[erlang-questions] crypto EVP transition

Loïc Hoguin <>
Fri Apr 3 11:18:10 CEST 2015


On 03/28/2015 02:48 PM, Maas-Maarten Zeeman wrote:
> This is the current proof-of-concept api, minus meta-data functions for retrieving block size, iv,- and key length, and a bytes to key function:
>
> -spec cipher_init(binary(), binary(), binary(), encrypt | decrypt, boolean()) -> {ok, cipher_ctx()}.
> cipher_init(_Alg, _Key, _Iv, _Mode, _Padding) ->
>      exit(nif_library_not_loaded).
>
> -spec cipher_update(cipher_ctx(), iolist()) -> binary().
> cipher_update(_Ctx, _Data) ->
>      exit(nif_library_not_loaded).
>
> -spec cipher_final(cipher_ctx()) -> binary().
> cipher_final(_Ctx) ->
>      exit(nif_library_not_loaded).
>
> Last word from the otp-team was that they think this api is bit too un-erlang because of the rather ugly mutating cipher context. There is not much I can do about that. Openssl does not have a context copy function in its api. Copying the context from call to call could also be impossible when the cipher is implemented in hardware.

Perhaps it can be made similar to zlib, where the context is a port()? 
Or would that kill the performance benefits?

> I’m not sure if all this is on track for 18.0 though.

I hope something can be done in the near future. HTTP is increasingly 
depending on TLS and good performance will soon matter to a lot more 
people than before.

It sounds like the ball is currently in OTP Team's camp but if I can 
help with it I will.

Cheers,

-- 
Loïc Hoguin
http://ninenines.eu


More information about the erlang-questions mailing list