8 files changed, 48 insertions, 193 deletions
diff --git a/src/lib/libcrypto/modes/cbc128.c b/src/lib/libcrypto/modes/cbc128.c
index f8ebf79a87..1b6858ee25 100644
--- a/src/lib/libcrypto/modes/cbc128.c
+++ b/src/lib/libcrypto/modes/cbc128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cbc128.c,v 1.8 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: cbc128.c,v 1.11 2025/04/23 10:09:08 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
@@ -49,15 +49,11 @@
 *
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 #undef STRICT_ALIGNMENT
 #ifdef __STRICT_ALIGNMENT
@@ -74,7 +70,6 @@ CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
        size_t n;
        const unsigned char *iv = ivec;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (STRICT_ALIGNMENT &&
            ((size_t)in|(size_t)out|(size_t)ivec) % sizeof(size_t) != 0) {
                while (len >= 16) {
@@ -98,7 +93,6 @@ CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
                        out += 16;
                }
        }
-#endif
        while (len) {
                for (n = 0; n < 16 && n < len; ++n)
                        out[n] = in[n] ^ iv[n];
@@ -127,7 +121,6 @@ CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                unsigned char c[16];
        } tmp;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (in != out) {
                const unsigned char *iv = ivec;
@@ -192,7 +185,6 @@ CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                        }
                }
        }
-#endif
        while (len) {
                unsigned char c;
                (*block)(in, tmp.c, key);
diff --git a/src/lib/libcrypto/modes/ccm128.c b/src/lib/libcrypto/modes/ccm128.c
index 68c5cce5da..0f592dd9e5 100644
--- a/src/lib/libcrypto/modes/ccm128.c
+++ b/src/lib/libcrypto/modes/ccm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ccm128.c,v 1.8 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: ccm128.c,v 1.10 2025/04/21 16:01:18 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
@@ -48,15 +48,11 @@
 * ====================================================================
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 /* First you setup M and L parameters and pass the key schedule.
 * This is called once per session setup... */
diff --git a/src/lib/libcrypto/modes/cfb128.c b/src/lib/libcrypto/modes/cfb128.c
index 931353a620..9a63a46724 100644
--- a/src/lib/libcrypto/modes/cfb128.c
+++ b/src/lib/libcrypto/modes/cfb128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cfb128.c,v 1.7 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: cfb128.c,v 1.10 2025/04/23 10:09:08 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
@@ -49,15 +49,11 @@
 *
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 /* The input and output encrypted as though 128bit cfb mode is being
 * used.  The extra state information to record how much of the
@@ -75,7 +71,6 @@ CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
        n = *num;
        if (enc) {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
                if (16 % sizeof(size_t) == 0)
                        do {    /* always true actually */
                                while (n && len) {
@@ -111,7 +106,6 @@ CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                                return;
                        } while (0);
        /* the rest would be commonly eliminated by x86* compiler */
-#endif
                while (l < len) {
                        if (n == 0) {
                                (*block)(ivec, ivec, key);
@@ -122,7 +116,6 @@ CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                }
                *num = n;
        } else {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
                if (16 % sizeof(size_t) == 0)
                        do {    /* always true actually */
                                while (n && len) {
@@ -163,7 +156,6 @@ CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                                return;
                        } while (0);
        /* the rest would be commonly eliminated by x86* compiler */
-#endif
                while (l < len) {
                        unsigned char c;
                        if (n == 0) {
diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c
index 6d507dfc3a..30563ed6e3 100644
--- a/src/lib/libcrypto/modes/ctr128.c
+++ b/src/lib/libcrypto/modes/ctr128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ctr128.c,v 1.11 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: ctr128.c,v 1.17 2025/04/23 10:09:08 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
@@ -49,16 +49,12 @@
 *
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "crypto_internal.h"
-# endif
+#include "modes_local.h"
-#endif
-#include <assert.h>
 /* NOTE: the IV/counter CTR mode is big-endian.  The code itself
 * is endian-neutral. */
@@ -80,7 +76,6 @@ ctr128_inc(unsigned char *counter)
        } while (n);
 }
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void
 ctr128_inc_aligned(unsigned char *counter)
 {
@@ -100,7 +95,6 @@ ctr128_inc_aligned(unsigned char *counter)
        } while (n);
 #endif
 }
-#endif
 /* The input encrypted as though 128bit counter mode is being
 * used.  The extra state information to record how much of the
@@ -121,14 +115,11 @@ CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
    unsigned char ivec[16], unsigned char ecount_buf[16],
    unsigned int *num, block128_f block)
 {
-        unsigned int n;
+        unsigned int n = *num;
        size_t l = 0;
-        assert(*num < 16);
+        OPENSSL_assert(n < 16);
-        n = *num;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do { /* always true actually */
                        while (n && len) {
@@ -166,7 +157,6 @@ CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                        return;
                } while (0);
        /* the rest would be commonly eliminated by x86* compiler */
-#endif
        while (l < len) {
                if (n == 0) {
                        (*block)(ivec, ecount_buf, key);
@@ -204,11 +194,10 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
    unsigned char ivec[16], unsigned char ecount_buf[16],
    unsigned int *num, ctr128_f func)
 {
-        unsigned int n, ctr32;
+        unsigned int n = *num;
+        unsigned int ctr32;
-        assert(*num < 16);
+        OPENSSL_assert(n < 16);
-        n = *num;
        while (n && len) {
                *(out++) = *(in++) ^ ecount_buf[n];
@@ -216,7 +205,8 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                n = (n + 1) % 16;
        }
-        ctr32 = GETU32(ivec + 12);
+        ctr32 = crypto_load_be32toh(&ivec[12]);
        while (len >= 16) {
                size_t blocks = len/16;
                /*
@@ -240,7 +230,7 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                }
                (*func)(in, out, blocks, key, ivec);
                /* (*ctr) does not update ivec, caller does: */
-                PUTU32(ivec + 12, ctr32);
+                crypto_store_htobe32(&ivec[12], ctr32);
                /* ... overflow was detected, propagate carry. */
                if (ctr32 == 0)
                        ctr96_inc(ivec);
@@ -253,7 +243,7 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                memset(ecount_buf, 0, 16);
                (*func)(ecount_buf, ecount_buf, 1, key, ivec);
                ++ctr32;
-                PUTU32(ivec + 12, ctr32);
+                crypto_store_htobe32(&ivec[12], ctr32);
                if (ctr32 == 0)
                        ctr96_inc(ivec);
                while (len--) {
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index 6c89bd44b7..21ba9eef57 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.27 2024/09/06 09:57:32 tb Exp $ */
+/* $OpenBSD: gcm128.c,v 1.35 2025/04/25 12:08:53 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -48,8 +48,6 @@
 * ====================================================================
 */
-#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/crypto.h>
@@ -57,18 +55,6 @@
 #include "crypto_internal.h"
 #include "modes_local.h"
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#if defined(BSWAP4) && defined(__STRICT_ALIGNMENT)
-/* redefine, because alignment is ensured */
-#undef  GETU32
-#define GETU32(p)       BSWAP4(*(const u32 *)(p))
-#endif
 #define PACK(s)         ((size_t)(s)<<(sizeof(size_t)*8-16))
 #define REDUCE1BIT(V)                                                   \
        do {                                                            \
@@ -246,16 +232,13 @@ static void
 gcm_init_4bit(u128 Htable[16], u64 H[2])
 {
        u128 V;
-#if defined(OPENSSL_SMALL_FOOTPRINT)
        int  i;
-#endif
        Htable[0].hi = 0;
        Htable[0].lo = 0;
        V.hi = H[0];
        V.lo = H[1];
-#if defined(OPENSSL_SMALL_FOOTPRINT)
        for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
                REDUCE1BIT(V);
                Htable[i] = V;
@@ -269,34 +252,7 @@ gcm_init_4bit(u128 Htable[16], u64 H[2])
                        Hi[j].lo = V.lo ^ Htable[j].lo;
                }
        }
-#else
-        Htable[8] = V;
-        REDUCE1BIT(V);
-        Htable[4] = V;
-        REDUCE1BIT(V);
-        Htable[2] = V;
-        REDUCE1BIT(V);
-        Htable[1] = V;
-        Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
-        V = Htable[4];
-        Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
-        Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
-        Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
-        V = Htable[8];
-        Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
-        Htable[10].hi = V.hi ^ Htable[2].hi,
-            Htable[10].lo = V.lo ^ Htable[2].lo;
-        Htable[11].hi = V.hi ^ Htable[3].hi,
-            Htable[11].lo = V.lo ^ Htable[3].lo;
-        Htable[12].hi = V.hi ^ Htable[4].hi,
-            Htable[12].lo = V.lo ^ Htable[4].lo;
-        Htable[13].hi = V.hi ^ Htable[5].hi,
-            Htable[13].lo = V.lo ^ Htable[5].lo;
-        Htable[14].hi = V.hi ^ Htable[6].hi,
-            Htable[14].lo = V.lo ^ Htable[6].lo;
-        Htable[15].hi = V.hi ^ Htable[7].hi,
-            Htable[15].lo = V.lo ^ Htable[7].lo;
-#endif
 #if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
        /*
         * ARM assembler expects specific dword order in Htable.
@@ -376,7 +332,6 @@ gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
        Xi[1] = htobe64(Z.lo);
 }
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
 /*
 * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
 * details... Compiler-generated code doesn't seem to give any
@@ -532,7 +487,6 @@ gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
                Xi[1] = htobe64(Z.lo);
        } while (inp += 16, len -= 16);
 }
-#endif
 #else
 void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
 void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
@@ -540,48 +494,32 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
 #endif
 #define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
-#if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
 #define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
 /* GHASH_CHUNK is "stride parameter" missioned to mitigate cache
 * trashing effect. In other words idea is to hash data while it's
 * still in L1 cache after encryption pass... */
 #define GHASH_CHUNK       (3*1024)
-#endif
 #else   /* TABLE_BITS */
 static void
 gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
 {
-        u128 V, Z = { 0,0 };
+        u128 V, Z = { 0, 0 };
-        long X;
+        u64 X;
        int i, j;
-        const long *xi = (const long *)Xi;
        V.hi = H[0];    /* H is in host byte order, no byte swapping */
        V.lo = H[1];
-        for (j = 0; j < 16/sizeof(long); ++j) {
+        for (j = 0; j < 2; j++) {
-#if BYTE_ORDER == LITTLE_ENDIAN
+                X = be64toh(Xi[j]);
-#if SIZE_MAX == 0xffffffffffffffff
-#ifdef BSWAP8
-                X = (long)(BSWAP8(xi[j]));
-#else
-                const u8 *p = (const u8 *)(xi + j);
-                X = (long)((u64)GETU32(p) << 32|GETU32(p + 4));
-#endif
-#else
-                const u8 *p = (const u8 *)(xi + j);
-                X = (long)GETU32(p);
-#endif
-#else /* BIG_ENDIAN */
-                X = xi[j];
-#endif
-                for (i = 0; i < 8*sizeof(long); ++i, X <<= 1) {
+                for (i = 0; i < 64; i++) {
-                        u64 M = (u64)(X >> (8*sizeof(long) - 1));
+                        u64 M = 0 - (X >> 63);
                        Z.hi ^= V.hi & M;
                        Z.lo ^= V.lo & M;
+                        X <<= 1;
                        REDUCE1BIT(V);
                }
@@ -850,7 +788,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
        ctr = be32toh(ctx->Yi.d[3]);
        n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do {    /* always true actually */
                        if (n) {
@@ -946,7 +883,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                        ctx->mres = n;
                        return 0;
                } while (0);
-#endif
        for (i = 0; i < len; ++i) {
                if (n == 0) {
                        (*block)(ctx->Yi.c, ctx->EKi.c, key);
@@ -996,7 +932,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
        ctr = be32toh(ctx->Yi.d[3]);
        n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do {    /* always true actually */
                        if (n) {
@@ -1068,8 +1003,8 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                                ctx->Yi.d[3] = htobe32(ctr);
                                for (i = 0; i < 16/sizeof(size_t); ++i) {
-                                        size_t c = in[i];
+                                        size_t c = in_t[i];
-                                        out[i] = c ^ ctx->EKi.t[i];
+                                        out_t[i] = c ^ ctx->EKi.t[i];
                                        ctx->Xi.t[i] ^= c;
                                }
                                GCM_MUL(ctx, Xi);
@@ -1094,7 +1029,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                        ctx->mres = n;
                        return 0;
                } while (0);
-#endif
        for (i = 0; i < len; ++i) {
                u8 c;
                if (n == 0) {
@@ -1159,7 +1093,7 @@ CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                        return 0;
                }
        }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+#if defined(GHASH) && defined(GHASH_CHUNK)
        while (len >= GHASH_CHUNK) {
                (*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
                ctr += GHASH_CHUNK/16;
@@ -1251,7 +1185,7 @@ CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                        return 0;
                }
        }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+#if defined(GHASH) && defined(GHASH_CHUNK)
        while (len >= GHASH_CHUNK) {
                GHASH(ctx, in, GHASH_CHUNK);
                (*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
diff --git a/src/lib/libcrypto/modes/modes_local.h b/src/lib/libcrypto/modes/modes_local.h
index 511855f2e0..c04db034d0 100644
--- a/src/lib/libcrypto/modes/modes_local.h
+++ b/src/lib/libcrypto/modes/modes_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: modes_local.h,v 1.2 2023/07/08 14:55:36 beck Exp $ */
+/* $OpenBSD: modes_local.h,v 1.4 2025/04/23 14:15:19 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -27,44 +27,6 @@ typedef unsigned long long u64;
 typedef unsigned int u32;
 typedef unsigned char u8;
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#if defined(__GNUC__) && __GNUC__>=2
-# if defined(__x86_64) || defined(__x86_64__)
-#  define BSWAP8(x) ({  u64 ret=(x);                                    \
-                        asm ("bswapq %0"                                \
-                        : "+r"(ret));   ret;            })
-#  define BSWAP4(x) ({  u32 ret=(x);                                    \
-                        asm ("bswapl %0"                                \
-                        : "+r"(ret));   ret;            })
-# elif (defined(__i386) || defined(__i386__))
-#  define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);                     \
-                        asm ("bswapl %0; bswapl %1"                     \
-                        : "+r"(hi),"+r"(lo));                           \
-                        (u64)hi<<32|lo;                 })
-#  define BSWAP4(x) ({  u32 ret=(x);                                    \
-                        asm ("bswapl %0"                                \
-                        : "+r"(ret));   ret;            })
-# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
-#  define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);                     \
-                        asm ("rev %0,%0; rev %1,%1"                     \
-                        : "+r"(hi),"+r"(lo));                           \
-                        (u64)hi<<32|lo;                 })
-#  define BSWAP4(x) ({  u32 ret;                                        \
-                        asm ("rev %0,%1"                                \
-                        : "=r"(ret) : "r"((u32)(x)));                   \
-                        ret;                            })
-# endif
-#endif
-#endif
-#if defined(BSWAP4) && !defined(__STRICT_ALIGNMENT)
-#define GETU32(p)       BSWAP4(*(const u32 *)(p))
-#define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
-#else
-#define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
-#define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
-#endif
 /* GCM definitions */
 typedef struct {
diff --git a/src/lib/libcrypto/modes/ofb128.c b/src/lib/libcrypto/modes/ofb128.c
index 42afd29d58..8440e7f583 100644
--- a/src/lib/libcrypto/modes/ofb128.c
+++ b/src/lib/libcrypto/modes/ofb128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ofb128.c,v 1.7 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: ofb128.c,v 1.10 2025/04/23 10:09:08 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
@@ -49,15 +49,11 @@
 *
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 /* The input and output encrypted as though 128bit ofb mode is being
 * used.  The extra state information to record how much of the
@@ -74,7 +70,6 @@ CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
        n = *num;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do { /* always true actually */
                        while (n && len) {
@@ -109,7 +104,6 @@ CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                        return;
                } while (0);
        /* the rest would be commonly eliminated by x86* compiler */
-#endif
        while (l < len) {
                if (n == 0) {
                        (*block)(ivec, ivec, key);
diff --git a/src/lib/libcrypto/modes/xts128.c b/src/lib/libcrypto/modes/xts128.c
index 7516acf850..789af9ef65 100644
--- a/src/lib/libcrypto/modes/xts128.c
+++ b/src/lib/libcrypto/modes/xts128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xts128.c,v 1.12 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: xts128.c,v 1.14 2025/04/21 16:01:18 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
@@ -48,17 +48,12 @@
 * ====================================================================
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <endian.h>
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 int
 CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],