From 9de9551b76e41d5ae61b31a55aeadad57fa7e087 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Thu, 30 Jan 2020 09:22:40 -0300
Subject: [PATCH] afalg_engine: Update to 1.2.0-beta.1

This is a beta release that introduces a software fallback mechanism
that greatly speeds up smaller requests by fulfilling them in software,
avoiding the latency of switching to kernel-mode for small jobs.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
 libs/afalg_engine/Config.in | 43 +++++++++++++++++++++++++++++++++++++
 libs/afalg_engine/Makefile  | 24 ++++++++++++---------
 2 files changed, 57 insertions(+), 10 deletions(-)
 create mode 100644 libs/afalg_engine/Config.in

diff --git a/libs/afalg_engine/Config.in b/libs/afalg_engine/Config.in
new file mode 100644
index 0000000000..ed67f52039
--- /dev/null
+++ b/libs/afalg_engine/Config.in
@@ -0,0 +1,43 @@
+if PACKAGE_libopenssl-afalg_sync
+    comment "Build Options"
+
+    config AFALG_DIGESTS
+	bool "Build support for digest acceleration"
+	help
+	    Digests are fast in software, and accessing AF_ALG adds latency, so
+	    you'll need a large request (16KB) just to match software speed.
+	    This increases memory usage, and has problems when process fork
+	    with open digest contexts (openssh will not work because of it).
+
+    config AFALG_FALLBACK
+	bool "Enable software fallback feature"
+	default y
+	help
+	    Use software to fulfill small requests.  Using AF_ALG adds latency,
+	    which makes it slow to perform small requests.  Enabling this
+	    option overcomes this problem, at the cost of increased memory
+	    and CPU usage.  This is a new, experimental feature; if you
+	    encounter any problem, this is the first option to disable.
+	    The fallback will fail if you enable this engine alongside
+	    devcrypto, so you'll not be able to install both at the same
+	    time if this option is enabled.
+
+    config AFALG_UPDATE_CTR_IV
+	bool "Don't rely on kernel to update CTR IV"
+	default y
+	help
+	    Don't count on the kernel driver to update the CTR-mode counter
+	    (IV).  At least one driver does not update the IV as a workaround
+	    for DMA issues.  With this option turned on, the engine will keep
+	    track of the counter, and the IV will be sent with every update.
+	    If fallback is enabled, then the counter needs to be updated by
+	    the engine anyway, and sent with the request everytime there's a
+	    switch from software to hardware, so this won't bring much gain in
+	    that case.
+
+    config AFALG_ZERO_COPY
+	bool "Use Zero-Copy Mode"
+	help
+	    Uses a Zero-Copy interface.  Even though it is supposed to improve
+	    performance, actual measurements indicate otherwise.
+endif
diff --git a/libs/afalg_engine/Makefile b/libs/afalg_engine/Makefile
index ed9f22e459..c312c4a884 100644
--- a/libs/afalg_engine/Makefile
+++ b/libs/afalg_engine/Makefile
@@ -7,17 +7,21 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=afalg_engine
-PKG_VERSION:=1.1.0
+PKG_VERSION:=1.2.0-beta.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION)
-PKG_HASH:=0c0304558e9450752656522a8f9036130f4e745c4818f02f92cb8d6c99357ed6
+PKG_HASH:=6f0da98a3c12eaf50331ac7cd81f7b8800abf54b96fd73bd3e37cc50fd3d2ba8
 
 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
-PKG_CONFIG_DEPENDS:= CONFIG_AFALG_ZERO_COPY
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_AFALG_DIGESTS \
+	CONFIG_AFALG_FALLBACK \
+	CONFIG_AFALG_UPDATE_CTR_IV \
+	CONFIG_AFALG_ZERO_COPY
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
@@ -33,7 +37,8 @@ define Package/libopenssl-afalg_sync
     URL:=https://github.com/cotequeiroz/afalg_engine
     DEPENDS:=libopenssl @OPENSSL_ENGINE @!OPENSSL_ENGINE_BUILTIN_AFALG \
 	     +libopenssl-conf +kmod-crypto-user
-    CONFLICTS:=libopenssl-afalg
+    CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto)
+    MENU:=1
 endef
 
 define Package/libopenssl-afalg_sync/description
@@ -41,21 +46,20 @@ define Package/libopenssl-afalg_sync/description
     engine, but using the AF_ALG interface instead of /dev/crypto
 
     It is different than the AF_ALG engine that ships with OpenSSL:
+     - it is faster
      - it uses sync calls, instead of async
      - it suports more algorithms
 endef
 
 define Package/libopenssl-afalg_sync/config
-    config AFALG_ZERO_COPY
-        depends on PACKAGE_libopenssl-afalg_sync
-	bool "Use Zero-Copy Mode"
-	help
-	    Uses a Zero-Copy interface.  Even though it is supposed to improve
-	    performance, actual measurements indicate otherwise.
+    source "$(SOURCE)/Config.in"
 endef
 
 CMAKE_OPTIONS += \
 	-DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \
+	-DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \
+	-DFALLBACK=$(if $(CONFIG_AFALG_FALLBACK),ON,OFF) \
+	-DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \
 	-DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF)
 
 define Package/libopenssl-afalg_sync/install