libgcrypt fails to compile with Xcode 9 against iOS 11 SDK
Chris Ballinger
chrisballinger at gmail.com
Fri Oct 27 19:24:06 CEST 2017
>From what I understand it's safer to use asm implementations of AES-GCM
because of potential timing attacks on pure software implementations.
* https://github.com/jedisct1/libsodium/issues/234#issuecomment-70028523
* https://bugzilla.mozilla.org/show_bug.cgi?id=868948#c17
I'm more concerned that the arm64 build is broken for a formerly-working
target. If you have a recent macOS device you should be able to run those
build scripts (using Xcode 9 command line tools) and see that the arm64
assembly does not compile for mach-o targets.
As far as tarball verification, adding a sha256sum verification step to the
build scripts is a good idea, thanks for pointing me in the right direction.
On Fri, Oct 27, 2017 at 3:22 AM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 26 Oct 2017 19:24, chrisballinger at gmail.com said:
>
> > However, the arm64 mach-o assembly issue is beyond my capabilities. From
> > what I understand using non-asm versions of AES-GCM is not recommended,
> and
>
> --disable-asm should always work. From where did you get the
> recommendation not to use --disable-asm form arm64? It will be slower
> but I doubt that this is really an issue for a messaging application.
>
> I have a macOS box but no IOS device - can I use it to test your
> problem?
>
> BTW, relying on TLS for checking the authenticity of Libgcrypt et
> al. downlods is not a good idea. Please check gnupg/tools/getswdb.sh to
> see how we do it for GnuPG components: There is a signed file with the
> latest versions and their shaXsums. The gnupg/tools/speedo.mk Makefile
> uses these checksums to verify the downloads. However, directly
> verifying a certain tarball signature is also possible. The trusted
> keys are distributed with GnuPG and their fingerprints are in all
> release announcements.
>
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20171027/0f6b9992/attachment.html>
More information about the Gcrypt-devel
mailing list