2004-07-26 20:18:55 +00:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2011-05-16 20:35:11 +00:00
|
|
|
OPENSSL_ia32cap - the IA-32 processor capabilities vector
|
2004-07-26 20:18:55 +00:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2009-04-26 17:49:41 +00:00
|
|
|
unsigned int *OPENSSL_ia32cap_loc(void);
|
|
|
|
#define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
|
2004-07-26 20:18:55 +00:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
2004-08-29 16:36:05 +00:00
|
|
|
Value returned by OPENSSL_ia32cap_loc() is address of a variable
|
2009-04-26 17:49:41 +00:00
|
|
|
containing IA-32 processor capabilities bit vector as it appears in
|
|
|
|
EDX:ECX register pair after executing CPUID instruction with EAX=1
|
|
|
|
input value (see Intel Application Note #241618). Naturally it's
|
|
|
|
meaningful on x86 and x86_64 platforms only. The variable is normally
|
|
|
|
set up automatically upon toolkit initialization, but can be
|
|
|
|
manipulated afterwards to modify crypto library behaviour. For the
|
2011-05-16 20:35:11 +00:00
|
|
|
moment of this writing following bits are significant:
|
|
|
|
|
|
|
|
=item bit #4 denoting presence of Time-Stamp Counter.
|
|
|
|
|
|
|
|
=item bit #19 denoting availability of CLFLUSH instruction;
|
|
|
|
|
|
|
|
=item bit #20, reserved by Intel, is used to choose among RC4 code paths;
|
|
|
|
|
|
|
|
=item bit #23 denoting MMX support;
|
|
|
|
|
|
|
|
=item bit #24, FXSR bit, denoting availability of XMM registers;
|
|
|
|
|
|
|
|
=item bit #25 denoting SSE support;
|
|
|
|
|
|
|
|
=item bit #26 denoting SSE2 support;
|
|
|
|
|
|
|
|
=item bit #28 denoting Hyperthreading, which is used to distiguish
|
|
|
|
cores with shared cache;
|
|
|
|
|
2011-05-27 15:32:43 +00:00
|
|
|
=item bit #30, reserved by Intel, denotes specifically Intel CPUs;
|
2011-05-16 20:35:11 +00:00
|
|
|
|
|
|
|
=item bit #33 denoting availability of PCLMULQDQ instruction;
|
|
|
|
|
|
|
|
=item bit #41 denoting SSSE3, Supplemental SSE3, support;
|
|
|
|
|
2011-05-27 15:32:43 +00:00
|
|
|
=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
|
2011-05-16 20:35:11 +00:00
|
|
|
|
|
|
|
=item bit #57 denoting AES-NI instruction set extension;
|
|
|
|
|
|
|
|
=item bit #59, OSXSAVE bit, denoting availability of YMM registers;
|
|
|
|
|
|
|
|
=item bit #60 denoting AVX extension;
|
2007-04-01 17:28:08 +00:00
|
|
|
|
2011-06-04 12:20:45 +00:00
|
|
|
=item bit #62 denoting availability of RDRAND instruction;
|
|
|
|
|
2007-04-01 17:28:08 +00:00
|
|
|
For example, clearing bit #26 at run-time disables high-performance
|
2011-05-16 20:35:11 +00:00
|
|
|
SSE2 code present in the crypto library, while clearing bit #24
|
|
|
|
disables SSE2 code operating on 128-bit XMM register bank. You might
|
|
|
|
have to do the latter if target OpenSSL application is executed on SSE2
|
|
|
|
capable CPU, but under control of OS that does not enable XMM
|
|
|
|
registers. Even though you can manipulate the value programmatically,
|
|
|
|
you most likely will find it more appropriate to set up an environment
|
|
|
|
variable with the same name prior starting target application, e.g. on
|
2011-07-23 12:10:26 +00:00
|
|
|
Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or
|
|
|
|
better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same
|
|
|
|
effect without modifying the application source code. Alternatively you
|
|
|
|
can reconfigure the toolkit with no-sse2 option and recompile.
|
2004-07-26 20:18:55 +00:00
|
|
|
|
2009-04-26 17:49:41 +00:00
|
|
|
Less intuituve is clearing bit #28. The truth is that it's not copied
|
|
|
|
from CPUID output verbatim, but is adjusted to reflect whether or not
|
|
|
|
the data cache is actually shared between logical cores. This in turn
|
|
|
|
affects the decision on whether or not expensive countermeasures
|
|
|
|
against cache-timing attacks are applied, most notably in AES assembler
|
|
|
|
module.
|