The case of the inconsistent SSL: AES-NI broken? Bad CPU?
$ docker pull ubuntu:18.04 18.04: Pulling from library/ubuntu Digest: sha256:5f4bdc3467537cbbe563e80db2c3ec95d548a9145d64453b06939c4592d67b6d Status: Image is up to date for ubuntu:18.04 $ docker pull ubuntu:18.04 Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Amazon")
Bust out the openssl source, build it, run ‘make tests’. Same intermittent failures (on 20-test_enc_more.t). Compare against my haswell server and my sandybridge desktop, no problems. Try it on my kabylake system. no problems. Its just the skylake-hq.
So let’s try a little experiment (see OPENSSL_ia32cap):
Now the tests pass.
processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 94 model name : Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz stepping : 3 microcode : 0xc2
The processor is an i7-6700HQ, it has the AES-NI set. Is that processor/rev broken? Are there errata? Is my chip damaged?
Anyone got a suggestion? Has my chip been hacked to render its encryption weak and this is a by-product? Is my tinfoil hat aligned right?