| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 |
- =pod
- =head1 NAME
- OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector
- =head1 SYNOPSIS
- unsigned int *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
- =head1 DESCRIPTION
- Value returned by OPENSSL_ia32cap_loc() is address of a variable
- containing IA-32 processor capabilities bit vector as it appears in
- EDX:ECX register pair after executing CPUID instruction with EAX=1
- input value (see Intel Application Note #241618). Naturally it's
- meaningful on x86 and x86_64 platforms only. The variable is normally
- set up automatically upon toolkit initialization, but can be
- manipulated afterwards to modify crypto library behaviour. For the
- moment of this writing following bits are significant:
- =over
- =item bit #4 denoting presence of Time-Stamp Counter.
- =item bit #19 denoting availability of CLFLUSH instruction;
- =item bit #20, reserved by Intel, is used to choose among RC4 code paths;
- =item bit #23 denoting MMX support;
- =item bit #24, FXSR bit, denoting availability of XMM registers;
- =item bit #25 denoting SSE support;
- =item bit #26 denoting SSE2 support;
- =item bit #28 denoting Hyperthreading, which is used to distinguish
- cores with shared cache;
- =item bit #30, reserved by Intel, denotes specifically Intel CPUs;
- =item bit #33 denoting availability of PCLMULQDQ instruction;
- =item bit #41 denoting SSSE3, Supplemental SSE3, support;
- =item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
- =item bit #57 denoting AES-NI instruction set extension;
- =item bit #59, OSXSAVE bit, denoting availability of YMM registers;
- =item bit #60 denoting AVX extension;
- =item bit #62 denoting availability of RDRAND instruction;
- =back
- For example, clearing bit #26 at run-time disables high-performance
- SSE2 code present in the crypto library, while clearing bit #24
- disables SSE2 code operating on 128-bit XMM register bank. You might
- have to do the latter if target OpenSSL application is executed on SSE2
- capable CPU, but under control of OS that does not enable XMM
- registers. Even though you can manipulate the value programmatically,
- you most likely will find it more appropriate to set up an environment
- variable with the same name prior starting target application, e.g. on
- Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or
- better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same
- effect without modifying the application source code. Alternatively you
- can reconfigure the toolkit with no-sse2 option and recompile.
- Less intuitive is clearing bit #28. The truth is that it's not copied
- from CPUID output verbatim, but is adjusted to reflect whether or not
- the data cache is actually shared between logical cores. This in turn
- affects the decision on whether or not expensive countermeasures
- against cache-timing attacks are applied, most notably in AES assembler
- module.
- The vector is further extended with EBX value returned by CPUID with
- EAX=7 and ECX=0 as input. Following bits are significant:
- =over
- =item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
- =item bit #64+5 denoting availability of AVX2 instructions;
- =item bit #64+8 denoting availability of BMI2 instructions, e.g. MUXL
- and RORX;
- =item bit #64+18 denoting availability of RDSEED instruction;
- =item bit #64+19 denoting availability of ADCX and ADOX instructions;
- =back
|
