2004-07-26 20:18:55 +00:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector
|
2004-07-26 20:18:55 +00:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2009-04-26 17:49:41 +00:00
|
|
|
unsigned int *OPENSSL_ia32cap_loc(void);
|
|
|
|
#define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
|
2004-07-26 20:18:55 +00:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
2004-08-29 16:36:05 +00:00
|
|
|
Value returned by OPENSSL_ia32cap_loc() is address of a variable
|
2009-04-26 17:49:41 +00:00
|
|
|
containing IA-32 processor capabilities bit vector as it appears in
|
|
|
|
EDX:ECX register pair after executing CPUID instruction with EAX=1
|
|
|
|
input value (see Intel Application Note #241618). Naturally it's
|
|
|
|
meaningful on x86 and x86_64 platforms only. The variable is normally
|
|
|
|
set up automatically upon toolkit initialization, but can be
|
|
|
|
manipulated afterwards to modify crypto library behaviour. For the
|
2011-05-16 20:35:11 +00:00
|
|
|
moment of this writing following bits are significant:
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
=over
|
|
|
|
|
2011-05-16 20:35:11 +00:00
|
|
|
=item bit #4 denoting presence of Time-Stamp Counter.
|
|
|
|
|
|
|
|
=item bit #19 denoting availability of CLFLUSH instruction;
|
|
|
|
|
|
|
|
=item bit #20, reserved by Intel, is used to choose among RC4 code paths;
|
|
|
|
|
|
|
|
=item bit #23 denoting MMX support;
|
|
|
|
|
|
|
|
=item bit #24, FXSR bit, denoting availability of XMM registers;
|
|
|
|
|
|
|
|
=item bit #25 denoting SSE support;
|
|
|
|
|
|
|
|
=item bit #26 denoting SSE2 support;
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
=item bit #28 denoting Hyperthreading, which is used to distinguish
|
|
|
|
cores with shared cache;
|
2011-05-16 20:35:11 +00:00
|
|
|
|
2011-05-27 15:32:43 +00:00
|
|
|
=item bit #30, reserved by Intel, denotes specifically Intel CPUs;
|
2011-05-16 20:35:11 +00:00
|
|
|
|
|
|
|
=item bit #33 denoting availability of PCLMULQDQ instruction;
|
|
|
|
|
|
|
|
=item bit #41 denoting SSSE3, Supplemental SSE3, support;
|
|
|
|
|
2011-05-27 15:32:43 +00:00
|
|
|
=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
|
2011-05-16 20:35:11 +00:00
|
|
|
|
|
|
|
=item bit #57 denoting AES-NI instruction set extension;
|
|
|
|
|
|
|
|
=item bit #59, OSXSAVE bit, denoting availability of YMM registers;
|
|
|
|
|
|
|
|
=item bit #60 denoting AVX extension;
|
2007-04-01 17:28:08 +00:00
|
|
|
|
2011-06-04 12:20:45 +00:00
|
|
|
=item bit #62 denoting availability of RDRAND instruction;
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
=back
|
|
|
|
|
2007-04-01 17:28:08 +00:00
|
|
|
For example, clearing bit #26 at run-time disables high-performance
|
2011-05-16 20:35:11 +00:00
|
|
|
SSE2 code present in the crypto library, while clearing bit #24
|
|
|
|
disables SSE2 code operating on 128-bit XMM register bank. You might
|
|
|
|
have to do the latter if target OpenSSL application is executed on SSE2
|
|
|
|
capable CPU, but under control of OS that does not enable XMM
|
|
|
|
registers. Even though you can manipulate the value programmatically,
|
|
|
|
you most likely will find it more appropriate to set up an environment
|
|
|
|
variable with the same name prior starting target application, e.g. on
|
2011-07-23 12:10:26 +00:00
|
|
|
Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or
|
|
|
|
better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same
|
|
|
|
effect without modifying the application source code. Alternatively you
|
|
|
|
can reconfigure the toolkit with no-sse2 option and recompile.
|
2004-07-26 20:18:55 +00:00
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
Less intuitive is clearing bit #28. The truth is that it's not copied
|
2009-04-26 17:49:41 +00:00
|
|
|
from CPUID output verbatim, but is adjusted to reflect whether or not
|
|
|
|
the data cache is actually shared between logical cores. This in turn
|
|
|
|
affects the decision on whether or not expensive countermeasures
|
|
|
|
against cache-timing attacks are applied, most notably in AES assembler
|
|
|
|
module.
|
2012-11-17 19:04:15 +00:00
|
|
|
|
|
|
|
The vector is further extended with EBX value returned by CPUID with
|
|
|
|
EAX=7 and ECX=0 as input. Following bits are significant:
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
=over
|
|
|
|
|
2012-11-17 19:04:15 +00:00
|
|
|
=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
|
|
|
|
|
|
|
|
=item bit #64+5 denoting availability of AVX2 instructions;
|
|
|
|
|
|
|
|
=item bit #64+8 denoting availability of BMI2 instructions, e.g. MUXL
|
2013-06-12 22:42:08 +00:00
|
|
|
and RORX;
|
2012-11-17 19:04:15 +00:00
|
|
|
|
|
|
|
=item bit #64+18 denoting availability of RDSEED instruction;
|
|
|
|
|
2013-06-12 22:42:08 +00:00
|
|
|
=item bit #64+19 denoting availability of ADCX and ADOX instructions;
|
|
|
|
|
|
|
|
=back
|
2016-05-18 14:16:40 +00:00
|
|
|
|
2016-05-18 15:44:05 +00:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
|
|
|
Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|