=head1 NAME
-OPENSSL_ia32cap
+OPENSSL_ia32cap - finding the IA-32 processor capabilities
=head1 SYNOPSIS
- extern unsigned long OPENSSL_ia32cap;
- unsigned long *OPENSSL_ia32cap_loc();
+ unsigned int *OPENSSL_ia32cap_loc(void);
+ #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
=head1 DESCRIPTION
-OPENSSL_ia32cap is a variable containing IA-32 processor capabilities
-bit vector as it appears in EDX register after executing CPUID
-instruction with EAX=1 input value (see Intel Application Note
-#241618). Naturally it's defined/meaningful on IA-32 platforms only.
-The variable is normally set up automatically upon toolkit
-initialization and can be manipulated afterwards to modify crypto
-library behaviour. For the moment of this writing only two bits are
-significant, namely bit #26 denoting SSE2 support, and bit #4 denoting
-presence of Time-Stamp Counter. Resetting bit #26 at run-time for
-example disables high-performance SSE2 code present in the crypto
-library. You might have to do this if target OpenSSL application is
-executed on SSE2 capable CPU, but under control of OS which does not
-support SSE2 extentions. Even though you can programmatically
-manipulate the value, you most likely will find it more appropriate to
-set up an environment variable with the same name prior starting target
-application, e.g. 'env OPENSSL_ia32cap=0x10 apps/openssl', to achieve
-same effect without modifying the application source code.
-Alternatively you can reconfigure the toolkit with no-sse2 option and
-recompile.
+Value returned by OPENSSL_ia32cap_loc() is address of a variable
+containing IA-32 processor capabilities bit vector as it appears in
+EDX:ECX register pair after executing CPUID instruction with EAX=1
+input value (see Intel Application Note #241618). Naturally it's
+meaningful on x86 and x86_64 platforms only. The variable is normally
+set up automatically upon toolkit initialization, but can be
+manipulated afterwards to modify crypto library behaviour. For the
+moment of this writing seven bits are significant, namely:
+1. bit #4 denoting presence of Time-Stamp Counter.
+2. bit #20, reserved by Intel, is used to choose among RC4 code
+ paths;
+3. bit #23 denoting MMX support;
+4. bit #25 denoting SSE support;
+5. bit #26 denoting SSE2 support;
+6. bit #28 denoting Hyperthreading, which is used to distiguish
+ cores with shared cache;
+7. bit #30, reserved by Intel, is used to choose among RC4 code
+ paths;
+8. bit #57 denoting Intel AES instruction set extension;
+
+For example, clearing bit #26 at run-time disables high-performance
+SSE2 code present in the crypto library. You might have to do this if
+target OpenSSL application is executed on SSE2 capable CPU, but under
+control of OS which does not support SSE2 extentions. Even though you
+can manipulate the value programmatically, you most likely will find it
+more appropriate to set up an environment variable with the same name
+prior starting target application, e.g. on Intel P4 processor 'env
+OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect
+without modifying the application source code. Alternatively you can
+reconfigure the toolkit with no-sse2 option and recompile.
+
+Less intuituve is clearing bit #28. The truth is that it's not copied
+from CPUID output verbatim, but is adjusted to reflect whether or not
+the data cache is actually shared between logical cores. This in turn
+affects the decision on whether or not expensive countermeasures
+against cache-timing attacks are applied, most notably in AES assembler
+module.
=cut
projects / oweals / openssl.git / blobdiff