diff options
| author | Andy Polyakov <appro@openssl.org> | 2009-04-26 17:49:41 +0000 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2009-04-26 17:49:41 +0000 |
| commit | e303f55fc7dcfce113d71e0ab9652c69fb1ec36d (patch) | |
| tree | 3654d399cf52ae56e78a6d7efcfe59cff884d5df /doc | |
| parent | d2617165adb82bcef8488e98c952ad705348ef6f (diff) | |
Expand OPENSS_ia32cap to 64 bits.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/crypto/OPENSSL_ia32cap.pod | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod index 2e659d34a5..b7d8a7618f 100644 --- a/doc/crypto/OPENSSL_ia32cap.pod +++ b/doc/crypto/OPENSSL_ia32cap.pod @@ -6,28 +6,29 @@ OPENSSL_ia32cap - finding the IA-32 processor capabilities =head1 SYNOPSIS - unsigned long *OPENSSL_ia32cap_loc(void); - #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + unsigned int *OPENSSL_ia32cap_loc(void); + #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0]) =head1 DESCRIPTION Value returned by OPENSSL_ia32cap_loc() is address of a variable -containing IA-32 processor capabilities bit vector as it appears in EDX -register after executing CPUID instruction with EAX=1 input value (see -Intel Application Note #241618). Naturally it's meaningful on IA-32[E] -platforms only. The variable is normally set up automatically upon -toolkit initialization, but can be manipulated afterwards to modify -crypto library behaviour. For the moment of this writing six bits are -significant, namely: - -1. bit #28 denoting Hyperthreading, which is used to distiguish +containing IA-32 processor capabilities bit vector as it appears in +EDX:ECX register pair after executing CPUID instruction with EAX=1 +input value (see Intel Application Note #241618). Naturally it's +meaningful on x86 and x86_64 platforms only. The variable is normally +set up automatically upon toolkit initialization, but can be +manipulated afterwards to modify crypto library behaviour. For the +moment of this writing seven bits are significant, namely: + +1. bit #4 denoting presence of Time-Stamp Counter. +2. bit #20, reserved by Intel, is used to choose between RC4 code + paths; +3. bit #23 denoting MMX support; +4. bit #25 denoting SSE support; +5. bit #26 denoting SSE2 support; +6. bit #28 denoting Hyperthreading, which is used to distiguish cores with shared cache; -2. bit #26 denoting SSE2 support; -3. bit #25 denoting SSE support; -4. bit #23 denoting MMX support; -5. bit #20, reserved by Intel, is used to choose between RC4 code - pathes; -6. bit #4 denoting presence of Time-Stamp Counter. +7. bit #57 denoting Intel AES instruction set extension; For example, clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library. You might have to do this if @@ -40,4 +41,10 @@ OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect without modifying the application source code. Alternatively you can reconfigure the toolkit with no-sse2 option and recompile. +Less intuituve is clearing bit #28. The truth is that it's not copied +from CPUID output verbatim, but is adjusted to reflect whether or not +the data cache is actually shared between logical cores. This in turn +affects the decision on whether or not expensive countermeasures +against cache-timing attacks are applied, most notably in AES assembler +module. =cut |