From 6cba4a66619dfb2c5cb784fe5aa5677cafbf9a33 Mon Sep 17 00:00:00 2001
From: clucey <catriona.lucey@intel.com>
Date: Tue, 23 Feb 2016 08:01:01 +0000
Subject: [PATCH] Rework based on feedback: 1. Cleaned up eventfd handling 2.
 Reworked socket setup code to allow other algorithms to be added in    future
 3. Fixed compile errors for static build 4. Added error to error stack in all
 cases of ALG_PERR/ALG_ERR 5. Called afalg_aes_128_cbc() from bind() to avoid
 race conditions 6. Used MAX_INFLIGHT define in io_getevents system call 7.
 Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
 Configure                        |   6 +-
 crypto/include/internal/engine.h |   1 +
 crypto/init.c                    |  20 ++-
 engines/afalg/Makefile.in        |   2 +-
 engines/afalg/build.info         |  15 ++-
 engines/afalg/e_afalg.c          | 208 +++++++++++++++++--------------
 engines/afalg/e_afalg.h          |  17 ++-
 engines/afalg/e_afalg_err.c      |   5 +
 engines/afalg/e_afalg_err.h      |   4 +
 include/openssl/crypto.h         |   1 +
 include/openssl/engine.h         |   2 +
 11 files changed, 172 insertions(+), 109 deletions(-)

diff --git a/Configure b/Configure
index 1a578be091..5fd3363066 100755
--- a/Configure
+++ b/Configure
@@ -1183,7 +1183,11 @@ if ($target =~ m/^linux/) {
         my ($ma, $mi1, $mi2) = split("\\.", $verstr);
         ($mi2) = $mi2 =~ /(\d+)/;
         my $ver = $ma*10000 + $mi1*100 + $mi2;
-        $config{afalg}="afalg" if ($ver >= $minver);
+        if ($ver >= $minver) {
+            $config{afalg}="afalg";
+        } else {
+            push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG";
+        }
     }
 }
 push @{$config{engdirs}}, $config{afalg};
diff --git a/crypto/include/internal/engine.h b/crypto/include/internal/engine.h
index 4b70e55360..abdb8cc49f 100644
--- a/crypto/include/internal/engine.h
+++ b/crypto/include/internal/engine.h
@@ -61,3 +61,4 @@ void engine_load_dynamic_internal(void);
 void engine_load_padlock_internal(void);
 void engine_load_capi_internal(void);
 void engine_load_dasync_internal(void);
+void engine_load_afalg_internal(void);
diff --git a/crypto/init.c b/crypto/init.c
index 613606ebdc..2c0bde66f4 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -470,6 +470,18 @@ static void ossl_init_engine_dasync(void)
     engine_load_dasync_internal();
     engine_inited = 1;
 }
+#  if !defined(OPENSSL_NO_AFALGENG)
+static OPENSSL_INIT_ONCE engine_afalg = OPENSSL_INIT_ONCE_STATIC_INIT;
+static void ossl_init_engine_afalg(void)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+                    "engine_load_afalg_internal()\n");
+#   endif
+    engine_load_afalg_internal();
+    engine_inited = 1;
+}
+#  endif
 # endif
 #endif
 
@@ -718,9 +730,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     if (opts & OPENSSL_INIT_ENGINE_DASYNC) {
         ossl_init_once_run(&engine_dasync, ossl_init_engine_dasync);
     }
+#  if !defined(OPENSSL_NO_AFALGENG)
+    if (opts & OPENSSL_INIT_ENGINE_AFALG) {
+        ossl_init_once_run(&engine_afalg, ossl_init_engine_afalg);
+    }
+#  endif
 # endif
     if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
-                | OPENSSL_INIT_ENGINE_DASYNC | OPENSSL_INIT_ENGINE_OPENSSL)) {
+                | OPENSSL_INIT_ENGINE_DASYNC | OPENSSL_INIT_ENGINE_OPENSSL
+                | OPENSSL_INIT_ENGINE_AFALG)) {
         ENGINE_register_all_complete();
     }
 #endif
diff --git a/engines/afalg/Makefile.in b/engines/afalg/Makefile.in
index 8120272324..448e10e745 100644
--- a/engines/afalg/Makefile.in
+++ b/engines/afalg/Makefile.in
@@ -61,7 +61,7 @@ install:
 		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
 	fi
 
-depend: 
+depend:
 	@[ -z "$(THIS)" ] || $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC)
 
 files:
diff --git a/engines/afalg/build.info b/engines/afalg/build.info
index 5336de7995..c5d541b91d 100644
--- a/engines/afalg/build.info
+++ b/engines/afalg/build.info
@@ -1,8 +1,13 @@
 {- use File::Spec::Functions qw/:DEFAULT rel2abs/; -}
 
-IF[{- $config{afalg} eq "afalg" -}] 
- ENGINES=libafalg
- SOURCE[libafalg]=e_afalg.c e_afalg_err.c
- DEPEND[libafalg]=../../libcrypto
- INCLUDE[libafalg]= {- rel2abs(catdir($builddir,"../include")) -} ../../include
+IF[{- $config{afalg} eq "afalg" -}]
+ IF[{- $config{no_shared} -}]
+  LIBS=../../libcrypto
+  SOURCE[../../libcrypto]=e_afalg.c e_afalg_err.c
+ ELSE
+  ENGINES=libafalg
+  SOURCE[libafalg]=e_afalg.c e_afalg_err.c
+  DEPEND[libafalg]=../../libcrypto
+  INCLUDE[libafalg]= {- rel2abs(catdir($builddir,"../include")) -} ../../include
+ ENDIF
 ENDIF
diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c
index b3ca38accb..30a5e388c4 100644
--- a/engines/afalg/e_afalg.c
+++ b/engines/afalg/e_afalg.c
@@ -99,11 +99,19 @@
 # define ALG_OP_TYPE     unsigned int
 # define ALG_OP_LEN      (sizeof(ALG_OP_TYPE))
 
+#define ALG_MAX_SALG_NAME       64
+#define ALG_MAX_SALG_TYPE       14
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_afalg_internal(void);
+# endif
+
 /* Local Linkage Functions */
 static int afalg_init_aio(afalg_aio *aio);
 static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
                                 unsigned char *buf, size_t len);
-static int afalg_create_bind_sk(void);
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername);
 static int afalg_destroy(ENGINE *e);
 static int afalg_init(ENGINE *e);
 static int afalg_finish(ENGINE *e);
@@ -165,6 +173,7 @@ static int afalg_setup_async_event_notification(afalg_aio *aio)
     ASYNC_JOB *job;
     ASYNC_WAIT_CTX *waitctx;
     void *custom = NULL;
+    int ret;
 
     if ((job = ASYNC_get_current_job()) != NULL) {
         /* Async mode */
@@ -174,45 +183,45 @@ static int afalg_setup_async_event_notification(afalg_aio *aio)
             return 0;
         }
         /* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */
-        if (0 == ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
-                                       &aio->efd_async, &custom)) {
-            /* waitfd is not set in ASYNC_WAIT_CTX so we set it */
-            /* efd_async will be signaled when AIO operation completes */
-            aio->efd_async = eventfd(0);
-            if (aio->efd_async == -1) {
+        ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
+                                    &aio->efd, &custom);
+        if (ret == 0) {
+            /*
+             * waitfd is not set in ASYNC_WAIT_CTX, create a new one
+             * and set it. efd will be signaled when AIO operation completes
+             */
+            aio->efd = eventfd(0);
+            if (aio->efd == -1) {
                 ALG_PERR("%s: Failed to get eventfd : ", __func__);
                 AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
                          AFALG_R_EVENTFD_FAILED);
                 return 0;
             }
-            if (0 ==
-                ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
-                                           aio->efd_async, custom,
-                                           afalg_waitfd_cleanup)) {
+            ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
+                                             aio->efd, custom,
+                                             afalg_waitfd_cleanup);
+            if (ret == 0) {
                 ALG_WARN("%s: Failed to set wait fd", __func__);
-                close(aio->efd_async);
+                close(aio->efd);
                 return 0;
             }
             /* make fd non-blocking in async mode */
-            if (fcntl(aio->efd_async, F_SETFL, O_NONBLOCK) != 0) {
+            if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
                 ALG_WARN("%s: Failed to set event fd as NONBLOCKING",
                          __func__);
             }
         }
-        /* efd_async is the active fd to be used */
-        aio->efd = aio->efd_async;
+        aio->mode = MODE_ASYNC;
     } else {
         /* Sync mode */
-        /* efd_sync will be signaled when AIO operation completes */
-        aio->efd_sync = eventfd(0);
-        if (aio->efd_sync == -1) {
+        aio->efd = eventfd(0);
+        if (aio->efd == -1) {
             ALG_PERR("%s: Failed to get eventfd : ", __func__);
             AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
                      AFALG_R_EVENTFD_FAILED);
             return 0;
         }
-        /* efd_async is the active fd to be used */
-        aio->efd = aio->efd_sync;
+        aio->mode = MODE_SYNC;
     }
     return 1;
 }
@@ -231,9 +240,8 @@ int afalg_init_aio(afalg_aio *aio)
     }
 
     memset(aio->cbt, 0, sizeof(aio->cbt));
-    aio->efd_sync = -1;
-    aio->efd_async = -1;
     aio->efd = -1;
+    aio->mode = MODE_UNINIT;
 
     return 1;
 }
@@ -253,7 +261,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
     timeout.tv_nsec = 0;
 
     /* if efd has not been initialised yet do it here */
-    if (aio->efd == -1) {
+    if (aio->mode == MODE_UNINIT) {
         r = afalg_setup_async_event_notification(aio);
         if (r == 0)
             return 0;
@@ -276,7 +284,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
      */
     r = io_read(aio->aio_ctx, 1, &cb);
     if (r < 0) {
-        ALG_PERR("%s: io_read failed : ", __func__);
+        ALG_PWARN("%s: io_read failed : ", __func__);
         return 0;
     }
 
@@ -298,7 +306,8 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
         if (eval > 0) {
 
             /* Get results of AIO read */
-            r = io_getevents(aio->aio_ctx, 1, 1, events, &timeout);
+            r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
+                             events, &timeout);
             if (r > 0) {
                 /*
                  * events.res indicates the actual status of the operation.
@@ -342,41 +351,6 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
     return 1;
 }
 
-static int afalg_create_bind_sk(void)
-{
-    struct sockaddr_alg sa = {
-        .salg_family = AF_ALG,
-        .salg_type = "skcipher",
-        .salg_name = "cbc(aes)"
-    };
-
-    int sfd;
-    int r = -1;
-
-    /* Create AFALG socket for crypto processing */
-    sfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-    if (sfd == -1) {
-        ALG_PERR("%s: Failed to open socket : ", __func__);
-        AFALGerr(AFALG_F_AFALG_CREATE_BIND_SK, AFALG_R_SOCKET_CREATE_FAILED);
-        goto err;
-    }
-
-    /* Set cipher algorithm for aes-cbc */
-    r = bind(sfd, (struct sockaddr *)&sa, sizeof(sa));
-    if (r < 0) {
-        ALG_PERR("%s: Failed to bind socket : ", __func__);
-        AFALGerr(AFALG_F_AFALG_CREATE_BIND_SK, AFALG_R_SOCKET_BIND_FAILED);
-        goto err;
-    }
-
-    return sfd;
-
- err:
-    if (sfd >= 0)
-        close(sfd);
-    return r;
-}
-
 static inline void afalg_set_op_sk(struct cmsghdr *cmsg,
                                    const unsigned int op)
 {
@@ -399,38 +373,57 @@ static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
     memcpy(aiv->iv, iv, len);
 }
 
-static void afalg_socket(afalg_ctx *actx, const unsigned char *key,
-                         const int klen)
+static inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+                                const int klen)
 {
     int ret;
+    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
+    if (ret < 0) {
+        ALG_PERR("%s: Failed to set socket option : ", __func__);
+        AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername)
+{
+    struct sockaddr_alg sa;
 
     actx->bfd = actx->sfd = -1;
+    int r = -1;
 
-    actx->bfd = afalg_create_bind_sk();
-    if (actx->bfd < 0) {
-        return;
+    memset(&sa, 0, sizeof(sa));
+    sa.salg_family = AF_ALG;
+    strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE);
+    sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0';
+    strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME);
+    sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0';
+
+    actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (actx->bfd == -1) {
+        ALG_PERR("%s: Failed to open socket : ", __func__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
+        goto err;
     }
 
-    /*
-     * Send cipher key to the kernel in preparation for future crypto
-     * requests
-     */
-    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
-    if (ret < 0) {
-        ALG_PERR("%s: Failed to set socket option : ", __func__);
-        AFALGerr(AFALG_F_AFALG_SOCKET, AFALG_R_SOCKET_SET_KEY_FAILED);
+    r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
+    if (r < 0) {
+        ALG_PERR("%s: Failed to bind socket : ", __func__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
         goto err;
     }
 
-    /* Get fd to perform future aes-cbc operations with given key */
     actx->sfd = accept(actx->bfd, NULL, 0);
     if (actx->sfd < 0) {
         ALG_PERR("%s: Socket Accept Failed : ", __func__);
-        AFALGerr(AFALG_F_AFALG_SOCKET, AFALG_R_SOCKET_BIND_FAILED);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
         goto err;
     }
 
-    return;
+    return 1;
 
  err:
     if (actx->bfd >= 0)
@@ -438,7 +431,7 @@ static void afalg_socket(afalg_ctx *actx, const unsigned char *key,
     if (actx->sfd >= 0)
         close(actx->sfd);
     actx->bfd = actx->sfd = -1;
-    return;
+    return 0;
 }
 
 static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
@@ -522,7 +515,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
     }
 
     if (sbytes != (ssize_t) inl) {
-        ALG_ERR("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
+        ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
                 inl);
         return 0;
     }
@@ -535,7 +528,9 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
     int ciphertype;
+    int ret;
     afalg_ctx *actx;
+    char ciphername[ALG_MAX_SALG_NAME];
 
     if (ctx == NULL || key == NULL) {
         ALG_WARN("%s: Null Parameter\n", __func__);
@@ -556,30 +551,34 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     ciphertype = EVP_CIPHER_CTX_nid(ctx);
     switch (ciphertype) {
     case NID_aes_128_cbc:
+        strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
         break;
     default:
         ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype);
         return 0;
     }
+    ciphername[ALG_MAX_SALG_NAME-1]='\0';
 
     if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
-        ALG_ERR("%s: Unsupported IV length :%d\n", __func__,
+        ALG_WARN("%s: Unsupported IV length :%d\n", __func__,
                 EVP_CIPHER_CTX_iv_length(ctx));
         return 0;
     }
 
     /* Setup AFALG socket for crypto processing */
-    afalg_socket(actx, key, EVP_CIPHER_CTX_key_length(ctx));
-    if (actx->sfd < 0) {
+    ret = afalg_create_sk(actx, "skcipher", ciphername);
+    if (ret < 1)
         return 0;
-    }
+
+
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    if (ret < 1)
+        goto err;
 
     /* Setup AIO ctx to allow async AFALG crypto processing */
-    if (afalg_init_aio(&actx->aio) == 0) {
-        close(actx->sfd);
-        close(actx->bfd);
-        return 0;
-    }
+    if (afalg_init_aio(&actx->aio) == 0)
+        goto err;
+
 # ifdef ALG_ZERO_COPY
     pipe(actx->zc_pipe);
 # endif
@@ -587,6 +586,11 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     actx->init_done = MAGIC_INIT_NUM;
 
     return 1;
+
+err:
+    close(actx->sfd);
+    close(actx->bfd);
+    return 0;
 }
 
 static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -626,10 +630,8 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
     /* Perform async crypto operation in kernel space */
     ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
-    if (ret < 1) {
-        ALG_WARN("%s: Socket cipher operation failed\n", __func__);
+    if (ret < 1)
         return 0;
-    }
 
     if (EVP_CIPHER_CTX_encrypting(ctx)) {
         memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
@@ -663,9 +665,9 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
     close(actx->zc_pipe[0]);
     close(actx->zc_pipe[1]);
 # endif
-    /* close sync mode efd, async mode is closed in afalg_waitfd_cleanup() */
-    if (actx->aio.efd_sync >= 0)
-        close(actx->aio.efd_sync);
+    /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
+    if (actx->aio.mode == MODE_SYNC)
+        close(actx->aio.efd);
     io_destroy(actx->aio.aio_ctx);
 
     return 1;
@@ -732,6 +734,16 @@ static int bind_afalg(ENGINE *e)
         return 0;
     }
 
+    /*
+     * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
+     * now, as bind_aflag can only be called by one thread at a
+     * time.
+     */
+    if (afalg_aes_128_cbc() == NULL) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
     if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
         AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
         return 0;
@@ -757,6 +769,7 @@ static int bind_helper(ENGINE *e, const char *id)
 IMPLEMENT_DYNAMIC_CHECK_FN()
     IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
 # endif
+
 static int afalg_chk_platform(void)
 {
     int ret;
@@ -767,7 +780,8 @@ static int afalg_chk_platform(void)
 
     ret = uname(&ut);
     if (ret != 0) {
-        ALG_ERR("%s: Failed to get system information\n", __func__);
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
         return 0;
     }
 
@@ -779,9 +793,9 @@ static int afalg_chk_platform(void)
 
     if (KERNEL_VERSION(kver[0], kver[1], kver[2])
         < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
-        ALG_WARN("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
+        ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
                  kver[0], kver[1], kver[2]);
-        ALG_WARN("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
+        ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
                  K_MAJ, K_MIN1, K_MIN2);
         AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
                  AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
@@ -804,7 +818,7 @@ static ENGINE *engine_afalg(void)
     return ret;
 }
 
-static void ENGINE_load_afalg(void)
+void engine_load_afalg_internal(void)
 {
     ENGINE *toadd;
 
diff --git a/engines/afalg/e_afalg.h b/engines/afalg/e_afalg.h
index 6c92485f3f..8b589e4b4b 100644
--- a/engines/afalg/e_afalg.h
+++ b/engines/afalg/e_afalg.h
@@ -71,6 +71,11 @@
                     fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
                     perror(NULL); \
                 } while(0)
+# define ALG_PWARN(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
 
 # ifndef AES_BLOCK_SIZE
 #  define AES_BLOCK_SIZE   16
@@ -80,11 +85,15 @@
 
 # define MAX_INFLIGHTS 1
 
+typedef enum {
+    MODE_UNINIT = 0,
+    MODE_SYNC,
+    MODE_ASYNC
+} op_mode;
+
 struct afalg_aio_st {
-    int efd_sync;               /* event fd when sync mode is used */
-    int efd_async;              /* event fd when async mode is used */
-    int efd;                    /* event fd that is currently in use equal 
-                                   to either efd_sync or efd_async */
+    int efd;
+    op_mode mode;
     aio_context_t aio_ctx;
     struct io_event events[MAX_INFLIGHTS];
     struct iocb cbt[MAX_INFLIGHTS];
diff --git a/engines/afalg/e_afalg_err.c b/engines/afalg/e_afalg_err.c
index 3324701570..71c4a010d6 100644
--- a/engines/afalg/e_afalg_err.c
+++ b/engines/afalg/e_afalg_err.c
@@ -72,9 +72,11 @@ static ERR_STRING_DATA AFALG_str_functs[] = {
     {ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"},
     {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"},
     {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"},
+    {ERR_FUNC(AFALG_F_AFALG_CREATE_SK), "afalg_create_sk"},
     {ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"},
     {ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION),
      "afalg_setup_async_event_notification"},
+    {ERR_FUNC(AFALG_F_AFALG_SET_KEY), "afalg_set_key"},
     {ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"},
     {ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"},
     {ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"},
@@ -83,6 +85,8 @@ static ERR_STRING_DATA AFALG_str_functs[] = {
 
 static ERR_STRING_DATA AFALG_str_reasons[] = {
     {ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"},
+    {ERR_REASON(AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
+     "failed to get platform info"},
     {ERR_REASON(AFALG_R_INIT_FAILED), "init failed"},
     {ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"},
     {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
@@ -90,6 +94,7 @@ static ERR_STRING_DATA AFALG_str_reasons[] = {
     {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
      "kernel does not support async afalg"},
     {ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
+    {ERR_REASON(AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
     {ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
     {ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
     {ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"},
diff --git a/engines/afalg/e_afalg_err.h b/engines/afalg/e_afalg_err.h
index e6a654c74b..64468c3868 100644
--- a/engines/afalg/e_afalg_err.h
+++ b/engines/afalg/e_afalg_err.h
@@ -75,19 +75,23 @@ void ERR_AFALG_error(int function, int reason, char *file, int line);
 # define AFALG_F_AFALG_CHK_PLATFORM                       100
 # define AFALG_F_AFALG_CREATE_BIND_SK                     106
 # define AFALG_F_AFALG_CREATE_BIND_SOCKET                 105
+# define AFALG_F_AFALG_CREATE_SK                          108
 # define AFALG_F_AFALG_INIT_AIO                           101
 # define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION     107
+# define AFALG_F_AFALG_SET_KEY                            109
 # define AFALG_F_AFALG_SOCKET                             102
 # define AFALG_F_AFALG_START_CIPHER_SK                    103
 # define AFALG_F_BIND_AFALG                               104
 
 /* Reason codes. */
 # define AFALG_R_EVENTFD_FAILED                           108
+# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO              111
 # define AFALG_R_INIT_FAILED                              100
 # define AFALG_R_IO_SETUP_FAILED                          105
 # define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG            101
 # define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG      107
 # define AFALG_R_MEM_ALLOC_FAILED                         102
+# define AFALG_R_SOCKET_ACCEPT_FAILED                     110
 # define AFALG_R_SOCKET_BIND_FAILED                       103
 # define AFALG_R_SOCKET_CREATE_FAILED                     109
 # define AFALG_R_SOCKET_OPERATION_FAILED                  104
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index fb6a2b9ec4..24e9245663 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -546,6 +546,7 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
 # define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
 # define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
 # define OPENSSL_INIT_ENGINE_DASYNC          0x00008000L
+# define OPENSSL_INIT_ENGINE_AFALG           0x00010000L
 /* OPENSSL_INIT flag 0x00010000 reserved for internal use */
 /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
 /* Max OPENSSL_INIT flag value is 0x80000000 */
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index c1dd45b020..7b7b2a12f4 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -398,6 +398,8 @@ ENGINE *ENGINE_by_id(const char *id);
     OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
 #  define ENGINE_load_dasync() \
     OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DASYNC, NULL)
+#  define ENGINE_load_afalg() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
 # endif
 # define ENGINE_load_cryptodev() \
     OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
-- 
2.34.1