From 9de9551b76e41d5ae61b31a55aeadad57fa7e087 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 30 Jan 2020 09:22:40 -0300 Subject: [PATCH] afalg_engine: Update to 1.2.0-beta.1 This is a beta release that introduces a software fallback mechanism that greatly speeds up smaller requests by fulfilling them in software, avoiding the latency of switching to kernel-mode for small jobs. Signed-off-by: Eneas U de Queiroz --- libs/afalg_engine/Config.in | 43 +++++++++++++++++++++++++++++++++++++ libs/afalg_engine/Makefile | 24 ++++++++++++--------- 2 files changed, 57 insertions(+), 10 deletions(-) create mode 100644 libs/afalg_engine/Config.in diff --git a/libs/afalg_engine/Config.in b/libs/afalg_engine/Config.in new file mode 100644 index 0000000000..ed67f52039 --- /dev/null +++ b/libs/afalg_engine/Config.in @@ -0,0 +1,43 @@ +if PACKAGE_libopenssl-afalg_sync + comment "Build Options" + + config AFALG_DIGESTS + bool "Build support for digest acceleration" + help + Digests are fast in software, and accessing AF_ALG adds latency, so + you'll need a large request (16KB) just to match software speed. + This increases memory usage, and has problems when process fork + with open digest contexts (openssh will not work because of it). + + config AFALG_FALLBACK + bool "Enable software fallback feature" + default y + help + Use software to fulfill small requests. Using AF_ALG adds latency, + which makes it slow to perform small requests. Enabling this + option overcomes this problem, at the cost of increased memory + and CPU usage. This is a new, experimental feature; if you + encounter any problem, this is the first option to disable. + The fallback will fail if you enable this engine alongside + devcrypto, so you'll not be able to install both at the same + time if this option is enabled. + + config AFALG_UPDATE_CTR_IV + bool "Don't rely on kernel to update CTR IV" + default y + help + Don't count on the kernel driver to update the CTR-mode counter + (IV). At least one driver does not update the IV as a workaround + for DMA issues. With this option turned on, the engine will keep + track of the counter, and the IV will be sent with every update. + If fallback is enabled, then the counter needs to be updated by + the engine anyway, and sent with the request everytime there's a + switch from software to hardware, so this won't bring much gain in + that case. + + config AFALG_ZERO_COPY + bool "Use Zero-Copy Mode" + help + Uses a Zero-Copy interface. Even though it is supposed to improve + performance, actual measurements indicate otherwise. +endif diff --git a/libs/afalg_engine/Makefile b/libs/afalg_engine/Makefile index ed9f22e459..c312c4a884 100644 --- a/libs/afalg_engine/Makefile +++ b/libs/afalg_engine/Makefile @@ -7,17 +7,21 @@ include $(TOPDIR)/rules.mk PKG_NAME:=afalg_engine -PKG_VERSION:=1.1.0 +PKG_VERSION:=1.2.0-beta.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION) -PKG_HASH:=0c0304558e9450752656522a8f9036130f4e745c4818f02f92cb8d6c99357ed6 +PKG_HASH:=6f0da98a3c12eaf50331ac7cd81f7b8800abf54b96fd73bd3e37cc50fd3d2ba8 PKG_MAINTAINER:=Eneas U de Queiroz PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE -PKG_CONFIG_DEPENDS:= CONFIG_AFALG_ZERO_COPY +PKG_CONFIG_DEPENDS:= \ + CONFIG_AFALG_DIGESTS \ + CONFIG_AFALG_FALLBACK \ + CONFIG_AFALG_UPDATE_CTR_IV \ + CONFIG_AFALG_ZERO_COPY include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -33,7 +37,8 @@ define Package/libopenssl-afalg_sync URL:=https://github.com/cotequeiroz/afalg_engine DEPENDS:=libopenssl @OPENSSL_ENGINE @!OPENSSL_ENGINE_BUILTIN_AFALG \ +libopenssl-conf +kmod-crypto-user - CONFLICTS:=libopenssl-afalg + CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto) + MENU:=1 endef define Package/libopenssl-afalg_sync/description @@ -41,21 +46,20 @@ define Package/libopenssl-afalg_sync/description engine, but using the AF_ALG interface instead of /dev/crypto It is different than the AF_ALG engine that ships with OpenSSL: + - it is faster - it uses sync calls, instead of async - it suports more algorithms endef define Package/libopenssl-afalg_sync/config - config AFALG_ZERO_COPY - depends on PACKAGE_libopenssl-afalg_sync - bool "Use Zero-Copy Mode" - help - Uses a Zero-Copy interface. Even though it is supposed to improve - performance, actual measurements indicate otherwise. + source "$(SOURCE)/Config.in" endef CMAKE_OPTIONS += \ -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \ + -DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \ + -DFALLBACK=$(if $(CONFIG_AFALG_FALLBACK),ON,OFF) \ + -DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \ -DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF) define Package/libopenssl-afalg_sync/install