[gnutls-dev] Symmetric cipher API

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Nov 19 07:38:17 CET 2007

On Sunday 18 November 2007, Sam Varshavchik wrote:
> Recently I converted some code that uses OpenSSL's EVP_CIPHER symmetric
> cipher API. I wrote a wrapper that mapped the following functions to their
> gcrypt equivalents: EVP_CIPHER_CTX_init(), EVP_CIPHER_CTX_cleanup(),
> EVP_(Encrypt|Decrypt)Init_ex(), EVP_(Encrypt|Decrypt)Update(), and
> EVP_(Encrypt|Decrypt)Final_ex().

We could always commit something like this to the openssl compatibility 
interface. However I don't understand its use. Why did you need such wrapper?

> If you are interested, I'll be happy to contribute this code. I also
> thought that it's better to make this a native libgcrypt API. This should
> be only a matter of renaming the function names and arguments to follow
> libgcrypt's naming conventions, and all the EVP function become now just
> some lightweight wrappers (or probably even macros).

Why do you think that it's better to have it as native libgcrypt API? What are 
the advantages of using this api comparing to libgcrypt's? As far as I 
understand the differences the libgcrypt's functions are safer, since you 
don't directly access structures, and the internals can be changed without
breaking binary compatibility.


More information about the Gnutls-devel mailing list