<div dir="ltr">From what I understand it's safer to use asm implementations of AES-GCM because of potential timing attacks on pure software implementations.<div><br></div><div>* <a href="https://github.com/jedisct1/libsodium/issues/234#issuecomment-70028523">https://github.com/jedisct1/libsodium/issues/234#issuecomment-70028523</a></div><div>* <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=868948#c17">https://bugzilla.mozilla.org/show_bug.cgi?id=868948#c17</a></div><div><br></div><div>I'm more concerned that the arm64 build is broken for a formerly-working target. If you have a recent macOS device you should be able to run those build scripts (using Xcode 9 command line tools) and see that the arm64 assembly does not compile for mach-o targets. </div><div><br></div><div>As far as tarball verification, adding a sha256sum verification step to the build scripts is a good idea, thanks for pointing me in the right direction.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 27, 2017 at 3:22 AM, Werner Koch <span dir="ltr"><<a href="mailto:wk@gnupg.org" target="_blank">wk@gnupg.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, 26 Oct 2017 19:24, <a href="mailto:chrisballinger@gmail.com">chrisballinger@gmail.com</a> said:<br>
<br>
> However, the arm64 mach-o assembly issue is beyond my capabilities. From<br>
> what I understand using non-asm versions of AES-GCM is not recommended, and<br>
<br>
</span>--disable-asm should always work. From where did you get the<br>
recommendation not to use --disable-asm form arm64? It will be slower<br>
but I doubt that this is really an issue for a messaging application.<br>
<br>
I have a macOS box but no IOS device - can I use it to test your<br>
problem?<br>
<br>
BTW, relying on TLS for checking the authenticity of Libgcrypt et<br>
al. downlods is not a good idea. Please check gnupg/tools/getswdb.sh to<br>
see how we do it for GnuPG components: There is a signed file with the<br>
latest versions and their shaXsums. The gnupg/tools/<a href="http://speedo.mk" rel="noreferrer" target="_blank">speedo.mk</a> Makefile<br>
uses these checksums to verify the downloads. However, directly<br>
verifying a certain tarball signature is also possible. The trusted<br>
keys are distributed with GnuPG and their fingerprints are in all<br>
release announcements.<br>
<br>
<br>
<br>
Shalom-Salam,<br>
<div class="HOEnZb"><div class="h5"><br>
Werner<br>
<br>
--<br>
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.<br>
</div></div></blockquote></div><br></div>