Backport Intel's AVX512 patches on openssl 3.0

Maybe worth holding back until there is a fix for https://downfall.page/

Since the microcode updates for Downfall have made it to Mantic, I'm removing the block-proposed tag. Please add it back if I missed or misunderstood something :)

This bug was fixed in the package openssl - 3.0.10-1ubuntu2

---------------
openssl (3.0.10-1ubuntu2) mantic; urgency=medium

  * d/p/intel/*: cherry-pick AVX512 patches for recent Intel CPUs (LP: #2030784)

 -- Simon Chopin <email address hidden> Tue, 08 Aug 2023 17:51:58 +0200

Hi @schopin,

Recommended way to test the relevant code paths would be to use OpenSSL’s Capability Bits Environment variable. Notes below:

Ubuntu - OpenSSL OPENSSL_ia32cap Environment Variable
OpenSSL Environment variable processor feature bit disable combos for testing.
https://www.openssl.org/docs/manmaster/man3/OPENSSL_ia32cap.html

* AES-GCM Relevant Feature Disable

   Disable VAES-NI
   $ export OPENSSL_ia32cap=:~0x20000000000

   Disable VPCLMULQDQ
   $ export OPENSSL_ia32cap=:~0x40000000000

   Disable AES-NI
   $ export OPENSSL_ia32cap=~0x200000000000000

   Disable AESNI + VAESNI
   $ export OPENSSL_ia32cap=~0x200000000000000:~0x20000000000

* RSA 2K/3K/4K Sign Relevant Feature Disable

   Disable AVX512F
   $ export OPENSSL_ia32cap=:~0x10000

   Disable AVX512VL
   $ export OPENSSL_ia32cap=:~0x80000000

   Disable AVX512DQ
   $ export OPENSSL_ia32cap=:~0x20000

   Disable AVX512IFMA
   $ export OPENSSL_ia32cap=:~0x200000

* Unset any previous caps
$ unset OPENSSL_ia32cap

Examples:
   * AES-128-GCM | AES-256-GCM
      - Baseline - Requires VAES and VPCMULQDQ features present on ICX or newer platform. This should be the most performant flow.
        $ taskset -c 0 openssl speed -evp aes-128-gcm

      - Individual VAES Disabled and VPCLMULQDQ Disabled should fallback to AVX AESNI flow and should have equivalent performance
        $ OPENSSL_ia32cap=:~0x20000000000 taskset -c 0 openssl speed -evp aes-128-gcm
        $ OPENSSL_ia32cap=:~0x40000000000 taskset -c 0 openssl speed -evp aes-128-gcm

      - AESNI and VAESNI Disabled should fallback to 'C code' performance
        $ OPENSSL_ia32cap=~0x200000000000000:~0x20000000000 taskset -c 0 openssl speed -evp aes-128-gcm

   * RSA 2K/3K/4K Sign Performance
      - Baseline - Requires AVX512F, AVX512VL, AVX512DQ, and AVX512IFMA features on ICX or newer platform. This should be the most performant flow.
        $ taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096

      - Individual AVX512F, AVX512VL, and AVX512IFMA features should yield equivalent performance. This flow will use the ADOX/ADCX/MULX RSA flow.
        $ OPENSSL_ia32cap=:~0x10000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
        $ OPENSSL_ia32cap=:~0x80000000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
        $ OPENSSL_ia32cap=:~0x20000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
        $ OPENSSL_ia32cap=:~0x200000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096