr">
<div>* Since the BlockCipher object doesn't know if it's in encrypt or decrypt mode until the first call it can't really initialize itself in the constructor. Is that fine?</div></div></blockquote><br><div>I see two options:</div>
<div><br></div><div> 1. Explicit factory methods.</div><div> 2. Init on first use.</div><div><br></div><div>I tend to prefer 1., ideally with separate types. I love me some types.</div></div></blockquote><div><br></div></div>
<div>I prefer just init on first use, it's currently setup to switch into decrypt or encrypt modes based on if you call BlockCipher.decrypt() or BlockCipher.encrypt() first. FWIW Encrypt/Decrypt mode only makes sense for certain combinations of things, some block ciphers can use the same operation.</div>
<br><blockquote type="cite"><div dir="auto"><div><br></div><div>—h</div></div>_______________________________________________<br>Cryptography-dev mailing list<br><a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>
<a href="http://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">http://mail.python.org/mailman/listinfo/cryptography-dev</a><br></blockquote></div><br><div>FWIW there are a few outstanding issues inside the Pull Request comments as well.</div>
<div><br>-----------------<br>Donald Stufft<br>PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
</div>
<br></div><br>_______________________________________________<br>
Cryptography-dev mailing list<br>
<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>
<a href="http://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">http://mail.python.org/mailman/listinfo/cryptography-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><div class="im">-- <br><div dir="ltr">"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)<br>
"The people's good is the highest law." -- Cicero<br><div>GPG Key fingerprint: 125F 5C67 DFE9 4084</div></div>
</div></div>
<br>_______________________________________________<br>
Cryptography-dev mailing list<br>
<a href="mailto:Cryptography-dev@python.org">Cryptography-dev@python.org</a><br>
<a href="http://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">http://mail.python.org/mailman/listinfo/cryptography-dev</a><br>
<br></blockquote></div><br></div></div>