I had Dan Zimmerman take a look at this issue and found a solution. This is what he shared:
Steps to reproduce:
-------------------
Get Source and apply patch:
git clone https://git.launchpad.net/ubuntu/+source/openssl ubuntu_openssl
cd ubuntu_openssl
git checkout applied/ubuntu/devel
git apply 001-vaes_gcm_avx512.patch (See comment #11 for attachment)
This patch is essentially what is referred to as "[PATCH 2/2] AES-GCM enabled with AVX512 vAES and vPCLMULQDQ."
Build OpenSSL
./config --prefix=/tmp/ubuntu_openssl_install --openssldir=/tmp/ubuntu_openssl_install
make -j
make test
Note AES-GCM Test Failures
Steps to resolution:
--------------------
Apply patch:
make clean
git apply 002-vaes_gcm_avx512_fix.patch
make -j
make test
Note AES-GCM Tests Pass
Solution:
---------
The solution to the failed test cases comes from this merged OpenSSL Pull Request: Avoid having another copy of key schedule in PROV_GCM_CTX by t8m · Pull Request #22384 · openssl/openssl (github.com)
Direct application of this PR will fail due to the fact that the OpenSSL doesn't support SM4_GCM in v3.0.13. So I made the edits by hand and created the patch file 002-vaes_gcm_avx512_fix.patch
Hello @adrien-n,
I had Dan Zimmerman take a look at this issue and found a solution. This is what he shared:
Steps to reproduce: /git.launchpad. net/ubuntu/ +source/ openssl ubuntu_openssl ubuntu/ devel gcm_avx512. patch (See comment #11 for attachment) /tmp/ubuntu_ openssl_ install --openssldir= /tmp/ubuntu_ openssl_ install
-------------------
Get Source and apply patch:
git clone https:/
cd ubuntu_openssl
git checkout applied/
git apply 001-vaes_
This patch is essentially what is referred to as "[PATCH 2/2] AES-GCM enabled with AVX512 vAES and vPCLMULQDQ."
Build OpenSSL
./config --prefix=
make -j
make test
Note AES-GCM Test Failures
Steps to resolution: ------- ------ gcm_avx512_ fix.patch
-------
Apply patch:
make clean
git apply 002-vaes_
make -j
make test
Note AES-GCM Tests Pass
Solution: gcm_avx512_ fix.patch
---------
The solution to the failed test cases comes from this merged OpenSSL Pull Request: Avoid having another copy of key schedule in PROV_GCM_CTX by t8m · Pull Request #22384 · openssl/openssl (github.com)
Direct application of this PR will fail due to the fact that the OpenSSL doesn't support SM4_GCM in v3.0.13. So I made the edits by hand and created the patch file 002-vaes_