Remove BS-AES and VP-AES from EVP.

The bitsliced and vector permutation AES implementations were created around 2009, in attempts to speed up AES on Intel hardware. Both require SSSE3 which existed from around 2006. Intel introduced AES-NI in 2008 and a large percentage of Intel/AMD CPUs made in the last 15 years include it. AES-NI is significantly faster and requires less code. Furthermore, the BS-AES and VP-AES implementations are wired directly into EVP (as is AES-NI currently), which means that any consumers of the AES_* API are not able to benefit from acceleration. Removing these greatly simplifies the EVP AES code - if you just happen to have a CPU that supports SSSE3 but not AES-NI, then you'll now use the regular AES assembly implementations instead. ok kettenis@ tb@
author: jsing <> 2025-04-18 13:19:39 +0000
committer: jsing <> 2025-04-18 13:19:39 +0000
commit: fb852c976e7cf5b5de76ef0ee7a6211da68406ad (patch)
tree: b3eaa246bba788deea85c0a511d862e9dff8c4ef /src/lib
parent: 1bca90833184b2940c83743ceff3847131e475df (diff)
download: openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.tar.gz
openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.tar.bz2
openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.zip
3 files changed, 9 insertions, 137 deletions
diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc
index b1a6563931..b03aad782f 100644
--- a/src/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.37 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.38 2025/04/18 13:19:39 jsing Exp $
 # amd64-specific libcrypto build rules
@@ -10,10 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-x86_64
-CFLAGS+= -DBSAES_ASM
-SSLASM+= aes bsaes-x86_64
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86_64
 SSLASM+= aes aesni-x86_64
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc
index 6989b35686..4bcf8e2bbc 100644
--- a/src/lib/libcrypto/arch/i386/Makefile.inc
+++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.27 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.28 2025/04/18 13:19:39 jsing Exp $
 # i386-specific libcrypto build rules
@@ -10,8 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-586
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86
 SSLASM+= aes aesni-x86
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7753c18c15..5c35121399 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.60 2025/04/18 13:19:39 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -108,32 +108,6 @@ typedef struct {
 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-    size_t len, const AES_KEY *key, const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-#endif
 #ifdef AES_CTR_ASM
 void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
    size_t blocks, const AES_KEY *key,
@@ -155,12 +129,6 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
 #include "x86_arch.h"
-#ifdef VPAES_ASM
-#define VPAES_CAPABLE   (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
-#endif
-#ifdef BSAES_ASM
-#define BSAES_CAPABLE   VPAES_CAPABLE
-#endif
 /*
 * AES-NI section
 */
@@ -366,49 +334,13 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        mode = ctx->cipher->flags & EVP_CIPH_MODE;
        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
-            !enc)
+            !enc) {
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_decrypt;
-                        dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_decrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
                            &dat->ks);
                        dat->block = (block128_f)AES_decrypt;
                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
                            (cbc128_f)AES_cbc_encrypt : NULL;
-                } else
+                } else {
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
-                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_encrypt;
-                        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_encrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
                            &dat->ks);
                        dat->block = (block128_f)AES_encrypt;
@@ -1459,22 +1391,6 @@ static ctr128_f
 aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
    const unsigned char *key, size_t key_len)
 {
-#ifdef BSAES_CAPABLE
-        if (BSAES_CAPABLE) {
-                AES_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
-                return (ctr128_f)bsaes_ctr32_encrypt_blocks;
-        } else
-#endif
-#ifdef VPAES_CAPABLE
-        if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
-                return NULL;
-        } else
-#endif
-                (void)0; /* terminate potentially open 'else' */
        AES_set_encrypt_key(key, key_len * 8, aes_key);
        CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -1825,41 +1741,13 @@ aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        if (!iv && !key)
                return 1;
-        if (key) do {
+        if (key) {
 #ifdef AES_XTS_ASM
                xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
 #else
                xctx->stream = NULL;
 #endif
                /* key_len is two AES keys */
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE)
-                        xctx->stream = enc ? bsaes_xts_encrypt :
-                            bsaes_xts_decrypt;
-                else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        if (enc) {
-                                vpaes_set_encrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_encrypt;
-                        } else {
-                                vpaes_set_decrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_decrypt;
-                        }
-                        vpaes_set_encrypt_key(key + ctx->key_len / 2,
-                            ctx->key_len * 4, &xctx->ks2);
-                        xctx->xts.block2 = (block128_f)vpaes_encrypt;
-                        xctx->xts.key1 = &xctx->ks1;
-                        break;
-                } else
-#endif
-                        (void)0;        /* terminate potentially open 'else' */
                if (enc) {
                        AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
                        xctx->xts.block1 = (block128_f)AES_encrypt;
@@ -1873,7 +1761,7 @@ aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                xctx->xts.block2 = (block128_f)AES_encrypt;
                xctx->xts.key1 = &xctx->ks1;
-        } while (0);
+        }
        if (iv) {
                xctx->xts.key2 = &xctx->ks2;
@@ -2062,23 +1950,13 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        if (!iv && !key)
                return 1;
-        if (key) do {
+        if (key) {
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
-                        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                            &cctx->ks, (block128_f)vpaes_encrypt);
-                        cctx->str = NULL;
-                        cctx->key_set = 1;
-                        break;
-                }
-#endif
                AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                    &cctx->ks, (block128_f)AES_encrypt);
                cctx->str = NULL;
                cctx->key_set = 1;
-        } while (0);
+        }
        if (iv) {
                memcpy(ctx->iv, iv, 15 - cctx->L);
                cctx->iv_set = 1;
author	jsing <>	2025-04-18 13:19:39 +0000
committer	jsing <>	2025-04-18 13:19:39 +0000
commit	fb852c976e7cf5b5de76ef0ee7a6211da68406ad (patch)
tree	b3eaa246bba788deea85c0a511d862e9dff8c4ef /src/lib
parent	1bca90833184b2940c83743ceff3847131e475df (diff)
download	openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.tar.gz openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.tar.bz2 openbsd-fb852c976e7cf5b5de76ef0ee7a6211da68406ad.zip

diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc index b1a6563931..b03aad782f 100644 --- a/src/lib/libcrypto/arch/amd64/Makefile.inc +++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.37 2025/02/14 12:01:58 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.38 2025/04/18 13:19:39 jsing Exp $
2		2
3	# amd64-specific libcrypto build rules	3	# amd64-specific libcrypto build rules
4		4
@@ -10,10 +10,6 @@ SRCS += crypto_cpu_caps.c
10	# aes	10	# aes
11	CFLAGS+= -DAES_ASM	11	CFLAGS+= -DAES_ASM
12	SSLASM+= aes aes-x86_64	12	SSLASM+= aes aes-x86_64
13	CFLAGS+= -DBSAES_ASM
14	SSLASM+= aes bsaes-x86_64
15	CFLAGS+= -DVPAES_ASM
16	SSLASM+= aes vpaes-x86_64
17	SSLASM+= aes aesni-x86_64	13	SSLASM+= aes aesni-x86_64
18	# bn	14	# bn
19	CFLAGS+= -DOPENSSL_IA32_SSE2	15	CFLAGS+= -DOPENSSL_IA32_SSE2


diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc index 6989b35686..4bcf8e2bbc 100644 --- a/src/lib/libcrypto/arch/i386/Makefile.inc +++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.27 2025/02/14 12:01:58 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.28 2025/04/18 13:19:39 jsing Exp $
2		2
3	# i386-specific libcrypto build rules	3	# i386-specific libcrypto build rules
4		4
@@ -10,8 +10,6 @@ SRCS += crypto_cpu_caps.c
10	# aes	10	# aes
11	CFLAGS+= -DAES_ASM	11	CFLAGS+= -DAES_ASM
12	SSLASM+= aes aes-586	12	SSLASM+= aes aes-586
13	CFLAGS+= -DVPAES_ASM
14	SSLASM+= aes vpaes-x86
15	SSLASM+= aes aesni-x86	13	SSLASM+= aes aesni-x86
16	# bn	14	# bn
17	CFLAGS+= -DOPENSSL_IA32_SSE2	15	CFLAGS+= -DOPENSSL_IA32_SSE2


diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 7753c18c15..5c35121399 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.60 2025/04/18 13:19:39 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -108,32 +108,6 @@ typedef struct {
108		108
109	#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))	109	#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110		110
111	#ifdef VPAES_ASM
112	int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113	AES_KEY *key);
114	int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115	AES_KEY *key);
116
117	void vpaes_encrypt(const unsigned char in, unsigned char out,
118	const AES_KEY *key);
119	void vpaes_decrypt(const unsigned char in, unsigned char out,
120	const AES_KEY *key);
121
122	void vpaes_cbc_encrypt(const unsigned char in, unsigned char out,
123	size_t length, const AES_KEY key, unsigned char ivec, int enc);
124	#endif
125	#ifdef BSAES_ASM
126	void bsaes_cbc_encrypt(const unsigned char in, unsigned char out,
127	size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
128	void bsaes_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,
129	size_t len, const AES_KEY *key, const unsigned char ivec[16]);
130	void bsaes_xts_encrypt(const unsigned char inp, unsigned char out,
131	size_t len, const AES_KEY key1, const AES_KEY key2,
132	const unsigned char iv[16]);
133	void bsaes_xts_decrypt(const unsigned char inp, unsigned char out,
134	size_t len, const AES_KEY key1, const AES_KEY key2,
135	const unsigned char iv[16]);
136	#endif
137	#ifdef AES_CTR_ASM	111	#ifdef AES_CTR_ASM
138	void AES_ctr32_encrypt(const unsigned char in, unsigned char out,	112	void AES_ctr32_encrypt(const unsigned char in, unsigned char out,
139	size_t blocks, const AES_KEY *key,	113	size_t blocks, const AES_KEY *key,
@@ -155,12 +129,6 @@ void AES_xts_decrypt(const char inp, char out, size_t len,
155		129
156	#include "x86_arch.h"	130	#include "x86_arch.h"
157		131
158	#ifdef VPAES_ASM
159	#define VPAES_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
160	#endif
161	#ifdef BSAES_ASM
162	#define BSAES_CAPABLE VPAES_CAPABLE
163	#endif
164	/*	132	/*
165	* AES-NI section	133	* AES-NI section
166	*/	134	*/
@@ -366,49 +334,13 @@ aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
366		334
367	mode = ctx->cipher->flags & EVP_CIPH_MODE;	335	mode = ctx->cipher->flags & EVP_CIPH_MODE;
368	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&	336	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&
369	!enc)	337	!enc) {
370	#ifdef BSAES_CAPABLE
371	if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
372	ret = AES_set_decrypt_key(key, ctx->key_len * 8,
373	&dat->ks);
374	dat->block = (block128_f)AES_decrypt;
375	dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
376	} else
377	#endif
378	#ifdef VPAES_CAPABLE
379	if (VPAES_CAPABLE) {
380	ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
381	&dat->ks);
382	dat->block = (block128_f)vpaes_decrypt;
383	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
384	(cbc128_f)vpaes_cbc_encrypt : NULL;
385	} else
386	#endif
387	{
388	ret = AES_set_decrypt_key(key, ctx->key_len * 8,	338	ret = AES_set_decrypt_key(key, ctx->key_len * 8,
389	&dat->ks);	339	&dat->ks);
390	dat->block = (block128_f)AES_decrypt;	340	dat->block = (block128_f)AES_decrypt;
391	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?	341	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
392	(cbc128_f)AES_cbc_encrypt : NULL;	342	(cbc128_f)AES_cbc_encrypt : NULL;
393	} else	343	} else {
394	#ifdef BSAES_CAPABLE
395	if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
396	ret = AES_set_encrypt_key(key, ctx->key_len * 8,
397	&dat->ks);
398	dat->block = (block128_f)AES_encrypt;
399	dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
400	} else
401	#endif
402	#ifdef VPAES_CAPABLE
403	if (VPAES_CAPABLE) {
404	ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
405	&dat->ks);
406	dat->block = (block128_f)vpaes_encrypt;
407	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
408	(cbc128_f)vpaes_cbc_encrypt : NULL;
409	} else
410	#endif
411	{
412	ret = AES_set_encrypt_key(key, ctx->key_len * 8,	344	ret = AES_set_encrypt_key(key, ctx->key_len * 8,
413	&dat->ks);	345	&dat->ks);
414	dat->block = (block128_f)AES_encrypt;	346	dat->block = (block128_f)AES_encrypt;
@@ -1459,22 +1391,6 @@ static ctr128_f
1459	aes_gcm_set_key(AES_KEY aes_key, GCM128_CONTEXT gcm_ctx,	1391	aes_gcm_set_key(AES_KEY aes_key, GCM128_CONTEXT gcm_ctx,
1460	const unsigned char *key, size_t key_len)	1392	const unsigned char *key, size_t key_len)
1461	{	1393	{
1462	#ifdef BSAES_CAPABLE
1463	if (BSAES_CAPABLE) {
1464	AES_set_encrypt_key(key, key_len * 8, aes_key);
1465	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1466	return (ctr128_f)bsaes_ctr32_encrypt_blocks;
1467	} else
1468	#endif
1469	#ifdef VPAES_CAPABLE
1470	if (VPAES_CAPABLE) {
1471	vpaes_set_encrypt_key(key, key_len * 8, aes_key);
1472	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
1473	return NULL;
1474	} else
1475	#endif
1476	(void)0; /* terminate potentially open 'else' */
1477
1478	AES_set_encrypt_key(key, key_len * 8, aes_key);	1394	AES_set_encrypt_key(key, key_len * 8, aes_key);
1479	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);	1395	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1480	#ifdef AES_CTR_ASM	1396	#ifdef AES_CTR_ASM
@@ -1825,41 +1741,13 @@ aes_xts_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
1825	if (!iv && !key)	1741	if (!iv && !key)
1826	return 1;	1742	return 1;
1827		1743
1828	if (key) do {	1744	if (key) {
1829	#ifdef AES_XTS_ASM	1745	#ifdef AES_XTS_ASM
1830	xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;	1746	xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1831	#else	1747	#else
1832	xctx->stream = NULL;	1748	xctx->stream = NULL;
1833	#endif	1749	#endif
1834	/* key_len is two AES keys */	1750	/* key_len is two AES keys */
1835	#ifdef BSAES_CAPABLE
1836	if (BSAES_CAPABLE)
1837	xctx->stream = enc ? bsaes_xts_encrypt :
1838	bsaes_xts_decrypt;
1839	else
1840	#endif
1841	#ifdef VPAES_CAPABLE
1842	if (VPAES_CAPABLE) {
1843	if (enc) {
1844	vpaes_set_encrypt_key(key, ctx->key_len * 4,
1845	&xctx->ks1);
1846	xctx->xts.block1 = (block128_f)vpaes_encrypt;
1847	} else {
1848	vpaes_set_decrypt_key(key, ctx->key_len * 4,
1849	&xctx->ks1);
1850	xctx->xts.block1 = (block128_f)vpaes_decrypt;
1851	}
1852
1853	vpaes_set_encrypt_key(key + ctx->key_len / 2,
1854	ctx->key_len * 4, &xctx->ks2);
1855	xctx->xts.block2 = (block128_f)vpaes_encrypt;
1856
1857	xctx->xts.key1 = &xctx->ks1;
1858	break;
1859	} else
1860	#endif
1861	(void)0; /* terminate potentially open 'else' */
1862
1863	if (enc) {	1751	if (enc) {
1864	AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);	1752	AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1865	xctx->xts.block1 = (block128_f)AES_encrypt;	1753	xctx->xts.block1 = (block128_f)AES_encrypt;
@@ -1873,7 +1761,7 @@ aes_xts_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
1873	xctx->xts.block2 = (block128_f)AES_encrypt;	1761	xctx->xts.block2 = (block128_f)AES_encrypt;
1874		1762
1875	xctx->xts.key1 = &xctx->ks1;	1763	xctx->xts.key1 = &xctx->ks1;
1876	} while (0);	1764	}
1877		1765
1878	if (iv) {	1766	if (iv) {
1879	xctx->xts.key2 = &xctx->ks2;	1767	xctx->xts.key2 = &xctx->ks2;
@@ -2062,23 +1950,13 @@ aes_ccm_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
2062		1950
2063	if (!iv && !key)	1951	if (!iv && !key)
2064	return 1;	1952	return 1;
2065	if (key) do {	1953	if (key) {
2066	#ifdef VPAES_CAPABLE
2067	if (VPAES_CAPABLE) {
2068	vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
2069	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2070	&cctx->ks, (block128_f)vpaes_encrypt);
2071	cctx->str = NULL;
2072	cctx->key_set = 1;
2073	break;
2074	}
2075	#endif
2076	AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);	1954	AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
2077	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,	1955	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2078	&cctx->ks, (block128_f)AES_encrypt);	1956	&cctx->ks, (block128_f)AES_encrypt);
2079	cctx->str = NULL;	1957	cctx->str = NULL;
2080	cctx->key_set = 1;	1958	cctx->key_set = 1;
2081	} while (0);	1959	}
2082	if (iv) {	1960	if (iv) {
2083	memcpy(ctx->iv, iv, 15 - cctx->L);	1961	memcpy(ctx->iv, iv, 15 - cctx->L);
2084	cctx->iv_set = 1;	1962	cctx->iv_set = 1;