3 files changed, 9 insertions, 137 deletions
diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc
index b1a6563931..b03aad782f 100644
--- a/src/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.37 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.38 2025/04/18 13:19:39 jsing Exp $
 # amd64-specific libcrypto build rules
@@ -10,10 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-x86_64
-CFLAGS+= -DBSAES_ASM
-SSLASM+= aes bsaes-x86_64
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86_64
 SSLASM+= aes aesni-x86_64
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc
index 6989b35686..4bcf8e2bbc 100644
--- a/src/lib/libcrypto/arch/i386/Makefile.inc
+++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.27 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.28 2025/04/18 13:19:39 jsing Exp $
 # i386-specific libcrypto build rules
@@ -10,8 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-586
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86
 SSLASM+= aes aesni-x86
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7753c18c15..5c35121399 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.60 2025/04/18 13:19:39 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -108,32 +108,6 @@ typedef struct {
 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-    size_t len, const AES_KEY *key, const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-#endif
 #ifdef AES_CTR_ASM
 void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
    size_t blocks, const AES_KEY *key,
@@ -155,12 +129,6 @@ void AES_xts_decrypt(const char *inp, char *out, size_t len,
 #include "x86_arch.h"
-#ifdef VPAES_ASM
-#define VPAES_CAPABLE   (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
-#endif
-#ifdef BSAES_ASM
-#define BSAES_CAPABLE   VPAES_CAPABLE
-#endif
 /*
 * AES-NI section
 */
@@ -366,49 +334,13 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        mode = ctx->cipher->flags & EVP_CIPH_MODE;
        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
-            !enc)
+            !enc) {
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_decrypt;
-                        dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_decrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
                            &dat->ks);
                        dat->block = (block128_f)AES_decrypt;
                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
                            (cbc128_f)AES_cbc_encrypt : NULL;
-                } else
+                } else {
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
-                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_encrypt;
-                        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_encrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
                            &dat->ks);
                        dat->block = (block128_f)AES_encrypt;
@@ -1459,22 +1391,6 @@ static ctr128_f
 aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
    const unsigned char *key, size_t key_len)
 {
-#ifdef BSAES_CAPABLE
-        if (BSAES_CAPABLE) {
-                AES_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
-                return (ctr128_f)bsaes_ctr32_encrypt_blocks;
-        } else
-#endif
-#ifdef VPAES_CAPABLE
-        if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
-                return NULL;
-        } else
-#endif
-                (void)0; /* terminate potentially open 'else' */
        AES_set_encrypt_key(key, key_len * 8, aes_key);
        CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -1825,41 +1741,13 @@ aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        if (!iv && !key)
                return 1;
-        if (key) do {
+        if (key) {
 #ifdef AES_XTS_ASM
                xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
 #else
                xctx->stream = NULL;
 #endif
                /* key_len is two AES keys */
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE)
-                        xctx->stream = enc ? bsaes_xts_encrypt :
-                            bsaes_xts_decrypt;
-                else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        if (enc) {
-                                vpaes_set_encrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_encrypt;
-                        } else {
-                                vpaes_set_decrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_decrypt;
-                        }
-                        vpaes_set_encrypt_key(key + ctx->key_len / 2,
-                            ctx->key_len * 4, &xctx->ks2);
-                        xctx->xts.block2 = (block128_f)vpaes_encrypt;
-                        xctx->xts.key1 = &xctx->ks1;
-                        break;
-                } else
-#endif
-                        (void)0;        /* terminate potentially open 'else' */
                if (enc) {
                        AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
                        xctx->xts.block1 = (block128_f)AES_encrypt;
@@ -1873,7 +1761,7 @@ aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                xctx->xts.block2 = (block128_f)AES_encrypt;
                xctx->xts.key1 = &xctx->ks1;
-        } while (0);
+        }
        if (iv) {
                xctx->xts.key2 = &xctx->ks2;
@@ -2062,23 +1950,13 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        if (!iv && !key)
                return 1;
-        if (key) do {
+        if (key) {
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
-                        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                            &cctx->ks, (block128_f)vpaes_encrypt);
-                        cctx->str = NULL;
-                        cctx->key_set = 1;
-                        break;
-                }
-#endif
                AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                    &cctx->ks, (block128_f)AES_encrypt);
                cctx->str = NULL;
                cctx->key_set = 1;
-        } while (0);
+        }
        if (iv) {
                memcpy(ctx->iv, iv, 15 - cctx->L);
                cctx->iv_set = 1;

diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc index b1a6563931..b03aad782f 100644 --- a/src/lib/libcrypto/arch/amd64/Makefile.inc +++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.37 2025/02/14 12:01:58 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.38 2025/04/18 13:19:39 jsing Exp $
2		2
3	# amd64-specific libcrypto build rules	3	# amd64-specific libcrypto build rules
4		4
@@ -10,10 +10,6 @@ SRCS += crypto_cpu_caps.c
10	# aes	10	# aes
11	CFLAGS+= -DAES_ASM	11	CFLAGS+= -DAES_ASM
12	SSLASM+= aes aes-x86_64	12	SSLASM+= aes aes-x86_64
13	CFLAGS+= -DBSAES_ASM
14	SSLASM+= aes bsaes-x86_64
15	CFLAGS+= -DVPAES_ASM
16	SSLASM+= aes vpaes-x86_64
17	SSLASM+= aes aesni-x86_64	13	SSLASM+= aes aesni-x86_64
18	# bn	14	# bn
19	CFLAGS+= -DOPENSSL_IA32_SSE2	15	CFLAGS+= -DOPENSSL_IA32_SSE2


diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc index 6989b35686..4bcf8e2bbc 100644 --- a/src/lib/libcrypto/arch/i386/Makefile.inc +++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile.inc,v 1.27 2025/02/14 12:01:58 jsing Exp $	1	# $OpenBSD: Makefile.inc,v 1.28 2025/04/18 13:19:39 jsing Exp $
2		2
3	# i386-specific libcrypto build rules	3	# i386-specific libcrypto build rules
4		4
@@ -10,8 +10,6 @@ SRCS += crypto_cpu_caps.c
10	# aes	10	# aes
11	CFLAGS+= -DAES_ASM	11	CFLAGS+= -DAES_ASM
12	SSLASM+= aes aes-586	12	SSLASM+= aes aes-586
13	CFLAGS+= -DVPAES_ASM
14	SSLASM+= aes vpaes-x86
15	SSLASM+= aes aesni-x86	13	SSLASM+= aes aesni-x86
16	# bn	14	# bn
17	CFLAGS+= -DOPENSSL_IA32_SSE2	15	CFLAGS+= -DOPENSSL_IA32_SSE2


diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 7753c18c15..5c35121399 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.60 2025/04/18 13:19:39 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -108,32 +108,6 @@ typedef struct {
108		108
109	#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))	109	#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110		110
111	#ifdef VPAES_ASM
112	int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113	AES_KEY *key);
114	int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115	AES_KEY *key);
116
117	void vpaes_encrypt(const unsigned char in, unsigned char out,
118	const AES_KEY *key);
119	void vpaes_decrypt(const unsigned char in, unsigned char out,
120	const AES_KEY *key);
121
122	void vpaes_cbc_encrypt(const unsigned char in, unsigned char out,
123	size_t length, const AES_KEY key, unsigned char ivec, int enc);
124	#endif
125	#ifdef BSAES_ASM
126	void bsaes_cbc_encrypt(const unsigned char in, unsigned char out,
127	size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
128	void bsaes_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,
129	size_t len, const AES_KEY *key, const unsigned char ivec[16]);
130	void bsaes_xts_encrypt(const unsigned char inp, unsigned char out,
131	size_t len, const AES_KEY key1, const AES_KEY key2,
132	const unsigned char iv[16]);
133	void bsaes_xts_decrypt(const unsigned char inp, unsigned char out,
134	size_t len, const AES_KEY key1, const AES_KEY key2,
135	const unsigned char iv[16]);
136	#endif
137	#ifdef AES_CTR_ASM	111	#ifdef AES_CTR_ASM
138	void AES_ctr32_encrypt(const unsigned char in, unsigned char out,	112	void AES_ctr32_encrypt(const unsigned char in, unsigned char out,
139	size_t blocks, const AES_KEY *key,	113	size_t blocks, const AES_KEY *key,
@@ -155,12 +129,6 @@ void AES_xts_decrypt(const char inp, char out, size_t len,
155		129
156	#include "x86_arch.h"	130	#include "x86_arch.h"
157		131
158	#ifdef VPAES_ASM
159	#define VPAES_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
160	#endif
161	#ifdef BSAES_ASM
162	#define BSAES_CAPABLE VPAES_CAPABLE
163	#endif
164	/*	132	/*
165	* AES-NI section	133	* AES-NI section
166	*/	134	*/
@@ -366,49 +334,13 @@ aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
366		334
367	mode = ctx->cipher->flags & EVP_CIPH_MODE;	335	mode = ctx->cipher->flags & EVP_CIPH_MODE;
368	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&	336	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&
369	!enc)	337	!enc) {
370	#ifdef BSAES_CAPABLE
371	if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
372	ret = AES_set_decrypt_key(key, ctx->key_len * 8,
373	&dat->ks);
374	dat->block = (block128_f)AES_decrypt;
375	dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
376	} else
377	#endif
378	#ifdef VPAES_CAPABLE
379	if (VPAES_CAPABLE) {
380	ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
381	&dat->ks);
382	dat->block = (block128_f)vpaes_decrypt;
383	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
384	(cbc128_f)vpaes_cbc_encrypt : NULL;
385	} else
386	#endif
387	{
388	ret = AES_set_decrypt_key(key, ctx->key_len * 8,	338	ret = AES_set_decrypt_key(key, ctx->key_len * 8,
389	&dat->ks);	339	&dat->ks);
390	dat->block = (block128_f)AES_decrypt;	340	dat->block = (block128_f)AES_decrypt;
391	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?	341	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
392	(cbc128_f)AES_cbc_encrypt : NULL;	342	(cbc128_f)AES_cbc_encrypt : NULL;
393	} else	343	} else {
394	#ifdef BSAES_CAPABLE
395	if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
396	ret = AES_set_encrypt_key(key, ctx->key_len * 8,
397	&dat->ks);
398	dat->block = (block128_f)AES_encrypt;
399	dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
400	} else
401	#endif
402	#ifdef VPAES_CAPABLE
403	if (VPAES_CAPABLE) {
404	ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
405	&dat->ks);
406	dat->block = (block128_f)vpaes_encrypt;
407	dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
408	(cbc128_f)vpaes_cbc_encrypt : NULL;
409	} else
410	#endif
411	{
412	ret = AES_set_encrypt_key(key, ctx->key_len * 8,	344	ret = AES_set_encrypt_key(key, ctx->key_len * 8,
413	&dat->ks);	345	&dat->ks);
414	dat->block = (block128_f)AES_encrypt;	346	dat->block = (block128_f)AES_encrypt;
@@ -1459,22 +1391,6 @@ static ctr128_f
1459	aes_gcm_set_key(AES_KEY aes_key, GCM128_CONTEXT gcm_ctx,	1391	aes_gcm_set_key(AES_KEY aes_key, GCM128_CONTEXT gcm_ctx,
1460	const unsigned char *key, size_t key_len)	1392	const unsigned char *key, size_t key_len)
1461	{	1393	{
1462	#ifdef BSAES_CAPABLE
1463	if (BSAES_CAPABLE) {
1464	AES_set_encrypt_key(key, key_len * 8, aes_key);
1465	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1466	return (ctr128_f)bsaes_ctr32_encrypt_blocks;
1467	} else
1468	#endif
1469	#ifdef VPAES_CAPABLE
1470	if (VPAES_CAPABLE) {
1471	vpaes_set_encrypt_key(key, key_len * 8, aes_key);
1472	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
1473	return NULL;
1474	} else
1475	#endif
1476	(void)0; /* terminate potentially open 'else' */
1477
1478	AES_set_encrypt_key(key, key_len * 8, aes_key);	1394	AES_set_encrypt_key(key, key_len * 8, aes_key);
1479	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);	1395	CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1480	#ifdef AES_CTR_ASM	1396	#ifdef AES_CTR_ASM
@@ -1825,41 +1741,13 @@ aes_xts_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
1825	if (!iv && !key)	1741	if (!iv && !key)
1826	return 1;	1742	return 1;
1827		1743
1828	if (key) do {	1744	if (key) {
1829	#ifdef AES_XTS_ASM	1745	#ifdef AES_XTS_ASM
1830	xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;	1746	xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1831	#else	1747	#else
1832	xctx->stream = NULL;	1748	xctx->stream = NULL;
1833	#endif	1749	#endif
1834	/* key_len is two AES keys */	1750	/* key_len is two AES keys */
1835	#ifdef BSAES_CAPABLE
1836	if (BSAES_CAPABLE)
1837	xctx->stream = enc ? bsaes_xts_encrypt :
1838	bsaes_xts_decrypt;
1839	else
1840	#endif
1841	#ifdef VPAES_CAPABLE
1842	if (VPAES_CAPABLE) {
1843	if (enc) {
1844	vpaes_set_encrypt_key(key, ctx->key_len * 4,
1845	&xctx->ks1);
1846	xctx->xts.block1 = (block128_f)vpaes_encrypt;
1847	} else {
1848	vpaes_set_decrypt_key(key, ctx->key_len * 4,
1849	&xctx->ks1);
1850	xctx->xts.block1 = (block128_f)vpaes_decrypt;
1851	}
1852
1853	vpaes_set_encrypt_key(key + ctx->key_len / 2,
1854	ctx->key_len * 4, &xctx->ks2);
1855	xctx->xts.block2 = (block128_f)vpaes_encrypt;
1856
1857	xctx->xts.key1 = &xctx->ks1;
1858	break;
1859	} else
1860	#endif
1861	(void)0; /* terminate potentially open 'else' */
1862
1863	if (enc) {	1751	if (enc) {
1864	AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);	1752	AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1865	xctx->xts.block1 = (block128_f)AES_encrypt;	1753	xctx->xts.block1 = (block128_f)AES_encrypt;
@@ -1873,7 +1761,7 @@ aes_xts_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
1873	xctx->xts.block2 = (block128_f)AES_encrypt;	1761	xctx->xts.block2 = (block128_f)AES_encrypt;
1874		1762
1875	xctx->xts.key1 = &xctx->ks1;	1763	xctx->xts.key1 = &xctx->ks1;
1876	} while (0);	1764	}
1877		1765
1878	if (iv) {	1766	if (iv) {
1879	xctx->xts.key2 = &xctx->ks2;	1767	xctx->xts.key2 = &xctx->ks2;
@@ -2062,23 +1950,13 @@ aes_ccm_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
2062		1950
2063	if (!iv && !key)	1951	if (!iv && !key)
2064	return 1;	1952	return 1;
2065	if (key) do {	1953	if (key) {
2066	#ifdef VPAES_CAPABLE
2067	if (VPAES_CAPABLE) {
2068	vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
2069	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2070	&cctx->ks, (block128_f)vpaes_encrypt);
2071	cctx->str = NULL;
2072	cctx->key_set = 1;
2073	break;
2074	}
2075	#endif
2076	AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);	1954	AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
2077	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,	1955	CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2078	&cctx->ks, (block128_f)AES_encrypt);	1956	&cctx->ks, (block128_f)AES_encrypt);
2079	cctx->str = NULL;	1957	cctx->str = NULL;
2080	cctx->key_set = 1;	1958	cctx->key_set = 1;
2081	} while (0);	1959	}
2082	if (iv) {	1960	if (iv) {
2083	memcpy(ctx->iv, iv, 15 - cctx->L);	1961	memcpy(ctx->iv, iv, 15 - cctx->L);
2084	cctx->iv_set = 1;	1962	cctx->iv_set = 1;