address review comments

* inline some methods
* refactor enc/dec classes
* modify docs

2 files changed, 54 insertions, 57 deletions

diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index fc61c4b8..a3198c1a 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -99,17 +99,23 @@ class API(object):
                 self.lib.EVP_get_cipherbyname(ciphername.encode("ascii")))
 
     def create_block_cipher_encrypt_context(self, cipher, mode):
-        ctx, args = self._create_block_cipher_context(cipher, mode)
-        res = self.lib.EVP_EncryptInit_ex(*args)
+        ctx, evp, iv_nonce = self._create_block_cipher_context(cipher, mode)
+        res = self.lib.EVP_EncryptInit_ex(ctx, evp, api.ffi.NULL, cipher.key,
+                                          iv_nonce)
         assert res != 0
-        self._disable_padding(ctx)
+        # We purposely disable padding here as it's handled higher up in the
+        # API.
+        self.lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
         return ctx
 
     def create_block_cipher_decrypt_context(self, cipher, mode):
-        ctx, args = self._create_block_cipher_context(cipher, mode)
-        res = self.lib.EVP_DecryptInit_ex(*args)
+        ctx, evp, iv_nonce = self._create_block_cipher_context(cipher, mode)
+        res = self.lib.EVP_DecryptInit_ex(ctx, evp, api.ffi.NULL, cipher.key,
+                                          iv_nonce)
         assert res != 0
-        self._disable_padding(ctx)
+        # We purposely disable padding here as it's handled higher up in the
+        # API.
+        self.lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
         return ctx
 
     def _create_block_cipher_context(self, cipher, mode):
@@ -130,51 +136,43 @@ class API(object):
         else:
             iv_nonce = self.ffi.NULL
 
-        return (ctx, (ctx, evp_cipher, self.ffi.NULL, cipher.key, iv_nonce))
-
-    def _disable_padding(self, ctx):
-        # We purposely disable padding here as it's handled higher up in the
-        # API.
-        self.lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
+        return (ctx, evp_cipher, iv_nonce)
 
     def update_encrypt_context(self, ctx, data):
-        buf, outlen = self._create_buf_out(ctx, len(data))
+        block_size = self.lib.EVP_CIPHER_CTX_block_size(ctx)
+        buf = self.ffi.new("unsigned char[]", len(data) + block_size - 1)
+        outlen = self.ffi.new("int *")
         res = self.lib.EVP_EncryptUpdate(ctx, buf, outlen, data, len(data))
         assert res != 0
         return self.ffi.buffer(buf)[:outlen[0]]
 
     def update_decrypt_context(self, ctx, data):
-        buf, outlen = self._create_buf_out(ctx, len(data))
+        block_size = self.lib.EVP_CIPHER_CTX_block_size(ctx)
+        buf = self.ffi.new("unsigned char[]", len(data) + block_size - 1)
+        outlen = self.ffi.new("int *")
         res = self.lib.EVP_DecryptUpdate(ctx, buf, outlen, data, len(data))
         assert res != 0
         return self.ffi.buffer(buf)[:outlen[0]]
 
-    def _create_buf_out(self, ctx, data_len):
+    def finalize_encrypt_context(self, ctx):
         block_size = self.lib.EVP_CIPHER_CTX_block_size(ctx)
-        buf = self.ffi.new("unsigned char[]", data_len + block_size - 1)
+        buf = self.ffi.new("unsigned char[]", block_size)
         outlen = self.ffi.new("int *")
-        return (buf, outlen)
-
-    def finalize_encrypt_context(self, ctx):
-        buf, outlen = self._create_final_buf_out(ctx)
         res = self.lib.EVP_EncryptFinal_ex(ctx, buf, outlen)
         assert res != 0
-        self._cleanup_block_cipher(ctx)
+        res = self.lib.EVP_CIPHER_CTX_cleanup(ctx)
+        assert res == 1
         return self.ffi.buffer(buf)[:outlen[0]]
 
     def finalize_decrypt_context(self, ctx):
-        buf, outlen = self._create_final_buf_out(ctx)
+        block_size = self.lib.EVP_CIPHER_CTX_block_size(ctx)
+        buf = self.ffi.new("unsigned char[]", block_size)
+        outlen = self.ffi.new("int *")
         res = self.lib.EVP_DecryptFinal_ex(ctx, buf, outlen)
         assert res != 0
-        self._cleanup_block_cipher(ctx)
-        return self.ffi.buffer(buf)[:outlen[0]]
-
-    def _create_final_buf_out(self, ctx):
-        return self._create_buf_out(ctx, 1)
-
-    def _cleanup_block_cipher(self, ctx):
         res = self.lib.EVP_CIPHER_CTX_cleanup(ctx)
         assert res == 1
+        return self.ffi.buffer(buf)[:outlen[0]]
 
     def supports_hash(self, hash_cls):
         return (self.ffi.NULL !=
diff --git a/cryptography/primitives/block/base.py b/cryptography/primitives/block/base.py
index 650e39c1..14704ffe 100644
--- a/cryptography/primitives/block/base.py
+++ b/cryptography/primitives/block/base.py
@@ -13,16 +13,9 @@
 
 from __future__ import absolute_import, division, print_function
 
-from enum import Enum
-
 from cryptography.bindings import _default_api
 
 
-class _Operation(Enum):
-    encrypt = 0
-    decrypt = 1
-
-
 class BlockCipher(object):
     def __init__(self, cipher, mode, api=None):
         super(BlockCipher, self).__init__()
@@ -35,39 +28,45 @@ class BlockCipher(object):
         self._api = api
 
     def encryptor(self):
-        return _BlockCipherContext(self.cipher, self.mode, self._api,
-                                   _Operation.encrypt)
+        return _BlockCipherEncryptionContext(self.cipher, self.mode, self._api)
 
     def decryptor(self):
-        return _BlockCipherContext(self.cipher, self.mode, self._api,
-                                   _Operation.decrypt)
+        return _BlockCipherDecryptionContext(self.cipher, self.mode, self._api)
+
+
+class _BlockCipherEncryptionContext(object):
+    def __init__(self, cipher, mode, api):
+        super(_BlockCipherEncryptionContext, self).__init__()
+        self._api = api
+        self._ctx = self._api.create_block_cipher_encrypt_context(cipher, mode)
+
+    def update(self, data):
+        if self._ctx is None:
+            raise ValueError("Context was already finalized")
+        return self._api.update_encrypt_context(self._ctx, data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise ValueError("Context was already finalized")
+        data = self._api.finalize_encrypt_context(self._ctx)
+        self._ctx = None
+        return data
 
 
-class _BlockCipherContext(object):
-    def __init__(self, cipher, mode, api, operation):
-        super(_BlockCipherContext, self).__init__()
+class _BlockCipherDecryptionContext(object):
+    def __init__(self, cipher, mode, api):
+        super(_BlockCipherDecryptionContext, self).__init__()
         self._api = api
-        self._operation = operation
-        args = (cipher, mode)
-        if self._operation == _Operation.encrypt:
-            self._ctx = self._api.create_block_cipher_encrypt_context(*args)
-        else:
-            self._ctx = self._api.create_block_cipher_decrypt_context(*args)
+        self._ctx = self._api.create_block_cipher_decrypt_context(cipher, mode)
 
     def update(self, data):
         if self._ctx is None:
             raise ValueError("Context was already finalized")
-        if self._operation == _Operation.encrypt:
-            return self._api.update_encrypt_context(self._ctx, data)
-        else:
-            return self._api.update_decrypt_context(self._ctx, data)
+        return self._api.update_decrypt_context(self._ctx, data)
 
     def finalize(self):
         if self._ctx is None:
             raise ValueError("Context was already finalized")
-        if self._operation == _Operation.encrypt:
-            data = self._api.finalize_encrypt_context(self._ctx)
-        else:
-            data = self._api.finalize_decrypt_context(self._ctx)
+        data = self._api.finalize_decrypt_context(self._ctx)
         self._ctx = None
         return data