libgcrypt fails to compile with Xcode 9 against iOS 11 SDK

Chris Ballinger chrisballinger at
Fri Oct 27 19:24:06 CEST 2017

>From what I understand it's safer to use asm implementations of AES-GCM
because of potential timing attacks on pure software implementations.


I'm more concerned that the arm64 build is broken for a formerly-working
target. If you have a recent macOS device you should be able to run those
build scripts (using Xcode 9 command line tools) and see that the arm64
assembly does not compile for mach-o targets.

As far as tarball verification, adding a sha256sum verification step to the
build scripts is a good idea, thanks for pointing me in the right direction.

On Fri, Oct 27, 2017 at 3:22 AM, Werner Koch <wk at> wrote:

> On Thu, 26 Oct 2017 19:24, chrisballinger at said:
> > However, the arm64 mach-o assembly issue is beyond my capabilities. From
> > what I understand using non-asm versions of AES-GCM is not recommended,
> and
> --disable-asm should always work.  From where did you get the
> recommendation not to use --disable-asm form arm64?  It will be slower
> but I doubt that this is really an issue for a messaging application.
> I have a macOS box but no IOS device - can I use it to test your
> problem?
> BTW, relying on TLS for checking the authenticity of Libgcrypt et
> al. downlods is not a good idea.  Please check gnupg/tools/ to
> see how we do it for GnuPG components: There is a signed file with the
> latest versions and their shaXsums.  The gnupg/tools/ Makefile
> uses these checksums to verify the downloads.  However, directly
> verifying a certain tarball signature is also possible.  The trusted
> keys are distributed with GnuPG and their fingerprints are in all
> release announcements.
> Shalom-Salam,
>    Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gcrypt-devel mailing list