afalg_engine: remove

Because AI bots are shredding through the AF_ALG code in the kernel,
upstream has decided to deprecate AF_ALG:

https://lore.kernel.org/all/20260430011544.31823-1-ebiggers@kernel.org/

Follow their lead and do the same here.

afalg_engine AFAIK is a faster version of what OpenSSL provides last
time I used it. Although I don't think it was useful for long. OpenSSH's
sandbox conflicts with AF_ALG.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

libs/afalg_engine/Config.in

@@ -1,30 +0,0 @@
-if PACKAGE_libopenssl-afalg_sync
-    comment "Build Options"
-
-    config AFALG_DIGESTS
-	bool "Build support for digest acceleration"
-	help
-	    Digests are fast in software, and accessing AF_ALG adds latency, so
-	    you'll need a large request (16KB) just to match software speed.
-	    This increases memory usage, and has problems when process fork
-	    with open digest contexts (openssh will not work because of it).
-
-    config AFALG_UPDATE_CTR_IV
-	bool "Don't rely on kernel to update CTR IV"
-	default y
-	help
-	    Don't count on the kernel driver to update the CTR-mode counter
-	    (IV).  At least one driver does not update the IV as a workaround
-	    for DMA issues.  With this option turned on, the engine will keep
-	    track of the counter, and the IV will be sent with every update.
-	    If fallback is enabled, then the counter needs to be updated by
-	    the engine anyway, and sent with the request everytime there's a
-	    switch from software to hardware, so this won't bring much gain in
-	    that case.
-
-    config AFALG_ZERO_COPY
-	bool "Use Zero-Copy Mode"
-	help
-	    Uses a Zero-Copy interface.  Even though it is supposed to improve
-	    performance, actual measurements indicate otherwise.
-endif

libs/afalg_engine/Makefile

@@ -1,62 +0,0 @@
-# Copyright (C) 2019 Eneas Ulir de Queiroz <cotequeiroz@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=afalg_engine
-PKG_VERSION:=1.2.2
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION)
-PKG_HASH:=6fe451cf37b0c9911445e46bfe96926aad5dc486c9cb81ecf7b87bb3ffff1c1a
-
-PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
-PKG_LICENSE:=Apache-2.0
-PKG_LICENSE_FILES:=LICENSE
-PKG_CONFIG_DEPENDS:= \
-	CONFIG_AFALG_DIGESTS \
-	CONFIG_AFALG_FALLBACK \
-	CONFIG_AFALG_UPDATE_CTR_IV \
-	CONFIG_AFALG_ZERO_COPY
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-include $(INCLUDE_DIR)/openssl-module.mk
-
-TARGET_CFLAGS += -Wno-deprecated-declarations
-
-$(eval $(call Package/openssl/add-engine,afalg,libopenssl-afalg_sync))
-define Package/libopenssl-afalg_sync
-    $(call Package/openssl/engine/Default)
-    TITLE:=AF_ALG engine using sync crypto API
-    URL:=https://github.com/cotequeiroz/afalg_engine
-    DEPENDS += @!OPENSSL_ENGINE_BUILTIN_AFALG +kmod-crypto-user
-    CONFLICTS:=libopenssl-afalg
-    MENU:=1
-endef
-
-define Package/libopenssl-afalg_sync/description
-    This is an alternate AF_ALG engine for openssl, based on the devcrypto
-    engine, but using the AF_ALG interface instead of /dev/crypto
-
-    It is different than the AF_ALG engine that ships with OpenSSL:
-     - it is faster
-     - it uses sync calls, instead of async
-     - it supports more algorithms
-endef
-
-define Package/libopenssl-afalg_sync/config
-    source "$(SOURCE)/Config.in"
-endef
-
-CMAKE_OPTIONS += \
-	-DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR) \
-	-DDIGESTS=$(if $(CONFIG_AFALG_DIGESTS),ON,OFF) \
-	-DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \
-	-DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF)
-
-$(eval $(call BuildPackage,libopenssl-afalg_sync))

libs/afalg_engine/files/afalg.cnf

@@ -1,32 +0,0 @@
-[afalg_sect]
-# Leave this alone and configure algorithms with CIPERS/DIGESTS below
-default_algorithms = ALL
-
-# The following commands are only available if using the alternative
-# (sync) AFALG engine
-# Configuration commands:
-# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
-# list of supported algorithms, along with their driver, whether they
-# are hw accelerated or not, and the engine's configuration commands.
-
-# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
-# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
-# if acceleration can't be determined) [default=2]
-#USE_SOFTDRIVERS = 2
-
-# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
-# comma-separated list of ciphers to enable [default=NO_ECB]
-# Starting in 1.2.0, if you use a cipher list, each cipher may be
-# followed by a colon (:) and the minimum request length to use
-# AF_ALG drivers for that cipher; smaller requests are processed by
-# softare; a negative value will use the default for that cipher
-#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
-
-# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
-# enable [default=NONE]
-# It is strongly recommended not to enable digests; their performance
-# is poor, and there are many cases in which they will not work,
-# especially when calling fork with open crypto contexts.  Openssh,
-# for example, does this, and you may not be able to login.
-#DIGESTS = NONE
-

libs/afalg_engine/test.sh

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-test_afalg_engine() {
-	apk add openssl-util
-	openssl engine -t -c -v -pre DUMP_INFO afalg
-}
-
-case "$1" in
-	libopenssl-afalg_sync)
-		test_afalg_engine
-		;;
-	*)
-		echo "Unexpected package '$1'" >&2
-		exit 1
-		;;
-esac