27 files changed, 362 insertions, 1283 deletions

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7753c18c15..e1ae1e9a5b 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.83 2025/07/22 09:31:09 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -59,19 +59,15 @@
 
 #ifndef OPENSSL_NO_AES
 #include <openssl/aes.h>
-#include <openssl/err.h>
 #include <openssl/evp.h>
 
+#include "aes_local.h"
+#include "err_local.h"
 #include "evp_local.h"
 #include "modes_local.h"
 
 typedef struct {
         AES_KEY ks;
-        block128_f block;
-        union {
-                cbc128_f cbc;
-                ctr128_f ctr;
-        } stream;
 } EVP_AES_KEY;
 
 typedef struct {
@@ -84,15 +80,11 @@ typedef struct {
         int taglen;
         int iv_gen;             /* It is OK to generate IVs */
         int tls_aad_len;        /* TLS AAD length */
-        ctr128_f ctr;
 } EVP_AES_GCM_CTX;
 
 typedef struct {
         AES_KEY ks1, ks2;       /* AES key schedules to use */
-        XTS128_CONTEXT xts;
-        void (*stream)(const unsigned char *in, unsigned char *out,
-            size_t length, const AES_KEY *key1, const AES_KEY *key2,
-            const unsigned char iv[16]);
+        XTS128_CONTEXT xts;     /* XXX - replace with flags. */
 } EVP_AES_XTS_CTX;
 
 typedef struct {
@@ -103,131 +95,17 @@ typedef struct {
         int len_set;            /* Set if message length set */
         int L, M;               /* L and M parameters from RFC3610 */
         CCM128_CONTEXT ccm;
-        ccm128_f str;
 } EVP_AES_CCM_CTX;
 
 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
 
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-
-void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-    size_t len, const AES_KEY *key, const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-    size_t len, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-#endif
-#ifdef AES_CTR_ASM
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-    size_t blocks, const AES_KEY *key,
-    const unsigned char ivec[AES_BLOCK_SIZE]);
-#endif
-#ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp, char *out, size_t len,
-    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp, char *out, size_t len,
-    const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
-#endif
-
-#if     defined(AES_ASM) &&                             (  \
-        ((defined(__i386)       || defined(__i386__)    || \
-          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
-        defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)                              )
-
-#include "x86_arch.h"
-
-#ifdef VPAES_ASM
-#define VPAES_CAPABLE   (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
-#endif
-#ifdef BSAES_ASM
-#define BSAES_CAPABLE   VPAES_CAPABLE
-#endif
-/*
- * AES-NI section
- */
-#define AESNI_CAPABLE   (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI)
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-    AES_KEY *key);
-
-void aesni_encrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-void aesni_decrypt(const unsigned char *in, unsigned char *out,
-    const AES_KEY *key);
-
-void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, int enc);
-void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
-
-void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-    size_t blocks, const void *key, const unsigned char *ivec);
-
-void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-
-void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key1, const AES_KEY *key2,
-    const unsigned char iv[16]);
-
-void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
-    size_t blocks, const void *key, const unsigned char ivec[16],
-    unsigned char cmac[16]);
-
-void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
-    size_t blocks, const void *key, const unsigned char ivec[16],
-    unsigned char cmac[16]);
-
 static int
-aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
 {
-        int ret, mode;
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-        mode = ctx->cipher->flags & EVP_CIPH_MODE;
-        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
-            !enc) {
-                ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
-                    ctx->cipher_data);
-                dat->block = (block128_f)aesni_decrypt;
-                dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                    (cbc128_f)aesni_cbc_encrypt : NULL;
-        } else {
-                ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
-                    ctx->cipher_data);
-                dat->block = (block128_f)aesni_encrypt;
-                if (mode == EVP_CIPH_CBC_MODE)
-                        dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
-                else if (mode == EVP_CIPH_CTR_MODE)
-                        dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
-                else
-                        dat->stream.cbc = NULL;
-        }
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        if (ret < 0) {
+        if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
                 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
                 return 0;
         }
@@ -236,213 +114,54 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 }
 
 static int
-aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t len)
-{
-        aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
-            ctx->encrypt);
-
-        return 1;
-}
-
-static int
-aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t len)
+aes_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int encrypt)
 {
-        size_t  bl = ctx->cipher->block_size;
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        if (len < bl)
-                return 1;
-
-        aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
-
-        return 1;
-}
-
-static int
-aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-        EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-
-        if (!iv && !key)
-                return 1;
-        if (key) {
-                aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
-                    (block128_f)aesni_encrypt);
-                gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
-                /* If we have an iv can set it directly, otherwise use
-                 * saved IV.
-                 */
-                if (iv == NULL && gctx->iv_set)
-                        iv = gctx->iv;
-                if (iv) {
-                        CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-                        gctx->iv_set = 1;
+        if (encrypt) {
+                if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
+                        EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
+                        return 0;
                 }
-                gctx->key_set = 1;
         } else {
-                /* If key set use IV, otherwise copy */
-                if (gctx->key_set)
-                        CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-                else
-                        memcpy(gctx->iv, iv, gctx->ivlen);
-                gctx->iv_set = 1;
-                gctx->iv_gen = 0;
-        }
-        return 1;
-}
-
-static int
-aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-        EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-
-        if (!iv && !key)
-                return 1;
-
-        if (key) {
-                /* key_len is two AES keys */
-                if (enc) {
-                        aesni_set_encrypt_key(key, ctx->key_len * 4,
-                            &xctx->ks1);
-                        xctx->xts.block1 = (block128_f)aesni_encrypt;
-                        xctx->stream = aesni_xts_encrypt;
-                } else {
-                        aesni_set_decrypt_key(key, ctx->key_len * 4,
-                            &xctx->ks1);
-                        xctx->xts.block1 = (block128_f)aesni_decrypt;
-                        xctx->stream = aesni_xts_decrypt;
+                if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
+                        EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
+                        return 0;
                 }
-
-                aesni_set_encrypt_key(key + ctx->key_len / 2,
-                    ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)aesni_encrypt;
-
-                xctx->xts.key1 = &xctx->ks1;
-        }
-
-        if (iv) {
-                xctx->xts.key2 = &xctx->ks2;
-                memcpy(ctx->iv, iv, 16);
         }
 
         return 1;
 }
 
 static int
-aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-        EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-
-        if (!iv && !key)
-                return 1;
-        if (key) {
-                aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                    &cctx->ks, (block128_f)aesni_encrypt);
-                cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
-                    (ccm128_f)aesni_ccm64_decrypt_blocks;
-                cctx->key_set = 1;
-        }
-        if (iv) {
-                memcpy(ctx->iv, iv, 15 - cctx->L);
-                cctx->iv_set = 1;
-        }
-        return 1;
-}
-
-#endif
-
-static int
-aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
+aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t len)
 {
-        int ret, mode;
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-        mode = ctx->cipher->flags & EVP_CIPH_MODE;
-        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
-            !enc)
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_decrypt;
-                        dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_decrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
-                        ret = AES_set_decrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_decrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)AES_cbc_encrypt : NULL;
-                } else
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
-                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_encrypt;
-                        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-                } else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)vpaes_encrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)vpaes_cbc_encrypt : NULL;
-                } else
-#endif
-                {
-                        ret = AES_set_encrypt_key(key, ctx->key_len * 8,
-                            &dat->ks);
-                        dat->block = (block128_f)AES_encrypt;
-                        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
-                            (cbc128_f)AES_cbc_encrypt : NULL;
-#ifdef AES_CTR_ASM
-                        if (mode == EVP_CIPH_CTR_MODE)
-                                dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
-#endif
-                }
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        if (ret < 0) {
-                EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
-                return 0;
-        }
+        AES_cbc_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->encrypt);
 
         return 1;
 }
 
 static int
-aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t len)
+aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int encrypt)
 {
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        if (dat->stream.cbc)
-                (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
-                    ctx->encrypt);
-        else if (ctx->encrypt)
-                CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
-                    dat->block);
-        else
-                CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
-                    dat->block);
+        if (encrypt) {
+                if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
+                        EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
+                        return 0;
+                }
+        } else {
+                if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
+                        EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
+                        return 0;
+                }
+        }
 
         return 1;
 }
@@ -451,15 +170,9 @@ static int
 aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
-        size_t  bl = ctx->cipher->block_size;
-        size_t  i;
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-        if (len < bl)
-                return 1;
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        for (i = 0, len -= bl; i <= len; i += bl)
-                (*dat->block)(in + i, out + i, &dat->ks);
+        aes_ecb_encrypt_internal(in, out, len, &eak->ks, ctx->encrypt);
 
         return 1;
 }
@@ -468,10 +181,10 @@ static int
 aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+        EVP_AES_KEY *eak = ctx->cipher_data;
+
+        AES_ofb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num);
 
-        CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
-            dat->block);
         return 1;
 }
 
@@ -479,10 +192,11 @@ static int
 aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+        EVP_AES_KEY *eak = ctx->cipher_data;
+
+        AES_cfb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
+            ctx->encrypt);
 
-        CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
-            ctx->encrypt, dat->block);
         return 1;
 }
 
@@ -490,10 +204,11 @@ static int
 aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+        EVP_AES_KEY *eak = ctx->cipher_data;
+
+        AES_cfb8_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
+            ctx->encrypt);
 
-        CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
-            ctx->encrypt, dat->block);
         return 1;
 }
 
@@ -501,24 +216,25 @@ static int
 aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+        EVP_AES_KEY *eak = ctx->cipher_data;
 
-        if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
-                CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv,
-                    &ctx->num, ctx->encrypt, dat->block);
+        if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
+                AES_cfb1_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
+                    ctx->encrypt);
                 return 1;
         }
 
         while (len >= MAXBITCHUNK) {
-                CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
-                    ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+                AES_cfb1_encrypt(in, out, MAXBITCHUNK * 8, &eak->ks, ctx->iv,
+                    &ctx->num, ctx->encrypt);
                 len -= MAXBITCHUNK;
                 in += MAXBITCHUNK;
                 out += MAXBITCHUNK;
         }
-        if (len)
-                CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
-                    ctx->iv, &ctx->num, ctx->encrypt, dat->block);
+        if (len > 0) {
+                AES_cfb1_encrypt(in, out, len * 8, &eak->ks, ctx->iv, &ctx->num,
+                    ctx->encrypt);
+        }
 
         return 1;
 }
@@ -527,40 +243,23 @@ static int
 aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t len)
 {
+        EVP_AES_KEY *eak = ctx->cipher_data;
         unsigned int num = ctx->num;
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
 
-        if (dat->stream.ctr)
-                CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                    ctx->iv, ctx->buf, &num, dat->stream.ctr);
-        else
-                CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                    ctx->iv, ctx->buf, &num, dat->block);
+        AES_ctr128_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->buf, &num);
+
         ctx->num = (size_t)num;
+
         return 1;
 }
 
-
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_cbc = {
-        .nid = NID_aes_128_cbc,
-        .block_size = 16,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_cbc_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_cbc = {
         .nid = NID_aes_128_cbc,
         .block_size = 16,
         .key_len = 16,
         .iv_len = 16,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aes_init_key,
+        .init = aes_cbc_init_key,
         .do_cipher = aes_cbc_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -568,34 +267,17 @@ static const EVP_CIPHER aes_128_cbc = {
 const EVP_CIPHER *
 EVP_aes_128_cbc(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc;
-#else
         return &aes_128_cbc;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_cbc);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ecb = {
-        .nid = NID_aes_128_ecb,
-        .block_size = 16,
-        .key_len = 16,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_ecb = {
         .nid = NID_aes_128_ecb,
         .block_size = 16,
         .key_len = 16,
         .iv_len = 0,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_init_key,
+        .init = aes_ecb_init_key,
         .do_cipher = aes_ecb_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -603,27 +285,10 @@ static const EVP_CIPHER aes_128_ecb = {
 const EVP_CIPHER *
 EVP_aes_128_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
-#else
         return &aes_128_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ecb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ofb = {
-        .nid = NID_aes_128_ofb128,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ofb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_ofb = {
         .nid = NID_aes_128_ofb128,
         .block_size = 1,
@@ -638,27 +303,10 @@ static const EVP_CIPHER aes_128_ofb = {
 const EVP_CIPHER *
 EVP_aes_128_ofb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb;
-#else
         return &aes_128_ofb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ofb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_cfb = {
-        .nid = NID_aes_128_cfb128,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_cfb = {
         .nid = NID_aes_128_cfb128,
         .block_size = 1,
@@ -673,27 +321,10 @@ static const EVP_CIPHER aes_128_cfb = {
 const EVP_CIPHER *
 EVP_aes_128_cfb128(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb;
-#else
         return &aes_128_cfb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_cfb128);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_cfb1 = {
-        .nid = NID_aes_128_cfb1,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb1_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_cfb1 = {
         .nid = NID_aes_128_cfb1,
         .block_size = 1,
@@ -708,27 +339,10 @@ static const EVP_CIPHER aes_128_cfb1 = {
 const EVP_CIPHER *
 EVP_aes_128_cfb1(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1;
-#else
         return &aes_128_cfb1;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_cfb1);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_cfb8 = {
-        .nid = NID_aes_128_cfb8,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb8_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_cfb8 = {
         .nid = NID_aes_128_cfb8,
         .block_size = 1,
@@ -743,27 +357,10 @@ static const EVP_CIPHER aes_128_cfb8 = {
 const EVP_CIPHER *
 EVP_aes_128_cfb8(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8;
-#else
         return &aes_128_cfb8;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_cfb8);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ctr = {
-        .nid = NID_aes_128_ctr,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_128_ctr = {
         .nid = NID_aes_128_ctr,
         .block_size = 1,
@@ -778,35 +375,17 @@ static const EVP_CIPHER aes_128_ctr = {
 const EVP_CIPHER *
 EVP_aes_128_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
-#else
         return &aes_128_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ctr);
 
-
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_cbc = {
-        .nid = NID_aes_192_cbc,
-        .block_size = 16,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_cbc_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_cbc = {
         .nid = NID_aes_192_cbc,
         .block_size = 16,
         .key_len = 24,
         .iv_len = 16,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aes_init_key,
+        .init = aes_cbc_init_key,
         .do_cipher = aes_cbc_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -814,34 +393,17 @@ static const EVP_CIPHER aes_192_cbc = {
 const EVP_CIPHER *
 EVP_aes_192_cbc(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc;
-#else
         return &aes_192_cbc;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_cbc);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ecb = {
-        .nid = NID_aes_192_ecb,
-        .block_size = 16,
-        .key_len = 24,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_ecb = {
         .nid = NID_aes_192_ecb,
         .block_size = 16,
         .key_len = 24,
         .iv_len = 0,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_init_key,
+        .init = aes_ecb_init_key,
         .do_cipher = aes_ecb_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -849,27 +411,10 @@ static const EVP_CIPHER aes_192_ecb = {
 const EVP_CIPHER *
 EVP_aes_192_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
-#else
         return &aes_192_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ecb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ofb = {
-        .nid = NID_aes_192_ofb128,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ofb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_ofb = {
         .nid = NID_aes_192_ofb128,
         .block_size = 1,
@@ -884,27 +429,10 @@ static const EVP_CIPHER aes_192_ofb = {
 const EVP_CIPHER *
 EVP_aes_192_ofb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb;
-#else
         return &aes_192_ofb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ofb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_cfb = {
-        .nid = NID_aes_192_cfb128,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_cfb = {
         .nid = NID_aes_192_cfb128,
         .block_size = 1,
@@ -919,27 +447,10 @@ static const EVP_CIPHER aes_192_cfb = {
 const EVP_CIPHER *
 EVP_aes_192_cfb128(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb;
-#else
         return &aes_192_cfb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_cfb128);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_cfb1 = {
-        .nid = NID_aes_192_cfb1,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb1_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_cfb1 = {
         .nid = NID_aes_192_cfb1,
         .block_size = 1,
@@ -954,27 +465,10 @@ static const EVP_CIPHER aes_192_cfb1 = {
 const EVP_CIPHER *
 EVP_aes_192_cfb1(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1;
-#else
         return &aes_192_cfb1;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_cfb1);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_cfb8 = {
-        .nid = NID_aes_192_cfb8,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb8_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_cfb8 = {
         .nid = NID_aes_192_cfb8,
         .block_size = 1,
@@ -989,27 +483,10 @@ static const EVP_CIPHER aes_192_cfb8 = {
 const EVP_CIPHER *
 EVP_aes_192_cfb8(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8;
-#else
         return &aes_192_cfb8;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_cfb8);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ctr = {
-        .nid = NID_aes_192_ctr,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_192_ctr = {
         .nid = NID_aes_192_ctr,
         .block_size = 1,
@@ -1024,35 +501,17 @@ static const EVP_CIPHER aes_192_ctr = {
 const EVP_CIPHER *
 EVP_aes_192_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
-#else
         return &aes_192_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ctr);
 
-
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_cbc = {
-        .nid = NID_aes_256_cbc,
-        .block_size = 16,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_cbc_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_cbc = {
         .nid = NID_aes_256_cbc,
         .block_size = 16,
         .key_len = 32,
         .iv_len = 16,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
-        .init = aes_init_key,
+        .init = aes_cbc_init_key,
         .do_cipher = aes_cbc_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -1060,34 +519,17 @@ static const EVP_CIPHER aes_256_cbc = {
 const EVP_CIPHER *
 EVP_aes_256_cbc(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc;
-#else
         return &aes_256_cbc;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_cbc);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ecb = {
-        .nid = NID_aes_256_ecb,
-        .block_size = 16,
-        .key_len = 32,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_ecb = {
         .nid = NID_aes_256_ecb,
         .block_size = 16,
         .key_len = 32,
         .iv_len = 0,
         .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_init_key,
+        .init = aes_ecb_init_key,
         .do_cipher = aes_ecb_cipher,
         .ctx_size = sizeof(EVP_AES_KEY),
 };
@@ -1095,27 +537,10 @@ static const EVP_CIPHER aes_256_ecb = {
 const EVP_CIPHER *
 EVP_aes_256_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
-#else
         return &aes_256_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ecb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ofb = {
-        .nid = NID_aes_256_ofb128,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ofb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_ofb = {
         .nid = NID_aes_256_ofb128,
         .block_size = 1,
@@ -1130,27 +555,10 @@ static const EVP_CIPHER aes_256_ofb = {
 const EVP_CIPHER *
 EVP_aes_256_ofb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb;
-#else
         return &aes_256_ofb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ofb);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_cfb = {
-        .nid = NID_aes_256_cfb128,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_cfb = {
         .nid = NID_aes_256_cfb128,
         .block_size = 1,
@@ -1165,27 +573,10 @@ static const EVP_CIPHER aes_256_cfb = {
 const EVP_CIPHER *
 EVP_aes_256_cfb128(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb;
-#else
         return &aes_256_cfb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_cfb128);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_cfb1 = {
-        .nid = NID_aes_256_cfb1,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb1_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_cfb1 = {
         .nid = NID_aes_256_cfb1,
         .block_size = 1,
@@ -1200,27 +591,10 @@ static const EVP_CIPHER aes_256_cfb1 = {
 const EVP_CIPHER *
 EVP_aes_256_cfb1(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1;
-#else
         return &aes_256_cfb1;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_cfb1);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_cfb8 = {
-        .nid = NID_aes_256_cfb8,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CFB_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_cfb8_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_cfb8 = {
         .nid = NID_aes_256_cfb8,
         .block_size = 1,
@@ -1235,27 +609,10 @@ static const EVP_CIPHER aes_256_cfb8 = {
 const EVP_CIPHER *
 EVP_aes_256_cfb8(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8;
-#else
         return &aes_256_cfb8;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_cfb8);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ctr = {
-        .nid = NID_aes_256_ctr,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
-
 static const EVP_CIPHER aes_256_ctr = {
         .nid = NID_aes_256_ctr,
         .block_size = 1,
@@ -1270,11 +627,7 @@ static const EVP_CIPHER aes_256_ctr = {
 const EVP_CIPHER *
 EVP_aes_256_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
-#else
         return &aes_256_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ctr);
 
@@ -1455,35 +808,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         }
 }
 
-static ctr128_f
-aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
-    const unsigned char *key, size_t key_len)
-{
-#ifdef BSAES_CAPABLE
-        if (BSAES_CAPABLE) {
-                AES_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
-                return (ctr128_f)bsaes_ctr32_encrypt_blocks;
-        } else
-#endif
-#ifdef VPAES_CAPABLE
-        if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, key_len * 8, aes_key);
-                CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
-                return NULL;
-        } else
-#endif
-                (void)0; /* terminate potentially open 'else' */
-
-        AES_set_encrypt_key(key, key_len * 8, aes_key);
-        CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
-#ifdef AES_CTR_ASM
-        return (ctr128_f)AES_ctr32_encrypt;
-#else
-        return NULL;
-#endif
-}
-
 static int
 aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
@@ -1493,8 +817,8 @@ aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         if (!iv && !key)
                 return 1;
         if (key) {
-                gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm,
-                    key, ctx->key_len);
+                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, aes_encrypt_block128);
 
                 /* If we have an iv can set it directly, otherwise use
                  * saved IV.
@@ -1554,14 +878,9 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
         if (ctx->encrypt) {
                 /* Encrypt payload */
-                if (gctx->ctr) {
-                        if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out,
-                            len, gctx->ctr))
-                                goto err;
-                } else {
-                        if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
-                                goto err;
-                }
+                if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, len,
+                    aes_ctr32_encrypt_ctr128f))
+                        goto err;
                 out += len;
 
                 /* Finally write tag */
@@ -1569,19 +888,15 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
         } else {
                 /* Decrypt */
-                if (gctx->ctr) {
-                        if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out,
-                            len, gctx->ctr))
-                                goto err;
-                } else {
-                        if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
-                                goto err;
-                }
+                if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, len,
+                    aes_ctr32_encrypt_ctr128f))
+                        goto err;
+
                 /* Retrieve tag */
                 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
 
                 /* If tag mismatch wipe buffer */
-                if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+                if (timingsafe_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN) != 0) {
                         explicit_bzero(out, len);
                         goto err;
                 }
@@ -1615,25 +930,13 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                         if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
                                 return -1;
                 } else if (ctx->encrypt) {
-                        if (gctx->ctr) {
-                                if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
-                                    in, out, len, gctx->ctr))
-                                        return -1;
-                        } else {
-                                if (CRYPTO_gcm128_encrypt(&gctx->gcm,
-                                    in, out, len))
-                                        return -1;
-                        }
+                        if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                            in, out, len, aes_ctr32_encrypt_ctr128f))
+                                return -1;
                 } else {
-                        if (gctx->ctr) {
-                                if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
-                                    in, out, len, gctx->ctr))
-                                        return -1;
-                        } else {
-                                if (CRYPTO_gcm128_decrypt(&gctx->gcm,
-                                    in, out, len))
-                                        return -1;
-                        }
+                        if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                            in, out, len, aes_ctr32_encrypt_ctr128f))
+                                return -1;
                 }
                 return len;
         } else {
@@ -1662,22 +965,6 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
       EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \
       EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
 
-
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_gcm = {
-        .nid = NID_aes_128_gcm,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 12,
-        .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
-        .init = aesni_gcm_init_key,
-        .do_cipher = aes_gcm_cipher,
-        .cleanup = aes_gcm_cleanup,
-        .ctx_size = sizeof(EVP_AES_GCM_CTX),
-        .ctrl = aes_gcm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_128_gcm = {
         .nid = NID_aes_128_gcm,
         .block_size = 1,
@@ -1694,29 +981,10 @@ static const EVP_CIPHER aes_128_gcm = {
 const EVP_CIPHER *
 EVP_aes_128_gcm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm;
-#else
         return &aes_128_gcm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_gcm);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_gcm = {
-        .nid = NID_aes_192_gcm,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 12,
-        .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
-        .init = aesni_gcm_init_key,
-        .do_cipher = aes_gcm_cipher,
-        .cleanup = aes_gcm_cleanup,
-        .ctx_size = sizeof(EVP_AES_GCM_CTX),
-        .ctrl = aes_gcm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_192_gcm = {
         .nid = NID_aes_192_gcm,
         .block_size = 1,
@@ -1733,29 +1001,10 @@ static const EVP_CIPHER aes_192_gcm = {
 const EVP_CIPHER *
 EVP_aes_192_gcm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm;
-#else
         return &aes_192_gcm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_gcm);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_gcm = {
-        .nid = NID_aes_256_gcm,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 12,
-        .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
-        .init = aesni_gcm_init_key,
-        .do_cipher = aes_gcm_cipher,
-        .cleanup = aes_gcm_cleanup,
-        .ctx_size = sizeof(EVP_AES_GCM_CTX),
-        .ctrl = aes_gcm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_256_gcm = {
         .nid = NID_aes_256_gcm,
         .block_size = 1,
@@ -1772,11 +1021,7 @@ static const EVP_CIPHER aes_256_gcm = {
 const EVP_CIPHER *
 EVP_aes_256_gcm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm;
-#else
         return &aes_256_gcm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_gcm);
 
@@ -1818,64 +1063,24 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
 static int
 aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
+    const unsigned char *iv, int encrypt)
 {
         EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
 
-        if (!iv && !key)
-                return 1;
-
-        if (key) do {
-#ifdef AES_XTS_ASM
-                xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
-#else
-                xctx->stream = NULL;
-#endif
+        if (key != NULL) {
                 /* key_len is two AES keys */
-#ifdef BSAES_CAPABLE
-                if (BSAES_CAPABLE)
-                        xctx->stream = enc ? bsaes_xts_encrypt :
-                            bsaes_xts_decrypt;
-                else
-#endif
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        if (enc) {
-                                vpaes_set_encrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_encrypt;
-                        } else {
-                                vpaes_set_decrypt_key(key, ctx->key_len * 4,
-                                    &xctx->ks1);
-                                xctx->xts.block1 = (block128_f)vpaes_decrypt;
-                        }
-
-                        vpaes_set_encrypt_key(key + ctx->key_len / 2,
-                            ctx->key_len * 4, &xctx->ks2);
-                        xctx->xts.block2 = (block128_f)vpaes_encrypt;
-
-                        xctx->xts.key1 = &xctx->ks1;
-                        break;
-                } else
-#endif
-                        (void)0;        /* terminate potentially open 'else' */
-
-                if (enc) {
+                if (encrypt)
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-                        xctx->xts.block1 = (block128_f)AES_encrypt;
-                } else {
+                else
                         AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-                        xctx->xts.block1 = (block128_f)AES_decrypt;
-                }
 
-                AES_set_encrypt_key(key + ctx->key_len / 2,
-                    ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)AES_encrypt;
+                AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4,
+                    &xctx->ks2);
 
                 xctx->xts.key1 = &xctx->ks1;
-        } while (0);
+        }
 
-        if (iv) {
+        if (iv != NULL) {
                 xctx->xts.key2 = &xctx->ks2;
                 memcpy(ctx->iv, iv, 16);
         }
@@ -1889,17 +1094,15 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
         EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
 
-        if (!xctx->xts.key1 || !xctx->xts.key2)
-                return 0;
-        if (!out || !in || len < AES_BLOCK_SIZE)
+        if (xctx->xts.key1 == NULL || xctx->xts.key2 == NULL)
                 return 0;
 
-        if (xctx->stream)
-                (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
-                    ctx->iv);
-        else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
-            ctx->encrypt))
+        if (out == NULL || in == NULL || len < AES_BLOCK_SIZE)
                 return 0;
+
+        aes_xts_encrypt_internal(in, out, len, xctx->xts.key1, xctx->xts.key2,
+            ctx->iv, ctx->encrypt);
+
         return 1;
 }
 
@@ -1907,22 +1110,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
       EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
 
-
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_xts = {
-        .nid = NID_aes_128_xts,
-        .block_size = 1,
-        .key_len = 2 * 16,
-        .iv_len = 16,
-        .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
-        .init = aesni_xts_init_key,
-        .do_cipher = aes_xts_cipher,
-        .cleanup = NULL,
-        .ctx_size = sizeof(EVP_AES_XTS_CTX),
-        .ctrl = aes_xts_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_128_xts = {
         .nid = NID_aes_128_xts,
         .block_size = 1,
@@ -1939,29 +1126,10 @@ static const EVP_CIPHER aes_128_xts = {
 const EVP_CIPHER *
 EVP_aes_128_xts(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts;
-#else
         return &aes_128_xts;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_xts);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_xts = {
-        .nid = NID_aes_256_xts,
-        .block_size = 1,
-        .key_len = 2 * 32,
-        .iv_len = 16,
-        .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
-        .init = aesni_xts_init_key,
-        .do_cipher = aes_xts_cipher,
-        .cleanup = NULL,
-        .ctx_size = sizeof(EVP_AES_XTS_CTX),
-        .ctrl = aes_xts_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_256_xts = {
         .nid = NID_aes_256_xts,
         .block_size = 1,
@@ -1978,11 +1146,7 @@ static const EVP_CIPHER aes_256_xts = {
 const EVP_CIPHER *
 EVP_aes_256_xts(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts;
-#else
         return &aes_256_xts;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_xts);
 
@@ -2062,23 +1226,12 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
         if (!iv && !key)
                 return 1;
-        if (key) do {
-#ifdef VPAES_CAPABLE
-                if (VPAES_CAPABLE) {
-                        vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
-                        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                            &cctx->ks, (block128_f)vpaes_encrypt);
-                        cctx->str = NULL;
-                        cctx->key_set = 1;
-                        break;
-                }
-#endif
+        if (key) {
                 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                    &cctx->ks, (block128_f)AES_encrypt);
-                cctx->str = NULL;
+                    &cctx->ks, aes_encrypt_block128);
                 cctx->key_set = 1;
-        } while (0);
+        }
         if (iv) {
                 memcpy(ctx->iv, iv, 15 - cctx->L);
                 cctx->iv_set = 1;
@@ -2094,7 +1247,14 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CCM128_CONTEXT *ccm = &cctx->ccm;
 
         /* If not set up, return error */
-        if (!cctx->iv_set && !cctx->key_set)
+        if (!cctx->key_set)
+                return -1;
+
+        /* EVP_*Final() doesn't return any data */
+        if (in == NULL && out != NULL)
+                return 0;
+
+        if (!cctx->iv_set)
                 return -1;
         if (!ctx->encrypt && !cctx->tag_set)
                 return -1;
@@ -2113,9 +1273,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 CRYPTO_ccm128_aad(ccm, in, len);
                 return len;
         }
-        /* EVP_*Final() doesn't return any data */
-        if (!in)
-                return 0;
+
         /* If not set length yet do it */
         if (!cctx->len_set) {
                 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
@@ -2123,18 +1281,18 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 cctx->len_set = 1;
         }
         if (ctx->encrypt) {
-                if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
-                    cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+                if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                    aes_ccm64_encrypt_ccm128f) != 0)
                         return -1;
                 cctx->tag_set = 1;
                 return len;
         } else {
                 int rv = -1;
-                if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
-                    cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+                if (CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                    aes_ccm64_decrypt_ccm128f) == 0) {
                         unsigned char tag[16];
                         if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
-                                if (!memcmp(tag, ctx->buf, cctx->M))
+                                if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0)
                                         rv = len;
                         }
                 }
@@ -2145,24 +1303,8 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 cctx->len_set = 0;
                 return rv;
         }
-
 }
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ccm = {
-        .nid = NID_aes_128_ccm,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 12,
-        .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
-        .init = aesni_ccm_init_key,
-        .do_cipher = aes_ccm_cipher,
-        .cleanup = NULL,
-        .ctx_size = sizeof(EVP_AES_CCM_CTX),
-        .ctrl = aes_ccm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_128_ccm = {
         .nid = NID_aes_128_ccm,
         .block_size = 1,
@@ -2179,29 +1321,10 @@ static const EVP_CIPHER aes_128_ccm = {
 const EVP_CIPHER *
 EVP_aes_128_ccm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm;
-#else
         return &aes_128_ccm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ccm);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ccm = {
-        .nid = NID_aes_192_ccm,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 12,
-        .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
-        .init = aesni_ccm_init_key,
-        .do_cipher = aes_ccm_cipher,
-        .cleanup = NULL,
-        .ctx_size = sizeof(EVP_AES_CCM_CTX),
-        .ctrl = aes_ccm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_192_ccm = {
         .nid = NID_aes_192_ccm,
         .block_size = 1,
@@ -2218,29 +1341,10 @@ static const EVP_CIPHER aes_192_ccm = {
 const EVP_CIPHER *
 EVP_aes_192_ccm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm;
-#else
         return &aes_192_ccm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ccm);
 
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ccm = {
-        .nid = NID_aes_256_ccm,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 12,
-        .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
-        .init = aesni_ccm_init_key,
-        .do_cipher = aes_ccm_cipher,
-        .cleanup = NULL,
-        .ctx_size = sizeof(EVP_AES_CCM_CTX),
-        .ctrl = aes_ccm_ctrl,
-};
-#endif
-
 static const EVP_CIPHER aes_256_ccm = {
         .nid = NID_aes_256_ccm,
         .block_size = 1,
@@ -2257,11 +1361,7 @@ static const EVP_CIPHER aes_256_ccm = {
 const EVP_CIPHER *
 EVP_aes_256_ccm(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm;
-#else
         return &aes_256_ccm;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ccm);
 
@@ -2273,7 +1373,6 @@ struct aead_aes_gcm_ctx {
                 AES_KEY ks;
         } ks;
         GCM128_CONTEXT gcm;
-        ctr128_f ctr;
         unsigned char tag_len;
 };
 
@@ -2301,18 +1400,8 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
         if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL)
                 return 0;
 
-#ifdef AESNI_CAPABLE
-        if (AESNI_CAPABLE) {
-                aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
-                CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks,
-                    (block128_f)aesni_encrypt);
-                gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
-        } else
-#endif
-        {
-                gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm,
-                    key, key_len);
-        }
+        AES_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
+        CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, aes_encrypt_block128);
         gcm_ctx->tag_len = tag_len;
         ctx->aead_state = gcm_ctx;
 
@@ -2353,15 +1442,9 @@ aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
         if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
                 return 0;
 
-        if (gcm_ctx->ctr) {
-                if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
-                    in_len - bulk, gcm_ctx->ctr))
-                        return 0;
-        } else {
-                if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk,
-                    in_len - bulk))
-                        return 0;
-        }
+        if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
+            in_len - bulk, aes_ctr32_encrypt_ctr128f))
+                return 0;
 
         CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len);
         *out_len = in_len + gcm_ctx->tag_len;
@@ -2404,15 +1487,9 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
         if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
                 return 0;
 
-        if (gcm_ctx->ctr) {
-                if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
-                    in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr))
-                        return 0;
-        } else {
-                if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
-                    in_len - bulk - gcm_ctx->tag_len))
-                        return 0;
-        }
+        if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
+            in_len - bulk - gcm_ctx->tag_len, aes_ctr32_encrypt_ctr128f))
+                return 0;
 
         CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
         if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index 4f3799975b..8c32a5658e 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_bf.c,v 1.19 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_bf.c,v 1.20 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,13 +162,14 @@ static const EVP_CIPHER bf_cbc = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = bf_init_key,
         .do_cipher = bf_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_BF_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -184,13 +185,14 @@ static const EVP_CIPHER bf_cfb64 = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = bf_init_key,
         .do_cipher = bf_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_BF_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -206,13 +208,14 @@ static const EVP_CIPHER bf_ofb = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = bf_init_key,
         .do_cipher = bf_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_BF_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -228,13 +231,14 @@ static const EVP_CIPHER bf_ecb = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 0,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = bf_init_key,
         .do_cipher = bf_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_BF_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 55dcc79922..8da46275a3 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_camellia.c,v 1.20 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_camellia.c,v 1.22 2025/05/27 03:58:12 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
@@ -59,9 +59,9 @@
 
 #ifndef OPENSSL_NO_CAMELLIA
 #include <openssl/evp.h>
-#include <openssl/err.h>
 #include <openssl/camellia.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 /* Camellia subkey Structure */
@@ -163,13 +163,13 @@ static const EVP_CIPHER camellia_128_cbc = {
         .block_size = 16,
         .key_len = 16,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -185,13 +185,13 @@ static const EVP_CIPHER camellia_128_cfb128 = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_cfb128_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -207,13 +207,13 @@ static const EVP_CIPHER camellia_128_ofb = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -229,13 +229,13 @@ static const EVP_CIPHER camellia_128_ecb = {
         .block_size = 16,
         .key_len = 16,
         .iv_len = 0,
-        .flags = 0 | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -321,13 +321,13 @@ static const EVP_CIPHER camellia_192_cbc = {
         .block_size = 16,
         .key_len = 24,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -343,13 +343,13 @@ static const EVP_CIPHER camellia_192_cfb128 = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_cfb128_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -365,13 +365,13 @@ static const EVP_CIPHER camellia_192_ofb = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -387,13 +387,13 @@ static const EVP_CIPHER camellia_192_ecb = {
         .block_size = 16,
         .key_len = 24,
         .iv_len = 0,
-        .flags = 0 | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -479,13 +479,13 @@ static const EVP_CIPHER camellia_256_cbc = {
         .block_size = 16,
         .key_len = 32,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -501,13 +501,13 @@ static const EVP_CIPHER camellia_256_cfb128 = {
         .block_size = 1,
         .key_len = 32,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_cfb128_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -523,13 +523,13 @@ static const EVP_CIPHER camellia_256_ofb = {
         .block_size = 1,
         .key_len = 32,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -545,13 +545,13 @@ static const EVP_CIPHER camellia_256_ecb = {
         .block_size = 16,
         .key_len = 32,
         .iv_len = 0,
-        .flags = 0 | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -589,13 +589,13 @@ static const EVP_CIPHER camellia_128_cfb1 = {
         .block_size = 1,
         .key_len = 128/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_cfb1_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -633,13 +633,13 @@ static const EVP_CIPHER camellia_192_cfb1 = {
         .block_size = 1,
         .key_len = 192/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_cfb1_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -677,13 +677,13 @@ static const EVP_CIPHER camellia_256_cfb1 = {
         .block_size = 1,
         .key_len = 256/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_cfb1_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -720,13 +720,13 @@ static const EVP_CIPHER camellia_128_cfb8 = {
         .block_size = 1,
         .key_len = 128/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_128_cfb8_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -762,13 +762,13 @@ static const EVP_CIPHER camellia_192_cfb8 = {
         .block_size = 1,
         .key_len = 192/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_192_cfb8_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -804,13 +804,13 @@ static const EVP_CIPHER camellia_256_cfb8 = {
         .block_size = 1,
         .key_len = 256/8,
         .iv_len = 16,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = camellia_init_key,
         .do_cipher = camellia_256_cfb8_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAMELLIA_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index 1575a7a5bb..283cb8cf63 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_cast.c,v 1.19 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,13 +162,14 @@ static const EVP_CIPHER cast5_cbc = {
         .block_size = 8,
         .key_len = CAST_KEY_LENGTH,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = cast_init_key,
         .do_cipher = cast5_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAST_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -184,13 +185,14 @@ static const EVP_CIPHER cast5_cfb64 = {
         .block_size = 1,
         .key_len = CAST_KEY_LENGTH,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = cast_init_key,
         .do_cipher = cast5_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAST_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -206,13 +208,14 @@ static const EVP_CIPHER cast5_ofb = {
         .block_size = 1,
         .key_len = CAST_KEY_LENGTH,
         .iv_len = 8,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = cast_init_key,
         .do_cipher = cast5_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAST_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -228,13 +231,14 @@ static const EVP_CIPHER cast5_ecb = {
         .block_size = 8,
         .key_len = CAST_KEY_LENGTH,
         .iv_len = 0,
-        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = cast_init_key,
         .do_cipher = cast5_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(EVP_CAST_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index d176569f90..d3a1e44875 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.37 2024/12/20 20:05:29 schwarze Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.38 2025/05/10 05:54:38 tb Exp $ */
 
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -26,12 +26,12 @@
 
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/chacha.h>
 #include <openssl/poly1305.h>
 
 #include "bytestring.h"
+#include "err_local.h"
 #include "evp_local.h"
 
 #define POLY1305_TAG_LEN 16
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index fb335e95b1..680f77a723 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.24 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_des.c,v 1.25 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -226,13 +226,14 @@ static const EVP_CIPHER des_cbc = {
         .block_size = 8,
         .key_len = 8,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
@@ -248,13 +249,14 @@ static const EVP_CIPHER des_cfb64 = {
         .block_size = 1,
         .key_len = 8,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
@@ -270,13 +272,14 @@ static const EVP_CIPHER des_ofb = {
         .block_size = 1,
         .key_len = 8,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
@@ -292,13 +295,14 @@ static const EVP_CIPHER des_ecb = {
         .block_size = 8,
         .key_len = 8,
         .iv_len = 0,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
@@ -314,13 +318,14 @@ static const EVP_CIPHER des_cfb1 = {
         .block_size = 1,
         .key_len = 8,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_cfb1_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
@@ -336,13 +341,14 @@ static const EVP_CIPHER des_cfb8 = {
         .block_size = 1,
         .key_len = 8,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_init_key,
         .do_cipher = des_cfb8_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_key_schedule),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des_ctrl,
 };
 
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 48fbcdb366..f3eb4cce1b 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.30 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_des3.c,v 1.31 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -258,13 +258,14 @@ static const EVP_CIPHER des_ede_cbc = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
+           EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede_init_key,
         .do_cipher = des_ede_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -280,13 +281,14 @@ static const EVP_CIPHER des_ede_cfb64 = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede_init_key,
         .do_cipher = des_ede_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -307,8 +309,8 @@ static const EVP_CIPHER des_ede_ofb = {
         .do_cipher = des_ede_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -324,13 +326,14 @@ static const EVP_CIPHER des_ede_ecb = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 0,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede_init_key,
         .do_cipher = des_ede_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -352,13 +355,14 @@ static const EVP_CIPHER des_ede3_cbc = {
         .block_size = 8,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -374,13 +378,14 @@ static const EVP_CIPHER des_ede3_cfb64 = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -396,13 +401,14 @@ static const EVP_CIPHER des_ede3_ofb = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -418,13 +424,14 @@ static const EVP_CIPHER des_ede3_ecb = {
         .block_size = 8,
         .key_len = 24,
         .iv_len = 0,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -441,13 +448,14 @@ static const EVP_CIPHER des_ede3_cfb1 = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_cfb1_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
@@ -464,13 +472,14 @@ static const EVP_CIPHER des_ede3_cfb8 = {
         .block_size = 1,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
+            EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = des_ede3_init_key,
         .do_cipher = des_ede3_cfb8_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DES_EDE_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = des3_ctrl,
 };
 
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 86cf77602a..5d33a110fd 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_idea.c,v 1.23 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -181,13 +181,13 @@ static const EVP_CIPHER idea_cbc = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 8,
-        .flags = 0 | EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = idea_init_key,
         .do_cipher = idea_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -203,13 +203,13 @@ static const EVP_CIPHER idea_cfb64 = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 8,
-        .flags = 0 | EVP_CIPH_CFB_MODE,
+        .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = idea_init_key,
         .do_cipher = idea_cfb64_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -225,13 +225,13 @@ static const EVP_CIPHER idea_ofb = {
         .block_size = 1,
         .key_len = 16,
         .iv_len = 8,
-        .flags = 0 | EVP_CIPH_OFB_MODE,
+        .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = idea_init_key,
         .do_cipher = idea_ofb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
@@ -247,13 +247,13 @@ static const EVP_CIPHER idea_ecb = {
         .block_size = 8,
         .key_len = 16,
         .iv_len = 0,
-        .flags = 0 | EVP_CIPH_ECB_MODE,
+        .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = idea_init_key,
         .do_cipher = idea_ecb_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index dc404cff20..b7ba60297a 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.30 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -63,11 +63,11 @@
 
 #ifndef OPENSSL_NO_RC2
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/rc2.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 1e3bee0791..1c5e6c32b2 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_xcbc_d.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_xcbc_d.c,v 1.19 2025/05/27 03:58:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -88,13 +88,13 @@ static const EVP_CIPHER d_xcbc_cipher = {
         .block_size = 8,
         .key_len = 24,
         .iv_len = 8,
-        .flags = EVP_CIPH_CBC_MODE,
+        .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
         .init = desx_cbc_init_key,
         .do_cipher = desx_cbc_cipher,
         .cleanup = NULL,
         .ctx_size = sizeof(DESX_CBC_KEY),
-        .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
-        .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
+        .set_asn1_parameters = NULL,
+        .get_asn1_parameters = NULL,
         .ctrl = NULL,
 };
 
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index c2b81d0576..94295e1262 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.138 2025/07/02 06:36:52 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -778,28 +778,24 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey);
 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
 
 #ifndef OPENSSL_NO_RSA
-struct rsa_st;
-struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
+RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
 #endif
 #ifndef OPENSSL_NO_DSA
-struct dsa_st;
-struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
+DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
 #endif
 #ifndef OPENSSL_NO_DH
-struct dh_st;
-struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
 #endif
 #ifndef OPENSSL_NO_EC
-struct ec_key_st;
-struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
+EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
 #endif
 
 EVP_PKEY *EVP_PKEY_new(void);
diff --git a/src/lib/libcrypto/evp/evp_aead.c b/src/lib/libcrypto/evp/evp_aead.c
index b35f5157ed..fdac082217 100644
--- a/src/lib/libcrypto/evp/evp_aead.c
+++ b/src/lib/libcrypto/evp/evp_aead.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_aead.c,v 1.11 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: evp_aead.c,v 1.12 2025/05/10 05:54:38 tb Exp $ */
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -19,8 +19,8 @@
 #include <string.h>
 
 #include <openssl/evp.h>
-#include <openssl/err.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 size_t
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index e9c266d1b9..04e0e1c0b0 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.23 2024/04/10 15:00:38 beck Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.28 2025/07/02 06:19:46 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,10 +115,10 @@
 #include <string.h>
 
 #include <openssl/asn1.h>
-#include <openssl/err.h>
 #include <openssl/evp.h>
 
 #include "asn1_local.h"
+#include "err_local.h"
 #include "evp_local.h"
 
 int
@@ -167,7 +167,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
                 }
 
                 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) {
-                        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
                                 EVPerror(EVP_R_INITIALIZATION_ERROR);
                                 return 0;
                         }
@@ -944,14 +944,20 @@ EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
 LCRYPTO_ALIAS(EVP_CIPHER_CTX_flags);
 
 /*
- * Used by CMS and its predecessors. Only GOST and RC2 have a custom method.
+ * Used by CMS and its predecessors. Only RC2 has a custom method.
  */
 
 int
-EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
+EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 {
         int iv_len;
 
+        if (ctx->cipher->get_asn1_parameters != NULL)
+                return ctx->cipher->get_asn1_parameters(ctx, type);
+
+        if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) == 0)
+                return -1;
+
         if (type == NULL)
                 return 0;
 
@@ -970,21 +976,15 @@ EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 }
 
 int
-EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
+EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 {
-        if (ctx->cipher->get_asn1_parameters != NULL)
-                return ctx->cipher->get_asn1_parameters(ctx, type);
-
-        if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
-                return EVP_CIPHER_get_asn1_iv(ctx, type);
+        int iv_len;
 
-        return -1;
-}
+        if (ctx->cipher->set_asn1_parameters != NULL)
+                return ctx->cipher->set_asn1_parameters(ctx, type);
 
-int
-EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
-{
-        int iv_len;
+        if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) == 0)
+                return -1;
 
         if (type == NULL)
                 return 0;
@@ -998,18 +998,6 @@ EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
         return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len);
 }
 
-int
-EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
-{
-        if (ctx->cipher->set_asn1_parameters != NULL)
-                return ctx->cipher->set_asn1_parameters(ctx, type);
-
-        if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
-                return EVP_CIPHER_set_asn1_iv(ctx, type);
-
-        return -1;
-}
-
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
 int
 EVP_CIPHER_type(const EVP_CIPHER *cipher)
diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
index 0a97d25c7d..8bd6691fbf 100644
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.14 2024/04/10 15:00:38 beck Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.15 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,10 +114,10 @@
 
 #include <openssl/opensslconf.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 int
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index e7c7ec3294..128bec0ac3 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.36 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: evp_key.c,v 1.37 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -59,12 +59,12 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/ui.h>
 #include <openssl/x509.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 /* should be init to zeros. */
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 54cd65d0af..76465643c6 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.26 2025/05/27 03:58:12 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -353,9 +353,7 @@ struct evp_aead_ctx_st {
 };
 
 /* Legacy EVP_CIPHER methods used by CMS and its predecessors. */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
diff --git a/src/lib/libcrypto/evp/evp_names.c b/src/lib/libcrypto/evp/evp_names.c
index 817d33602c..8757d191dd 100644
--- a/src/lib/libcrypto/evp/evp_names.c
+++ b/src/lib/libcrypto/evp/evp_names.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: evp_names.c,v 1.18 2024/08/31 10:38:49 tb Exp $ */
+/*      $OpenBSD: evp_names.c,v 1.19 2025/05/10 05:54:38 tb Exp $ */
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
  *
@@ -15,7 +15,6 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 88ceb14033..cb2ace1fd0 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.50 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.51 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -60,13 +60,13 @@
 #include <string.h>
 
 #include <openssl/asn1.h>
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/objects.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 #include "hmac_local.h"
 #include "pkcs12_local.h"
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index a1e127352a..1c0b8b41e9 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pkey.c,v 1.33 2025/02/04 04:51:34 tb Exp $ */
+/* $OpenBSD: evp_pkey.c,v 1.34 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -60,10 +60,10 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/err.h>
 #include <openssl/x509.h>
 
 #include "asn1_local.h"
+#include "err_local.h"
 #include "evp_local.h"
 
 /* Extract a private key from a PKCS8 structure */
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index a3353854f1..66e4752242 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.27 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.28 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 static int
diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
index 01cfdbcd6a..7c958a16e3 100644
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: p_legacy.c,v 1.6 2024/04/09 13:52:41 beck Exp $ */
+/*      $OpenBSD: p_legacy.c,v 1.7 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -59,10 +59,10 @@
 #include <stdlib.h>
 
 #include <openssl/evp.h>
-#include <openssl/err.h>
 
 #include <openssl/rsa.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 int
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 95c7721303..3f88185737 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.61 2024/08/22 12:24:24 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.63 2025/07/02 06:36:52 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -111,7 +111,6 @@
 #include <openssl/bio.h>
 #include <openssl/cmac.h>
 #include <openssl/crypto.h>
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -129,6 +128,7 @@
 #include <openssl/rsa.h>
 #endif
 
+#include "err_local.h"
 #include "evp_local.h"
 
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
@@ -628,7 +628,7 @@ LCRYPTO_ALIAS(EVP_PKEY_get0_hmac);
 
 #ifndef OPENSSL_NO_RSA
 RSA *
-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
 {
         if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS)
                 return pkey->pkey.rsa;
@@ -639,7 +639,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 LCRYPTO_ALIAS(EVP_PKEY_get0_RSA);
 
 RSA *
-EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+EVP_PKEY_get1_RSA(const EVP_PKEY *pkey)
 {
         RSA *rsa;
 
@@ -665,7 +665,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_RSA);
 
 #ifndef OPENSSL_NO_DSA
 DSA *
-EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
+EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_DSA) {
                 EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
@@ -676,7 +676,7 @@ EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
 LCRYPTO_ALIAS(EVP_PKEY_get0_DSA);
 
 DSA *
-EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+EVP_PKEY_get1_DSA(const EVP_PKEY *pkey)
 {
         DSA *dsa;
 
@@ -702,7 +702,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_DSA);
 
 #ifndef OPENSSL_NO_EC
 EC_KEY *
-EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_EC) {
                 EVPerror(EVP_R_EXPECTING_A_EC_KEY);
@@ -713,7 +713,7 @@ EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
 LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY);
 
 EC_KEY *
-EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey)
 {
         EC_KEY *key;
 
@@ -740,7 +740,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY);
 
 #ifndef OPENSSL_NO_DH
 DH *
-EVP_PKEY_get0_DH(EVP_PKEY *pkey)
+EVP_PKEY_get0_DH(const EVP_PKEY *pkey)
 {
         if (pkey->type != EVP_PKEY_DH) {
                 EVPerror(EVP_R_EXPECTING_A_DH_KEY);
@@ -751,7 +751,7 @@ EVP_PKEY_get0_DH(EVP_PKEY *pkey)
 LCRYPTO_ALIAS(EVP_PKEY_get0_DH);
 
 DH *
-EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+EVP_PKEY_get1_DH(const EVP_PKEY *pkey)
 {
         DH *dh;
 
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index 7f472ea716..775cf78d62 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_sign.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: p_sign.c,v 1.23 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,7 +58,6 @@
 
 #include <stdio.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 02132e2c38..cd7482df55 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_verify.c,v 1.21 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: p_verify.c,v 1.22 2025/05/10 05:54:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,7 +58,6 @@
 
 #include <stdio.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
index 308c434f0d..ad6c04dabb 100644
--- a/src/lib/libcrypto/evp/pmeth_fn.c
+++ b/src/lib/libcrypto/evp/pmeth_fn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_fn.c,v 1.11 2024/04/12 09:41:39 tb Exp $ */
+/* $OpenBSD: pmeth_fn.c,v 1.12 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -59,10 +59,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 #define M_check_autoarg(ctx, arg, arglen, err) \
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index bc1c5bd7d2..fa5b446124 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.21 2024/08/31 09:14:21 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.22 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -60,12 +60,12 @@
 #include <stdlib.h>
 
 #include <openssl/bn.h>
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
 #include "asn1_local.h"
 #include "bn_local.h"
+#include "err_local.h"
 #include "evp_local.h"
 
 int
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index fbf4057c38..ce6beecad6 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.42 2025/01/20 12:57:28 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.43 2025/05/10 05:54:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -63,12 +63,12 @@
 
 #include <openssl/opensslconf.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 
 #include "asn1_local.h"
+#include "err_local.h"
 #include "evp_local.h"
 
 extern const EVP_PKEY_METHOD cmac_pkey_meth;