EVP_aes_128_cbc_hmac_sha256() not working on arm64 architecture

Mirko J. Ploch openssl at mirko.wtf
Tue May 7 19:47:02 UTC 2019


Thank you for your response. You answered my question. It is not available
on my target platform architecture (arm64).

I do have a specific need for that cipher, and it does not have anything to
do with TLS. An app that I am working on requires it for JSON Web
Encryption (JWE) as the required encryption algorithm.

https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31#appendix-B

Best Regards,
Mirko

On Tue, May 7, 2019 at 11:45 AM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 06/05/2019 16:41, Mirko J. Ploch wrote:
> > Hello,
> >
> > I'm trying to use EVP_aes_128_cbc_hmac_sha256() for encryption on an iOS
> device
> > with arm64 architecture. I was able to get it working with the x86_64
> > architecture when running the iOS device simulator on an iMac. Is this
> just not
> > capable of working on an arm64 platform?
> >
> > Looking at the code for EVP_aes_128_cbc_hmac_sha256, it does not look
> like it.
> > I'm hoping that there is a way to get it working.
> >
> https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/crypto/evp/e_aes_cbc_hmac_sha256.c
>
> This cipher is a special purpose cipher not intended for general use. It is
> specifically targeted at usage in TLS. Unless you're writing a TLS stack
> you
> probably don't want to use this. It is only available on some platforms
> and does
> runtime detection to check whether the platform is suitable or not. Most
> importantly the platform must have AES-NI support.
>
> It's usefulness even in a TLS stack is somewhat limited these days since
> it is
> not relevant for TLSv1.3 and does not get used if encrypt-then-mac is
> negotiated
> (which recent versions of OpenSSL will try to negotiate by default).
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190507/124d80d2/attachment.html>


More information about the openssl-users mailing list