EVP_aes_128_cbc_hmac_sha256() not working on arm64 architecture

Jakob Bohm jb-openssl at wisemo.com
Tue May 7 21:10:19 UTC 2019

For future library versions (4.x or whatever), it would be useful to
make these combo-ciphers be better documented and available via
library-level calls to separate block and mac operations where
optimized intertwined implementations are not provided.

Obviously, the set of such combo loops should be enhanced with the
CBC-then-HMAC and other now popular combinations.

But just because SSL notoriously did the surrounding logic (padding,
IV management etc.) completely wrong every time (CBC then MAC is
also a weak choice!) doesn't mean the composition of doing HMAC
on CBC input is inherently bad in skilled hands.

Blindly using only whatever is now in fashion isn't necessarily
safe either, they just haven't found and published the attacks

On 07/05/2019 21:47, Mirko J. Ploch wrote:
> Thank you for your response. You answered my question. It is not 
> available on my target platform architecture (arm64).
> I do have a specific need for that cipher, and it does not have 
> anything to do with TLS. An app that I am working on requires it for 
> JSON Web Encryption (JWE) as the required encryption algorithm.
> https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31#appendix-B
> On Tue, May 7, 2019 at 11:45 AM Matt Caswell <matt at openssl.org 
> <mailto:matt at openssl.org>> wrote:
>     On 06/05/2019 16:41, Mirko J. Ploch wrote:
>     > Hello,
>     >
>     > I'm trying to use EVP_aes_128_cbc_hmac_sha256() for encryption
>     on an iOS device
>     > with arm64 architecture. I was able to get it working with the
>     x86_64
>     > architecture when running the iOS device simulator on an iMac.
>     Is this just not
>     > capable of working on an arm64 platform?
>     >
>     > Looking at the code for EVP_aes_128_cbc_hmac_sha256, it does not
>     look like it.
>     > I'm hoping that there is a way to get it working.
>     >
>     https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/crypto/evp/e_aes_cbc_hmac_sha256.c
>     This cipher is a special purpose cipher not intended for general
>     use. It is
>     specifically targeted at usage in TLS. Unless you're writing a TLS
>     stack you
>     probably don't want to use this. It is only available on some
>     platforms and does
>     runtime detection to check whether the platform is suitable or
>     not. Most
>     importantly the platform must have AES-NI support.
>     It's usefulness even in a TLS stack is somewhat limited these days
>     since it is
>     not relevant for TLSv1.3 and does not get used if encrypt-then-mac
>     is negotiated
>     (which recent versions of OpenSSL will try to negotiate by default).


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list