Comment 10 for bug 2030784

Revision history for this message
Bun K Tan (bktan1) wrote (last edit ):

Hello @adrien-n,

I had Dan Zimmerman take a look at this issue and found a solution. This is what he shared:

Steps to reproduce:
-------------------
Get Source and apply patch:
git clone https://git.launchpad.net/ubuntu/+source/openssl ubuntu_openssl
cd ubuntu_openssl
git checkout applied/ubuntu/devel
git apply 001-vaes_gcm_avx512.patch (See comment #11 for attachment)
This patch is essentially what is referred to as "[PATCH 2/2] AES-GCM enabled with AVX512 vAES and vPCLMULQDQ."
Build OpenSSL
./config --prefix=/tmp/ubuntu_openssl_install --openssldir=/tmp/ubuntu_openssl_install
make -j
make test
Note AES-GCM Test Failures

Steps to resolution:
--------------------
Apply patch:
make clean
git apply 002-vaes_gcm_avx512_fix.patch
make -j
make test
Note AES-GCM Tests Pass

Solution:
---------
The solution to the failed test cases comes from this merged OpenSSL Pull Request: Avoid having another copy of key schedule in PROV_GCM_CTX by t8m · Pull Request #22384 · openssl/openssl (github.com)
Direct application of this PR will fail due to the fact that the OpenSSL doesn't support SM4_GCM in v3.0.13. So I made the edits by hand and created the patch file 002-vaes_gcm_avx512_fix.patch