From 51f804b282da1b0813454f9f6027d3726deea4c7 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 15 Jun 2025 15:11:50 +0000
Subject: Integrate AES-NI into the AES code.

Currently, the AES-NI code is only integrated into EVP - add code to
integrate AES-NI into AES. Rename the assembly provided functions and
provide C versions for the original names, which check for AES-NI support
and dispatch to the appropriate function. This means that the AES_* public
API will now use AES-NI, if available.

ok tb@
---
 src/lib/libcrypto/aes/aes_amd64.c         | 102 ++++++++++++++++++++++++++++++
 src/lib/libcrypto/aes/aes_i386.c          | 102 ++++++++++++++++++++++++++++++
 src/lib/libcrypto/aes/asm/aes-586.pl      |  30 ++++-----
 src/lib/libcrypto/aes/asm/aes-x86_64.pl   |  90 +++++++++++++-------------
 src/lib/libcrypto/arch/amd64/Makefile.inc |   4 +-
 src/lib/libcrypto/arch/i386/Makefile.inc  |   4 +-
 6 files changed, 270 insertions(+), 62 deletions(-)
 create mode 100644 src/lib/libcrypto/aes/aes_amd64.c
 create mode 100644 src/lib/libcrypto/aes/aes_i386.c

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c
new file mode 100644
index 0000000000..302d1ac91d
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_amd64.c
@@ -0,0 +1,102 @@
+/* $OpenBSD: aes_amd64.c,v 1.1 2025/06/15 15:11:50 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/aes.h>
+
+#include "crypto_arch.h"
+
+int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits,
+    AES_KEY *key);
+int aes_set_decrypt_key_generic(const unsigned char *userKey, const int bits,
+    AES_KEY *key);
+
+void aes_encrypt_generic(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+void aes_decrypt_generic(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+
+void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc);
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+    AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+    AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc);
+
+int
+aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0)
+		return aesni_set_encrypt_key(userKey, bits, key);
+
+	return aes_set_encrypt_key_generic(userKey, bits, key);
+}
+
+int
+aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0)
+		return aesni_set_decrypt_key(userKey, bits, key);
+
+	return aes_set_decrypt_key_generic(userKey, bits, key);
+}
+
+void
+aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
+		aesni_encrypt(in, out, key);
+		return;
+	}
+
+	aes_encrypt_generic(in, out, key);
+}
+
+void
+aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
+		aesni_decrypt(in, out, key);
+		return;
+	}
+
+	aes_decrypt_generic(in, out, key);
+}
+
+void
+aes_cbc_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc)
+{
+	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
+		aesni_cbc_encrypt(in, out, len, key, ivec, enc);
+		return;
+	}
+
+	aes_cbc_encrypt_generic(in, out, len, key, ivec, enc);
+}
diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c
new file mode 100644
index 0000000000..0b5c89af70
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_i386.c
@@ -0,0 +1,102 @@
+/* $OpenBSD: aes_i386.c,v 1.1 2025/06/15 15:11:50 jsing Exp $ */
+/*
+ * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/aes.h>
+
+#include "crypto_arch.h"
+
+int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits,
+    AES_KEY *key);
+int aes_set_decrypt_key_generic(const unsigned char *userKey, const int bits,
+    AES_KEY *key);
+
+void aes_encrypt_generic(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+void aes_decrypt_generic(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+
+void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc);
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+    AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+    AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc);
+
+int
+aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0)
+		return aesni_set_encrypt_key(userKey, bits, key);
+
+	return aes_set_encrypt_key_generic(userKey, bits, key);
+}
+
+int
+aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0)
+		return aesni_set_decrypt_key(userKey, bits, key);
+
+	return aes_set_decrypt_key_generic(userKey, bits, key);
+}
+
+void
+aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
+		aesni_encrypt(in, out, key);
+		return;
+	}
+
+	aes_encrypt_generic(in, out, key);
+}
+
+void
+aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
+		aesni_decrypt(in, out, key);
+		return;
+	}
+
+	aes_decrypt_generic(in, out, key);
+}
+
+void
+aes_cbc_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, unsigned char *ivec, const int enc)
+{
+	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
+		aesni_cbc_encrypt(in, out, len, key, ivec, enc);
+		return;
+	}
+
+	aes_cbc_encrypt_generic(in, out, len, key, ivec, enc);
+}
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
index 364099d4d3..402a1a3c46 100644
--- a/src/lib/libcrypto/aes/asm/aes-586.pl
+++ b/src/lib/libcrypto/aes/asm/aes-586.pl
@@ -1158,8 +1158,8 @@ sub enclast()
 	&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
 	&previous();
 
-# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
-&function_begin("aes_encrypt_internal");
+# void aes_encrypt_generic(const void *inp, void *out, const AES_KEY *key);
+&function_begin("aes_encrypt_generic");
 	&mov	($acc,&wparam(0));		# load inp
 	&mov	($key,&wparam(2));		# load key
 
@@ -1213,7 +1213,7 @@ sub enclast()
 	&mov	(&DWP(4,$acc),$s1);
 	&mov	(&DWP(8,$acc),$s2);
 	&mov	(&DWP(12,$acc),$s3);
-&function_end("aes_encrypt_internal");
+&function_end("aes_encrypt_generic");
 
 #--------------------------------------------------------------------#
 
@@ -1947,8 +1947,8 @@ sub declast()
 	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
 	&previous();
 
-# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
-&function_begin("aes_decrypt_internal");
+# void aes_decrypt_generic(const void *inp, void *out, const AES_KEY *key);
+&function_begin("aes_decrypt_generic");
 	&mov	($acc,&wparam(0));		# load inp
 	&mov	($key,&wparam(2));		# load key
 
@@ -2002,9 +2002,9 @@ sub declast()
 	&mov	(&DWP(4,$acc),$s1);
 	&mov	(&DWP(8,$acc),$s2);
 	&mov	(&DWP(12,$acc),$s3);
-&function_end("aes_decrypt_internal");
+&function_end("aes_decrypt_generic");
 
-# void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out,
+# void aes_cbc_encrypt_generic(const void char *inp, unsigned char *out,
 #     size_t length, const AES_KEY *key, unsigned char *ivp,const int enc);
 {
 # stack frame layout
@@ -2028,7 +2028,7 @@ my $ivec=&DWP(60,"esp");	# ivec[16]
 my $aes_key=&DWP(76,"esp");	# copy of aes_key
 my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 
-&function_begin("aes_cbc_encrypt_internal");
+&function_begin("aes_cbc_encrypt_generic");
 	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
 	&cmp	($s2,0);
 	&je	(&label("drop_out"));
@@ -2616,7 +2616,7 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 
 	&mov	("esp",$_esp);
 	&popf	();
-&function_end("aes_cbc_encrypt_internal");
+&function_end("aes_cbc_encrypt_generic");
 }
 
 #------------------------------------------------------------------#
@@ -2849,12 +2849,12 @@ sub enckey()
     &set_label("exit");
 &function_end("_x86_AES_set_encrypt_key");
 
-# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+# int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits,
 #      AES_KEY *key)
-&function_begin_B("aes_set_encrypt_key_internal");
+&function_begin_B("aes_set_encrypt_key_generic");
 	&call	("_x86_AES_set_encrypt_key");
 	&ret	();
-&function_end_B("aes_set_encrypt_key_internal");
+&function_end_B("aes_set_encrypt_key_generic");
 
 sub deckey()
 { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
@@ -2911,9 +2911,9 @@ sub deckey()
 	&mov	(&DWP(4*$i,$key),$tp1);
 }
 
-# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+# int aes_set_decrypt_key_generic(const unsigned char *userKey, const int bits,
 #     AES_KEY *key)
-&function_begin_B("aes_set_decrypt_key_internal");
+&function_begin_B("aes_set_decrypt_key_generic");
 	&call	("_x86_AES_set_encrypt_key");
 	&cmp	("eax",0);
 	&je	(&label("proceed"));
@@ -2969,6 +2969,6 @@ sub deckey()
 	&jb	(&label("permute"));
 
 	&xor	("eax","eax");			# return success
-&function_end("aes_set_decrypt_key_internal");
+&function_end("aes_set_decrypt_key_generic");
 
 &asm_finish();
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 324c4a2be2..2c73627546 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -586,15 +586,15 @@ $code.=<<___;
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 ___
 
-# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
+# void aes_encrypt_generic(const void *inp, void *out, const AES_KEY *key);
 $code.=<<___;
-.globl	aes_encrypt_internal
-.type	aes_encrypt_internal,\@function,3
+.globl	aes_encrypt_generic
+.type	aes_encrypt_generic,\@function,3
 .align	16
 .globl	asm_AES_encrypt
 .hidden	asm_AES_encrypt
 asm_AES_encrypt:
-aes_encrypt_internal:
+aes_encrypt_generic:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -655,7 +655,7 @@ aes_encrypt_internal:
 	lea	48(%rsi),%rsp
 .Lenc_epilogue:
 	ret
-.size	aes_encrypt_internal,.-aes_encrypt_internal
+.size	aes_encrypt_generic,.-aes_encrypt_generic
 ___
 
 #------------------------------------------------------------------#
@@ -1188,15 +1188,15 @@ $code.=<<___;
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 ___
 
-# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
+# void aes_decrypt_generic(const void *inp, void *out, const AES_KEY *key);
 $code.=<<___;
-.globl	aes_decrypt_internal
-.type	aes_decrypt_internal,\@function,3
+.globl	aes_decrypt_generic
+.type	aes_decrypt_generic,\@function,3
 .align	16
 .globl	asm_AES_decrypt
 .hidden	asm_AES_decrypt
 asm_AES_decrypt:
-aes_decrypt_internal:
+aes_decrypt_generic:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -1259,7 +1259,7 @@ aes_decrypt_internal:
 	lea	48(%rsi),%rsp
 .Ldec_epilogue:
 	ret
-.size	aes_decrypt_internal,.-aes_decrypt_internal
+.size	aes_decrypt_generic,.-aes_decrypt_generic
 ___
 #------------------------------------------------------------------#
 
@@ -1290,13 +1290,13 @@ $code.=<<___;
 ___
 }
 
-# int aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+# int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits,
 #     AES_KEY *key)
 $code.=<<___;
-.globl	aes_set_encrypt_key_internal
-.type	aes_set_encrypt_key_internal,\@function,3
+.globl	aes_set_encrypt_key_generic
+.type	aes_set_encrypt_key_generic,\@function,3
 .align	16
-aes_set_encrypt_key_internal:
+aes_set_encrypt_key_generic:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -1318,7 +1318,7 @@ aes_set_encrypt_key_internal:
 	add	\$56,%rsp
 .Lenc_key_epilogue:
 	ret
-.size	aes_set_encrypt_key_internal,.-aes_set_encrypt_key_internal
+.size	aes_set_encrypt_key_generic,.-aes_set_encrypt_key_generic
 
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align	16
@@ -1562,13 +1562,13 @@ $code.=<<___;
 ___
 }
 
-# int aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+# int aes_set_decrypt_key_generic(const unsigned char *userKey, const int bits,
 #     AES_KEY *key)
 $code.=<<___;
-.globl	aes_set_decrypt_key_internal
-.type	aes_set_decrypt_key_internal,\@function,3
+.globl	aes_set_decrypt_key_generic
+.type	aes_set_decrypt_key_generic,\@function,3
 .align	16
-aes_set_decrypt_key_internal:
+aes_set_decrypt_key_generic:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -1638,10 +1638,10 @@ $code.=<<___;
 	add	\$56,%rsp
 .Ldec_key_epilogue:
 	ret
-.size	aes_set_decrypt_key_internal,.-aes_set_decrypt_key_internal
+.size	aes_set_decrypt_key_generic,.-aes_set_decrypt_key_generic
 ___
 
-# void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out,
+# void aes_cbc_encrypt_generic(const void char *inp, unsigned char *out,
 #     size_t length, const AES_KEY *key, unsigned char *ivp,const int enc);
 {
 # stack frame layout
@@ -1659,15 +1659,15 @@ my $aes_key="80(%rsp)";		# copy of aes_key
 my $mark="80+240(%rsp)";	# copy of aes_key->rounds
 
 $code.=<<___;
-.globl	aes_cbc_encrypt_internal
-.type	aes_cbc_encrypt_internal,\@function,6
+.globl	aes_cbc_encrypt_generic
+.type	aes_cbc_encrypt_generic,\@function,6
 .align	16
 .extern	OPENSSL_ia32cap_P
 .hidden	OPENSSL_ia32cap_P
 .globl	asm_AES_cbc_encrypt
 .hidden	asm_AES_cbc_encrypt
 asm_AES_cbc_encrypt:
-aes_cbc_encrypt_internal:
+aes_cbc_encrypt_generic:
 	_CET_ENDBR
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
@@ -2117,7 +2117,7 @@ aes_cbc_encrypt_internal:
 	popfq
 .Lcbc_epilogue:
 	ret
-.size	aes_cbc_encrypt_internal,.-aes_cbc_encrypt_internal
+.size	aes_cbc_encrypt_generic,.-aes_cbc_encrypt_generic
 ___
 }
 
@@ -2782,45 +2782,45 @@ cbc_se_handler:
 
 .section	.pdata
 .align	4
-	.rva	.LSEH_begin_aes_encrypt_internal
-	.rva	.LSEH_end_aes_encrypt_internal
-	.rva	.LSEH_info_aes_encrypt_internal
+	.rva	.LSEH_begin_aes_encrypt_generic
+	.rva	.LSEH_end_aes_encrypt_generic
+	.rva	.LSEH_info_aes_encrypt_generic
 
-	.rva	.LSEH_begin_aes_decrypt_internal
-	.rva	.LSEH_end_aes_decrypt_internal
-	.rva	.LSEH_info_aes_decrypt_internal
+	.rva	.LSEH_begin_aes_decrypt_generic
+	.rva	.LSEH_end_aes_decrypt_generic
+	.rva	.LSEH_info_aes_decrypt_generic
 
-	.rva	.LSEH_begin_aes_set_encrypt_key_internal
-	.rva	.LSEH_end_aes_set_encrypt_key_internal
-	.rva	.LSEH_info_aes_set_encrypt_key_internal
+	.rva	.LSEH_begin_aes_set_encrypt_key_generic
+	.rva	.LSEH_end_aes_set_encrypt_key_generic
+	.rva	.LSEH_info_aes_set_encrypt_key_generic
 
-	.rva	.LSEH_begin_aes_set_decrypt_key_internal
-	.rva	.LSEH_end_aes_set_decrypt_key_internal
-	.rva	.LSEH_info_aes_set_decrypt_key_internal
+	.rva	.LSEH_begin_aes_set_decrypt_key_generic
+	.rva	.LSEH_end_aes_set_decrypt_key_generic
+	.rva	.LSEH_info_aes_set_decrypt_key_generic
 
-	.rva	.LSEH_begin_aes_cbc_encrypt_internal
-	.rva	.LSEH_end_aes_cbc_encrypt_internal
-	.rva	.LSEH_info_aes_cbc_encrypt_internal
+	.rva	.LSEH_begin_aes_cbc_encrypt_generic
+	.rva	.LSEH_end_aes_cbc_encrypt_generic
+	.rva	.LSEH_info_aes_cbc_encrypt_generic
 
 .section	.xdata
 .align	8
-.LSEH_info_aes_encrypt_internal:
+.LSEH_info_aes_encrypt_generic:
 	.byte	9,0,0,0
 	.rva	block_se_handler
 	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
-.LSEH_info_aes_decrypt_internal:
+.LSEH_info_aes_decrypt_generic:
 	.byte	9,0,0,0
 	.rva	block_se_handler
 	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
-.LSEH_info_aes_set_encrypt_key_internal:
+.LSEH_info_aes_set_encrypt_key_generic:
 	.byte	9,0,0,0
 	.rva	key_se_handler
 	.rva	.Lenc_key_prologue,.Lenc_key_epilogue	# HandlerData[]
-.LSEH_info_aes_set_decrypt_key_internal:
+.LSEH_info_aes_set_decrypt_key_generic:
 	.byte	9,0,0,0
 	.rva	key_se_handler
 	.rva	.Ldec_key_prologue,.Ldec_key_epilogue	# HandlerData[]
-.LSEH_info_aes_cbc_encrypt_internal:
+.LSEH_info_aes_cbc_encrypt_generic:
 	.byte	9,0,0,0
 	.rva	cbc_se_handler
 ___
diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc
index b923653532..5ecf8f1390 100644
--- a/src/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.39 2025/06/09 13:51:48 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.40 2025/06/15 15:11:50 jsing Exp $
 
 # amd64-specific libcrypto build rules
 
@@ -11,6 +11,8 @@ SRCS += crypto_cpu_caps.c
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-x86_64
 SSLASM+= aes aesni-x86_64
+SRCS += aes_amd64.c
+
 # bn
 CFLAGS+= -DRSA_ASM
 SSLASM+= bn modexp512-x86_64
diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc
index e593c31467..8747d389ac 100644
--- a/src/lib/libcrypto/arch/i386/Makefile.inc
+++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.29 2025/06/09 14:28:33 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.30 2025/06/15 15:11:50 jsing Exp $
 
 # i386-specific libcrypto build rules
 
@@ -11,6 +11,8 @@ SRCS += crypto_cpu_caps.c
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-586
 SSLASM+= aes aesni-x86
+SRCS += aes_i386.c
+
 # bn
 SSLASM+= bn bn-586
 SSLASM+= bn co-586
-- 
cgit v1.2.3-55-g6feb