openssl/doc/man3/OPENSSL_ia32cap.pod

=pod

=head1 NAME

OPENSSL_ia32cap - the x86[_64] processor capabilities vector

=head1 SYNOPSIS

 env OPENSSL_ia32cap=... <application>

=head1 DESCRIPTION

OpenSSL supports a range of x86[_64] instruction set extensions. These
extensions are denoted by individual bits in capability vector returned
by processor in EDX:ECX register pair after executing CPUID instruction
with EAX=1 input value (see Intel Application Note #241618). This vector
is copied to memory upon toolkit initialization and used to choose
between different code paths to provide optimal performance across wide
range of processors. For the moment of this writing following bits are
significant:

=over 4

=item bit #4 denoting presence of Time-Stamp Counter.

=item bit #19 denoting availability of CLFLUSH instruction;

=item bit #20, reserved by Intel, is used to choose among RC4 code paths;

=item bit #23 denoting MMX support;

=item bit #24, FXSR bit, denoting availability of XMM registers;

=item bit #25 denoting SSE support;

=item bit #26 denoting SSE2 support;

=item bit #28 denoting Hyperthreading, which is used to distinguish
cores with shared cache;

=item bit #30, reserved by Intel, denotes specifically Intel CPUs;

=item bit #33 denoting availability of PCLMULQDQ instruction;

=item bit #41 denoting SSSE3, Supplemental SSE3, support;

=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);

=item bit #54 denoting availability of MOVBE instruction;

=item bit #57 denoting AES-NI instruction set extension;

=item bit #58, XSAVE bit, lack of which in combination with MOVBE is used
to identify Atom Silvermont core;

=item bit #59, OSXSAVE bit, denoting availability of YMM registers;

=item bit #60 denoting AVX extension;

=item bit #62 denoting availability of RDRAND instruction;

=back

For example, in 32-bit application context clearing bit #26 at run-time
disables high-performance SSE2 code present in the crypto library, while
clearing bit #24 disables SSE2 code operating on 128-bit XMM register
bank. You might have to do the latter if target OpenSSL application is
executed on SSE2 capable CPU, but under control of OS that does not
enable XMM registers. Historically address of the capability vector copy
was exposed to application through OPENSSL_ia32cap_loc(), but not
anymore. Now the only way to affect the capability detection is to set
B<OPENSSL_ia32cap> environment variable prior target application start. To
give a specific example, on Intel P4 processor
C<env OPENSSL_ia32cap=0x16980010 apps/openssl>, or better yet
C<env OPENSSL_ia32cap=~0x1000000 apps/openssl> would achieve the desired
effect. Alternatively you can reconfigure the toolkit with no-sse2
option and recompile.

Less intuitive is clearing bit #28, or ~0x10000000 in the "environment
variable" terms. The truth is that it's not copied from CPUID output
verbatim, but is adjusted to reflect whether or not the data cache is
actually shared between logical cores. This in turn affects the decision
on whether or not expensive countermeasures against cache-timing attacks
are applied, most notably in AES assembler module.

The capability vector is further extended with EBX value returned by
CPUID with EAX=7 and ECX=0 as input. Following bits are significant:

=over 4

=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;

=item bit #64+5 denoting availability of AVX2 instructions;

=item bit #64+8 denoting availability of BMI2 instructions, e.g. MULX
and RORX;

=item bit #64+16 denoting availability of AVX512F extension;

=item bit #64+17 denoting availability of AVX512DQ extension;

=item bit #64+18 denoting availability of RDSEED instruction;

=item bit #64+19 denoting availability of ADCX and ADOX instructions;

=item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions,
aka AVX512IFMA extension;

=item bit #64+29 denoting availability of SHA extension;

=item bit #64+30 denoting availability of AVX512BW extension;

=item bit #64+31 denoting availability of AVX512VL extension;

=item bit #64+41 denoting availability of VAES extension;

=item bit #64+42 denoting availability of VPCLMULQDQ extension;

=back

To control this extended capability word use C<:> as delimiter when
setting up B<OPENSSL_ia32cap> environment variable. For example assigning
C<:~0x20> would disable AVX2 code paths, and C<:0> - all post-AVX
extensions.

=head1 RETURN VALUES

Not available.

=head1 COPYRIGHT

Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly... 2004-07-27 04:18:55 +08:00			`=pod`

			`=head1 NAME`

crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`OPENSSL_ia32cap - the x86[_64] processor capabilities vector`
Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly... 2004-07-27 04:18:55 +08:00
			`=head1 SYNOPSIS`

crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`env OPENSSL_ia32cap=... <application>`
Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly... 2004-07-27 04:18:55 +08:00
			`=head1 DESCRIPTION`

crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`OpenSSL supports a range of x86[_64] instruction set extensions. These`
			`extensions are denoted by individual bits in capability vector returned`
			`by processor in EDX:ECX register pair after executing CPUID instruction`
			`with EAX=1 input value (see Intel Application Note #241618). This vector`
			`is copied to memory upon toolkit initialization and used to choose`
			`between different code paths to provide optimal performance across wide`
			`range of processors. For the moment of this writing following bits are`
			`significant:`
x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00
Standardize on =over 4 and check for it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117) 2017-04-04 03:39:09 +08:00			`=over 4`
Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00
x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00			`=item bit #4 denoting presence of Time-Stamp Counter.`

			`=item bit #19 denoting availability of CLFLUSH instruction;`

			`=item bit #20, reserved by Intel, is used to choose among RC4 code paths;`

			`=item bit #23 denoting MMX support;`

			`=item bit #24, FXSR bit, denoting availability of XMM registers;`

			`=item bit #25 denoting SSE support;`

			`=item bit #26 denoting SSE2 support;`

Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00			`=item bit #28 denoting Hyperthreading, which is used to distinguish`
			`cores with shared cache;`
x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00
x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. 2011-05-27 23:32:43 +08:00			`=item bit #30, reserved by Intel, denotes specifically Intel CPUs;`
x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00
			`=item bit #33 denoting availability of PCLMULQDQ instruction;`

			`=item bit #41 denoting SSSE3, Supplemental SSE3, support;`

x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. 2011-05-27 23:32:43 +08:00			`=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);`
x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`=item bit #54 denoting availability of MOVBE instruction;`

x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00			`=item bit #57 denoting AES-NI instruction set extension;`

doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`=item bit #58, XSAVE bit, lack of which in combination with MOVBE is used`
			`to identify Atom Silvermont core;`

x86[_64]cpuid.pl: handle new extensions. 2011-05-17 04:35:11 +08:00			`=item bit #59, OSXSAVE bit, denoting availability of YMM registers;`

			`=item bit #60 denoting AVX extension;`
Update x86cpuid.pl to correctly detect shared cache and to support new RC4_set_key. 2007-04-02 01:28:08 +08:00
x86[_64]cpuid.pl: add function accessing rdrand instruction. 2011-06-04 20:20:45 +08:00			`=item bit #62 denoting availability of RDRAND instruction;`

Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00			`=back`

doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`For example, in 32-bit application context clearing bit #26 at run-time`
			`disables high-performance SSE2 code present in the crypto library, while`
			`clearing bit #24 disables SSE2 code operating on 128-bit XMM register`
			`bank. You might have to do the latter if target OpenSSL application is`
			`executed on SSE2 capable CPU, but under control of OS that does not`
crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`enable XMM registers. Historically address of the capability vector copy`
			`was exposed to application through OPENSSL_ia32cap_loc(), but not`
			`anymore. Now the only way to affect the capability detection is to set`
Document more env var stuff, fix some typo's Add openssl-env.pod Also fix up many other environment page formatting nits. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10135) 2019-10-10 03:45:12 +08:00			`B<OPENSSL_ia32cap> environment variable prior target application start. To`
			`give a specific example, on Intel P4 processor`
			`C<env OPENSSL_ia32cap=0x16980010 apps/openssl>, or better yet`
			`C<env OPENSSL_ia32cap=~0x1000000 apps/openssl> would achieve the desired`
crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`effect. Alternatively you can reconfigure the toolkit with no-sse2`
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`option and recompile.`
Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly... 2004-07-27 04:18:55 +08:00
crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-17 22:09:38 +08:00			`Less intuitive is clearing bit #28, or ~0x10000000 in the "environment`
			`variable" terms. The truth is that it's not copied from CPUID output`
			`verbatim, but is adjusted to reflect whether or not the data cache is`
			`actually shared between logical cores. This in turn affects the decision`
			`on whether or not expensive countermeasures against cache-timing attacks`
			`are applied, most notably in AES assembler module.`
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-18 03:04:15 +08:00
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`The capability vector is further extended with EBX value returned by`
			`CPUID with EAX=7 and ECX=0 as input. Following bits are significant:`
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-18 03:04:15 +08:00
Standardize on =over 4 and check for it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117) 2017-04-04 03:39:09 +08:00			`=over 4`
Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-18 03:04:15 +08:00			`=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;`

			`=item bit #64+5 denoting availability of AVX2 instructions;`

doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`=item bit #64+8 denoting availability of BMI2 instructions, e.g. MULX`
Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00			`and RORX;`
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-18 03:04:15 +08:00
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`=item bit #64+16 denoting availability of AVX512F extension;`

Add documentation for CPUID bit #64+17 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19670) (cherry picked from commit ec7689186f3ea5c1a4d1564089cd8df287dfcf3c) 2022-11-14 19:56:32 +08:00			`=item bit #64+17 denoting availability of AVX512DQ extension;`

Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-18 03:04:15 +08:00			`=item bit #64+18 denoting availability of RDSEED instruction;`

Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00			`=item bit #64+19 denoting availability of ADCX and ADOX instructions;`

man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-12-14 20:33:40 +08:00			`=item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions,`
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12320) 2020-06-30 03:13:07 +08:00			`aka AVX512IFMA extension;`
man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-12-14 20:33:40 +08:00
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`=item bit #64+29 denoting availability of SHA extension;`

			`=item bit #64+30 denoting availability of AVX512BW extension;`

			`=item bit #64+31 denoting availability of AVX512VL extension;`

OPENSSL_ia32cap: reserve for new extensions. Reviewed-by: Rich Salz <rsalz@openssl.org> 2017-11-06 03:03:17 +08:00			`=item bit #64+41 denoting availability of VAES extension;`

			`=item bit #64+42 denoting availability of VPCLMULQDQ extension;`

Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-13 06:42:08 +08:00			`=back`
Ensure =cut is last line in every file. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 22:16:40 +08:00
Document more env var stuff, fix some typo's Add openssl-env.pod Also fix up many other environment page formatting nits. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10135) 2019-10-10 03:45:12 +08:00			`To control this extended capability word use C<:> as delimiter when`
			`setting up B<OPENSSL_ia32cap> environment variable. For example assigning`
			`C<:~0x20> would disable AVX2 code paths, and C<:0> - all post-AVX`
doc/crypto/OPENSSL_ia32cap.pod update. Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-06-12 18:31:40 +08:00			`extensions.`

Enforce return values section check To avoid check failure, make dummy RETURN VALUES sections in the docs which have no real functions decribed inside... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976) 2018-01-03 01:07:57 +08:00			`=head1 RETURN VALUES`

			`Not available.`

Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801) 2021-04-08 20:04:41 +08:00			`Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829) 2018-12-06 21:04:44 +08:00			`Licensed under the Apache License 2.0 (the "License"). You may not use`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`