[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Wed Jun 22 18:21:16 UTC 2016
The branch master has been updated
via eeac54ef6d7eedd42a97025ddddaf06777be3c6b (commit)
from f430ba31ac81f27f0014320fee335d2dc4562a95 (commit)
- Log -----------------------------------------------------------------
commit eeac54ef6d7eedd42a97025ddddaf06777be3c6b
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Jun 17 16:09:38 2016 +0200
crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/cryptlib.c | 10 ---------
doc/crypto/OPENSSL_ia32cap.pod | 48 +++++++++++++++++++++---------------------
include/openssl/crypto.h | 2 --
test/sha512t.c | 13 ------------
test/wp_test.c | 13 ------------
util/libcrypto.num | 1 -
6 files changed, 24 insertions(+), 63 deletions(-)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 8e189ec..01b8ce5 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -21,10 +21,6 @@
defined(_M_AMD64) || defined(_M_X64)
extern unsigned int OPENSSL_ia32cap_P[4];
-unsigned int *OPENSSL_ia32cap_loc(void)
-{
- return OPENSSL_ia32cap_P;
-}
# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
#include <stdio.h>
@@ -80,12 +76,6 @@ void OPENSSL_cpuid_setup(void)
# else
unsigned int OPENSSL_ia32cap_P[4];
# endif
-
-#else
-unsigned int *OPENSSL_ia32cap_loc(void)
-{
- return NULL;
-}
#endif
int OPENSSL_NONPIC_relocated = 0;
#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod
index 33c25f4..e062e28 100644
--- a/doc/crypto/OPENSSL_ia32cap.pod
+++ b/doc/crypto/OPENSSL_ia32cap.pod
@@ -2,23 +2,22 @@
=head1 NAME
-OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector
+OPENSSL_ia32cap - the x86[_64] processor capabilities vector
=head1 SYNOPSIS
- unsigned int *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
+ env OPENSSL_ia32cap=... <application>
=head1 DESCRIPTION
-Value returned by OPENSSL_ia32cap_loc() is address of a variable
-containing IA-32 processor capabilities bit vector as it appears in
-EDX:ECX register pair after executing CPUID instruction with EAX=1
-input value (see Intel Application Note #241618). Naturally it's
-meaningful on x86 and x86_64 platforms only. The variable is normally
-set up automatically upon toolkit initialization, but can be
-manipulated afterwards to modify crypto library behaviour. For the
-moment of this writing following bits are significant:
+OpenSSL supports a range of x86[_64] instruction set extensions. These
+extensions are denoted by individual bits in capability vector returned
+by processor in EDX:ECX register pair after executing CPUID instruction
+with EAX=1 input value (see Intel Application Note #241618). This vector
+is copied to memory upon toolkit initialization and used to choose
+between different code paths to provide optimal performance across wide
+range of processors. For the moment of this writing following bits are
+significant:
=over
@@ -67,21 +66,22 @@ disables high-performance SSE2 code present in the crypto library, while
clearing bit #24 disables SSE2 code operating on 128-bit XMM register
bank. You might have to do the latter if target OpenSSL application is
executed on SSE2 capable CPU, but under control of OS that does not
-enable XMM registers. Even though you can manipulate the value
-programmatically, you most likely will find it more appropriate to set
-up an environment variable with the same name prior starting target
-application, e.g. on Intel P4 processor 'env OPENSSL_ia32cap=0x16980010
-apps/openssl', or better yet 'env OPENSSL_ia32cap=~0x1000000
-apps/openssl' to achieve same effect without modifying the application
-source code. Alternatively you can reconfigure the toolkit with no-sse2
+enable XMM registers. Historically address of the capability vector copy
+was exposed to application through OPENSSL_ia32cap_loc(), but not
+anymore. Now the only way to affect the capability detection is to set
+OPENSSL_ia32cap envrionment variable prior target application start. To
+give a specific example, on Intel P4 processor 'env
+OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env
+OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired
+effect. Alternatively you can reconfigure the toolkit with no-sse2
option and recompile.
-Less intuitive is clearing bit #28. The truth is that it's not copied
-from CPUID output verbatim, but is adjusted to reflect whether or not
-the data cache is actually shared between logical cores. This in turn
-affects the decision on whether or not expensive countermeasures
-against cache-timing attacks are applied, most notably in AES assembler
-module.
+Less intuitive is clearing bit #28, or ~0x10000000 in the "environment
+variable" terms. The truth is that it's not copied from CPUID output
+verbatim, but is adjusted to reflect whether or not the data cache is
+actually shared between logical cores. This in turn affects the decision
+on whether or not expensive countermeasures against cache-timing attacks
+are applied, most notably in AES assembler module.
The capability vector is further extended with EBX value returned by
CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 0f59349..2e056c5 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -317,8 +317,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line
# define OPENSSL_assert(e) \
(void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
-unsigned int *OPENSSL_ia32cap_loc(void);
-# define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
int OPENSSL_isservice(void);
int FIPS_mode(void);
diff --git a/test/sha512t.c b/test/sha512t.c
index e741b27..b11fcaa 100644
--- a/test/sha512t.c
+++ b/test/sha512t.c
@@ -81,19 +81,6 @@ int main(int argc, char **argv)
int i;
EVP_MD_CTX *evp;
-# ifdef OPENSSL_IA32_SSE2
- /*
- * Alternative to this is to call OpenSSL_add_all_algorithms... The below
- * code is retained exclusively for debugging purposes.
- */
- {
- char *env;
-
- if ((env = getenv("OPENSSL_ia32cap")))
- OPENSSL_ia32cap = strtoul(env, NULL, 0);
- }
-# endif
-
fprintf(stdout, "Testing SHA-512 ");
EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
diff --git a/test/wp_test.c b/test/wp_test.c
index 40859ba..7b5cc04 100644
--- a/test/wp_test.c
+++ b/test/wp_test.c
@@ -128,19 +128,6 @@ int main(int argc, char *argv[])
int i;
WHIRLPOOL_CTX ctx;
-# ifdef OPENSSL_IA32_SSE2
- /*
- * Alternative to this is to call OpenSSL_add_all_algorithms... The below
- * code is retained exclusively for debugging purposes.
- */
- {
- char *env;
-
- if ((env = getenv("OPENSSL_ia32cap")))
- OPENSSL_ia32cap = strtoul(env, NULL, 0);
- }
-# endif
-
fprintf(stdout, "Testing Whirlpool ");
WHIRLPOOL("", 0, md);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 408677c..fa07ecf 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2841,7 +2841,6 @@ d2i_ASN1_T61STRING 2793 1_1_0 EXIST::FUNCTION:
DES_pcbc_encrypt 2794 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_print_params 2795 1_1_0 EXIST::FUNCTION:
BN_get0_nist_prime_192 2796 1_1_0 EXIST::FUNCTION:
-OPENSSL_ia32cap_loc 2797 1_1_0 EXIST::FUNCTION:
EVP_SealInit 2798 1_1_0 EXIST::FUNCTION:RSA
X509_REQ_get0_signature 2799 1_1_0 EXIST::FUNCTION:
PKEY_USAGE_PERIOD_free 2800 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list