Merge branch 'aes-cbc' into master

author: Niels Möller <nisse@lysator.liu.se> 2021-09-12 17:30:27 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2021-09-12 17:30:27 +0200
commit: dfc8ee82e1f1be274ee62937d350731d40cddcde (patch)
tree: 4178b530e8e24df7cba308ca518508b999d16ade
parent: d5b0b9cb4f70fb9ae86512d4fbc4ba8536d1f493 (diff)
parent: 686fd559d8e8a59730c33c2d9790806a51b81dc2 (diff)
download: nettle-dfc8ee82e1f1be274ee62937d350731d40cddcde.tar.gz
20 files changed, 882 insertions, 38 deletions
diff --git a/ChangeLog b/ChangeLog
index 2e2a57e3..8321d731 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,42 @@
+2021-09-12  Niels Möller  <nisse@lysator.liu.se>
+
+	* Merged CBC-AES changes into master branch.
+
+2021-09-09  Niels Möller  <nisse@lysator.liu.se>
+
+	Implementation of CBC-AES for x86_64 aesni. Roughly 40%-50%
+	speedup benchmarked on Ryzen 5.
+	* x86_64/aesni/cbc-aes128-encrypt.asm: New file.
+	* x86_64/aesni/cbc-aes192-encrypt.asm: New file.
+	* x86_64/aesni/cbc-aes256-encrypt.asm: New file.
+	* x86_64/fat/cbc-aes128-encrypt-2.asm: New file.
+	* x86_64/fat/cbc-aes192-encrypt-2.asm: New file.
+	* x86_64/fat/cbc-aes256-encrypt-2.asm: New file.
+	* configure.ac (asm_nettle_optional_list, asm_replace_list): Add
+	new asm files.
+	* fat-setup.h (cbc_aes128_encrypt_func, cbc_aes192_encrypt_func)
+	(cbc_aes256_encrypt_func): New typedefs.
+	* fat-x86_64.c (fat_init): Use new functions, when aesni is available
+
+2021-09-08  Niels Möller  <nisse@lysator.liu.se>
+
+	* cbc-aes128-encrypt.c (nettle_cbc_aes128_encrypt): New file and
+	function.
+	* cbc-aes192-encrypt.c (cbc_aes192_set_encrypt_key): New file.
+	* cbc-aes256-encrypt.c (cbc_aes256_set_encrypt_key): New file.
+	* cbc.h (cbc_aes128_ctx, struct cbc_aes192_ctx, cbc_aes256_ctx):
+	New context structs. Declare new functions.
+	* Makefile.in (nettle_SOURCES): Add new files.
+	* nettle-internal.c (nettle_cbc_aes128, nettle_cbc_aes192)
+	(nettle_cbc_aes256): New algorithm structs, for tests and
+	benchmarking.
+	* testsuite/testutils.c (test_aead): Skip tests of decryption and
+	authentication, if corresponding function pointers are NULL.
+	* testsuite/cbc-test.c (test_main): Add tests of new cbc
+	functions.
+	* examples/nettle-benchmark.c (time_aead): Skip decrypt benchmark,
+	if corresponding function pointer is NULL.
+
 2021-09-09  Niels Möller  <nisse@lysator.liu.se>
 
 	* x86_64/fat/cpuid.asm: Fix usage of W64_ENTRY and W64_EXIT, to
diff --git a/Makefile.in b/Makefile.in
index fe2de5a8..2edafd67 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -102,7 +102,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
 		 camellia256-set-encrypt-key.c camellia256-crypt.c \
 		 camellia256-set-decrypt-key.c \
 		 camellia256-meta.c \
-		 cast128.c cast128-meta.c cbc.c \
+		 cast128.c cast128-meta.c \
+		 cbc.c cbc-aes128-encrypt.c cbc-aes192-encrypt.c cbc-aes256-encrypt.c \
 		 ccm.c ccm-aes128.c ccm-aes192.c ccm-aes256.c cfb.c \
 		 siv-cmac.c siv-cmac-aes128.c siv-cmac-aes256.c \
 		 cnd-memcpy.c \
diff --git a/cbc-aes128-encrypt.c b/cbc-aes128-encrypt.c
new file mode 100644
index 00000000..358a3d70
--- /dev/null
+++ b/cbc-aes128-encrypt.c
@@ -0,0 +1,51 @@
+/* cbc-aes128-encrypt.c
+
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "cbc.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_cbc_aes128_encrypt
+void
+_nettle_cbc_aes128_encrypt_c(struct cbc_aes128_ctx *ctx,
+			     size_t length, uint8_t *dst,
+			     const uint8_t *src);
+# define nettle_cbc_aes128_encrypt _nettle_cbc_aes128_encrypt_c
+#endif
+
+void
+cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+{
+  CBC_ENCRYPT(ctx, aes128_encrypt, length, dst, src);
+}
diff --git a/cbc-aes192-encrypt.c b/cbc-aes192-encrypt.c
new file mode 100644
index 00000000..fa9d10b4
--- /dev/null
+++ b/cbc-aes192-encrypt.c
@@ -0,0 +1,51 @@
+/* cbc-aes192-encrypt.c
+
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "cbc.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_cbc_aes192_encrypt
+void
+_nettle_cbc_aes192_encrypt_c(struct cbc_aes192_ctx *ctx,
+			     size_t length, uint8_t *dst,
+			     const uint8_t *src);
+# define nettle_cbc_aes192_encrypt _nettle_cbc_aes192_encrypt_c
+#endif
+
+void
+cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+{
+  CBC_ENCRYPT(ctx, aes192_encrypt, length, dst, src);
+}
diff --git a/cbc-aes256-encrypt.c b/cbc-aes256-encrypt.c
new file mode 100644
index 00000000..72dd7d83
--- /dev/null
+++ b/cbc-aes256-encrypt.c
@@ -0,0 +1,51 @@
+/* cbc-aes256-encrypt.c
+
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "cbc.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_cbc_aes256_encrypt
+void
+_nettle_cbc_aes256_encrypt_c(struct cbc_aes256_ctx *ctx,
+			     size_t length, uint8_t *dst,
+			     const uint8_t *src);
+# define nettle_cbc_aes256_encrypt _nettle_cbc_aes256_encrypt_c
+#endif
+
+void
+cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+{
+  CBC_ENCRYPT(ctx, aes256_encrypt, length, dst, src);
+}
diff --git a/cbc.h b/cbc.h
index 93b2e739..5fa670f3 100644
--- a/cbc.h
+++ b/cbc.h
@@ -35,6 +35,7 @@
 #define NETTLE_CBC_H_INCLUDED
 
 #include "nettle-types.h"
+#include "aes.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -43,6 +44,9 @@ extern "C" {
 /* Name mangling */
 #define cbc_encrypt nettle_cbc_encrypt
 #define cbc_decrypt nettle_cbc_decrypt
+#define cbc_aes128_encrypt nettle_cbc_aes128_encrypt
+#define cbc_aes192_encrypt nettle_cbc_aes192_encrypt
+#define cbc_aes256_encrypt nettle_cbc_aes256_encrypt
 
 void
 cbc_encrypt(const void *ctx, nettle_cipher_func *f,
@@ -79,6 +83,18 @@ memcpy((ctx)->iv, (data), sizeof((ctx)->iv))
 		 sizeof((self)->iv), (self)->iv,	\
 		 (length), (dst), (src)))
 
+struct cbc_aes128_ctx CBC_CTX(struct aes128_ctx, AES_BLOCK_SIZE);
+void
+cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+
+struct cbc_aes192_ctx CBC_CTX(struct aes192_ctx, AES_BLOCK_SIZE);
+void
+cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+
+struct cbc_aes256_ctx CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE);
+void
+cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/configure.ac b/configure.ac
index ebec8759..54df43ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -563,6 +563,8 @@ asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
 		aes192-encrypt.asm aes192-decrypt.asm \
 		aes256-set-encrypt-key.asm aes256-set-decrypt-key.asm \
 		aes256-encrypt.asm aes256-decrypt.asm \
+		cbc-aes128-encrypt.asm cbc-aes192-encrypt.asm \
+		cbc-aes256-encrypt.asm \
 		arcfour-crypt.asm camellia-crypt-internal.asm \
 		md5-compress.asm memxor.asm memxor3.asm \
 		poly1305-internal.asm \
@@ -581,6 +583,7 @@ asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm cpu-facility.asm
   aes192-encrypt-2.asm aes192-decrypt-2.asm \
   aes256-set-encrypt-key-2.asm aes256-set-decrypt-key-2.asm \
   aes256-encrypt-2.asm aes256-decrypt-2.asm \
+  cbc-aes128-encrypt-2.asm cbc-aes192-encrypt-2.asm cbc-aes256-encrypt-2.asm \
   chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \
   salsa20-2core.asm salsa20-core-internal-2.asm \
   sha1-compress-2.asm sha256-compress-2.asm \
@@ -705,6 +708,9 @@ AH_VERBATIM([HAVE_NATIVE],
 #undef HAVE_NATIVE_aes256_invert_key
 #undef HAVE_NATIVE_aes256_set_decrypt_key
 #undef HAVE_NATIVE_aes256_set_encrypt_key
+#undef HAVE_NATIVE_cbc_aes128_encrypt
+#undef HAVE_NATIVE_cbc_aes192_encrypt
+#undef HAVE_NATIVE_cbc_aes256_encrypt
 #undef HAVE_NATIVE_chacha_core
 #undef HAVE_NATIVE_chacha_2core
 #undef HAVE_NATIVE_chacha_3core
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index 9ce3a733..50a5815a 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -769,21 +769,22 @@ time_aead(const struct nettle_aead *aead)
     display(aead->name, "encrypt", aead->block_size,
 	    time_function(bench_aead_crypt, &info));
   }
-  
-  {
-    struct bench_aead_info info;
-    info.ctx = ctx;
-    info.crypt = aead->decrypt;
-    info.data = data;
+
+  if (aead->decrypt)
+    {
+      struct bench_aead_info info;
+      info.ctx = ctx;
+      info.crypt = aead->decrypt;
+      info.data = data;
     
-    init_key(aead->key_size, key);
-    aead->set_decrypt_key(ctx, key);
-    if (aead->set_nonce)
-      aead->set_nonce (ctx, nonce);
+      init_key(aead->key_size, key);
+      aead->set_decrypt_key(ctx, key);
+      if (aead->set_nonce)
+	aead->set_nonce (ctx, nonce);
 
-    display(aead->name, "decrypt", aead->block_size,
-	    time_function(bench_aead_crypt, &info));
-  }
+      display(aead->name, "decrypt", aead->block_size,
+	      time_function(bench_aead_crypt, &info));
+    }
 
   if (aead->update)
     {
@@ -933,6 +934,8 @@ main(int argc, char **argv)
       /* Stream ciphers */
       &nettle_arcfour128,
       &nettle_salsa20, &nettle_salsa20r12, &nettle_chacha,
+      /* CBC encrypt */
+      &nettle_cbc_aes128, &nettle_cbc_aes192, &nettle_cbc_aes256,
       /* Proper AEAD algorithme. */
       &nettle_gcm_aes128,
       &nettle_gcm_aes192,
diff --git a/fat-setup.h b/fat-setup.h
index 78a6e396..9ef5c22d 100644
--- a/fat-setup.h
+++ b/fat-setup.h
@@ -213,3 +213,13 @@ typedef void aes256_set_key_func (struct aes256_ctx *ctx, const uint8_t *key);
 typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256_ctx *src);
 typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst,
 	       const uint8_t *src);
+
+struct cbc_aes128_ctx;
+typedef void cbc_aes128_encrypt_func (struct cbc_aes128_ctx *ctx,
+				      size_t length, uint8_t *dst, const uint8_t *src);
+struct cbc_aes192_ctx;
+typedef void cbc_aes192_encrypt_func (struct cbc_aes192_ctx *ctx,
+				      size_t length, uint8_t *dst, const uint8_t *src);
+struct cbc_aes256_ctx;
+typedef void cbc_aes256_encrypt_func (struct cbc_aes256_ctx *ctx,
+				      size_t length, uint8_t *dst, const uint8_t *src);
diff --git a/fat-x86_64.c b/fat-x86_64.c
index 80731eef..b5da39a1 100644
--- a/fat-x86_64.c
+++ b/fat-x86_64.c
@@ -130,6 +130,16 @@ DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, aesni)
 DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c)
 DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, aesni)
 
+DECLARE_FAT_FUNC(nettle_cbc_aes128_encrypt, cbc_aes128_encrypt_func);
+DECLARE_FAT_FUNC_VAR(cbc_aes128_encrypt, cbc_aes128_encrypt_func, c);
+DECLARE_FAT_FUNC_VAR(cbc_aes128_encrypt, cbc_aes128_encrypt_func, aesni);
+DECLARE_FAT_FUNC(nettle_cbc_aes192_encrypt, cbc_aes192_encrypt_func);
+DECLARE_FAT_FUNC_VAR(cbc_aes192_encrypt, cbc_aes192_encrypt_func, c);
+DECLARE_FAT_FUNC_VAR(cbc_aes192_encrypt, cbc_aes192_encrypt_func, aesni);
+DECLARE_FAT_FUNC(nettle_cbc_aes256_encrypt, cbc_aes256_encrypt_func);
+DECLARE_FAT_FUNC_VAR(cbc_aes256_encrypt, cbc_aes256_encrypt_func, c);
+DECLARE_FAT_FUNC_VAR(cbc_aes256_encrypt, cbc_aes256_encrypt_func, aesni);
+
 DECLARE_FAT_FUNC(nettle_memxor, memxor_func)
 DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64)
 DECLARE_FAT_FUNC_VAR(memxor, memxor_func, sse2)
@@ -177,6 +187,9 @@ fat_init (void)
       nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_aesni;
       nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_aesni;
       nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_aesni;
+      nettle_cbc_aes128_encrypt_vec = _nettle_cbc_aes128_encrypt_aesni;
+      nettle_cbc_aes192_encrypt_vec = _nettle_cbc_aes192_encrypt_aesni;
+      nettle_cbc_aes256_encrypt_vec = _nettle_cbc_aes256_encrypt_aesni;
     }
   else
     {
@@ -188,6 +201,9 @@ fat_init (void)
       nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c;
       nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c;
       nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c;
+      nettle_cbc_aes128_encrypt_vec = _nettle_cbc_aes128_encrypt_c;
+      nettle_cbc_aes192_encrypt_vec = _nettle_cbc_aes192_encrypt_c;
+      nettle_cbc_aes256_encrypt_vec = _nettle_cbc_aes256_encrypt_c;
     }
 
   if (features.have_sha_ni)
@@ -245,6 +261,19 @@ DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
   uint8_t *dst,const uint8_t *src),
  (ctx, length, dst, src))
 
+DEFINE_FAT_FUNC(nettle_cbc_aes128_encrypt, void,
+ (struct cbc_aes128_ctx *ctx,
+  size_t length, uint8_t *dst, const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_cbc_aes192_encrypt, void,
+ (struct cbc_aes192_ctx *ctx,
+  size_t length, uint8_t *dst, const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_cbc_aes256_encrypt, void,
+ (struct cbc_aes256_ctx *ctx,
+  size_t length, uint8_t *dst, const uint8_t *src),
+ (ctx, length, dst, src))
+
 DEFINE_FAT_FUNC(nettle_memxor, void *,
 		(void *dst, const void *src, size_t n),
 		(dst, src, n))
diff --git a/nettle-internal.c b/nettle-internal.c
index 2a809472..e2422a5b 100644
--- a/nettle-internal.c
+++ b/nettle-internal.c
@@ -38,12 +38,14 @@
 
 #include <assert.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "nettle-internal.h"
 #include "arcfour.h"
 #include "blowfish.h"
-#include "des.h"
+#include "cbc.h"
 #include "chacha.h"
+#include "des.h"
 #include "salsa20.h"
 
 /* Wrapper functions discarding the return value. Needed for the
@@ -149,3 +151,75 @@ nettle_salsa20r12 = {
   (nettle_crypt_func *) salsa20r12_crypt,
   NULL,
 };
+
+static void
+cbc_aes128_set_encrypt_key(struct cbc_aes128_ctx *ctx, const uint8_t *key)
+{
+  aes128_set_encrypt_key(&ctx->ctx, key);
+}
+static void
+cbc_aes128_set_iv(struct cbc_aes128_ctx *ctx, const uint8_t *iv)
+{
+  CBC_SET_IV(ctx, iv);
+}
+const struct nettle_aead
+nettle_cbc_aes128 = {
+  "cbc_aes128", sizeof(struct cbc_aes128_ctx),
+  AES_BLOCK_SIZE, AES128_KEY_SIZE,
+  AES_BLOCK_SIZE, 0,
+  (nettle_set_key_func*) cbc_aes128_set_encrypt_key,
+  NULL,
+  (nettle_set_key_func*) cbc_aes128_set_iv,
+  NULL,
+  (nettle_crypt_func *) cbc_aes128_encrypt,
+  NULL,
+  NULL,
+};
+
+static void
+cbc_aes192_set_encrypt_key(struct cbc_aes192_ctx *ctx, const uint8_t *key)
+{
+  aes192_set_encrypt_key(&ctx->ctx, key);
+}
+static void
+cbc_aes192_set_iv(struct cbc_aes192_ctx *ctx, const uint8_t *iv)
+{
+  CBC_SET_IV(ctx, iv);
+}
+const struct nettle_aead
+nettle_cbc_aes192 = {
+  "cbc_aes192", sizeof(struct cbc_aes192_ctx),
+  AES_BLOCK_SIZE, AES192_KEY_SIZE,
+  AES_BLOCK_SIZE, 0,
+  (nettle_set_key_func*) cbc_aes192_set_encrypt_key,
+  NULL,
+  (nettle_set_key_func*) cbc_aes192_set_iv,
+  NULL,
+  (nettle_crypt_func *) cbc_aes192_encrypt,
+  NULL,
+  NULL,
+};
+
+static void
+cbc_aes256_set_encrypt_key(struct cbc_aes256_ctx *ctx, const uint8_t *key)
+{
+  aes256_set_encrypt_key(&ctx->ctx, key);
+}
+static void
+cbc_aes256_set_iv(struct cbc_aes256_ctx *ctx, const uint8_t *iv)
+{
+  CBC_SET_IV(ctx, iv);
+}
+const struct nettle_aead
+nettle_cbc_aes256 = {
+  "cbc_aes256", sizeof(struct cbc_aes256_ctx),
+  AES_BLOCK_SIZE, AES256_KEY_SIZE,
+  AES_BLOCK_SIZE, 0,
+  (nettle_set_key_func*) cbc_aes256_set_encrypt_key,
+  NULL,
+  (nettle_set_key_func*) cbc_aes256_set_iv,
+  NULL,
+  (nettle_crypt_func *) cbc_aes256_encrypt,
+  NULL,
+  NULL,
+};
diff --git a/nettle-internal.h b/nettle-internal.h
index 9203a232..ddc483de 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -97,10 +97,18 @@ extern const struct nettle_aead nettle_arcfour128;
 extern const struct nettle_aead nettle_chacha;
 extern const struct nettle_aead nettle_salsa20;
 extern const struct nettle_aead nettle_salsa20r12;
+
+/* All-in-one CBC encrypt fucntinos treated as AEAD with no
+   authentication and no decrypt method. */
+extern const struct nettle_aead nettle_cbc_aes128;
+extern const struct nettle_aead nettle_cbc_aes192;
+extern const struct nettle_aead nettle_cbc_aes256;
+
 extern const struct nettle_aead nettle_openssl_gcm_aes128;
 extern const struct nettle_aead nettle_openssl_gcm_aes192;
 extern const struct nettle_aead nettle_openssl_gcm_aes256;
 
+
 /* Glue to openssl, for comparative benchmarking. Code in
  * examples/nettle-openssl.c. */
 extern void nettle_openssl_init(void);
diff --git a/testsuite/cbc-test.c b/testsuite/cbc-test.c
index 9394f1cb..d83b108b 100644
--- a/testsuite/cbc-test.c
+++ b/testsuite/cbc-test.c
@@ -2,6 +2,7 @@
 #include "aes.h"
 #include "cbc.h"
 #include "knuth-lfib.h"
+#include "nettle-internal.h"
 
 /* Test with more data and inplace decryption, to check that the
  * cbc_decrypt buffering works. */
@@ -114,6 +115,20 @@ test_main(void)
 		       "73bed6b8e3c1743b7116e69e22229516"
 		       "3ff1caa1681fac09120eca307586e1a7"),
 		  SHEX("000102030405060708090a0b0c0d0e0f"));
+
+  test_aead(&nettle_cbc_aes128, NULL,
+	    SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
+	    NULL,
+	    SHEX("6bc1bee22e409f96e93d7e117393172a"
+		 "ae2d8a571e03ac9c9eb76fac45af8e51"
+		 "30c81c46a35ce411e5fbc1191a0a52ef"
+		 "f69f2445df4f9b17ad2b417be66c3710"),
+	    SHEX("7649abac8119b246cee98e9b12e9197d"
+		 "5086cb9b507219ee95db113a917678b2"
+		 "73bed6b8e3c1743b7116e69e22229516"
+		 "3ff1caa1681fac09120eca307586e1a7"),
+	    SHEX("000102030405060708090a0b0c0d0e0f"),
+	    NULL);
   
   /* F.2.3 CBC-AES192.Encrypt */
   
@@ -137,6 +152,21 @@ test_main(void)
 		       "571b242012fb7ae07fa9baac3df102e0"
 		       "08b0e27988598881d920a9e64f5615cd"),
 		  SHEX("000102030405060708090a0b0c0d0e0f"));
+
+  test_aead(&nettle_cbc_aes192, NULL,
+	    SHEX("8e73b0f7da0e6452c810f32b809079e5"
+		 "62f8ead2522c6b7b"),
+	    NULL,
+	    SHEX("6bc1bee22e409f96e93d7e117393172a"
+		 "ae2d8a571e03ac9c9eb76fac45af8e51"
+		 "30c81c46a35ce411e5fbc1191a0a52ef"
+		 "f69f2445df4f9b17ad2b417be66c3710"),
+	    SHEX("4f021db243bc633d7178183a9fa071e8"
+		 "b4d9ada9ad7dedf4e5e738763f69145a"
+		 "571b242012fb7ae07fa9baac3df102e0"
+		 "08b0e27988598881d920a9e64f5615cd"),
+	    SHEX("000102030405060708090a0b0c0d0e0f"),
+	    NULL);
    
   /* F.2.5 CBC-AES256.Encrypt */
 
@@ -161,6 +191,21 @@ test_main(void)
 		       "b2eb05e2c39be9fcda6c19078c6a9d1b"),
 		  SHEX("000102030405060708090a0b0c0d0e0f"));
 
+  test_aead(&nettle_cbc_aes256, NULL,
+	    SHEX("603deb1015ca71be2b73aef0857d7781"
+		 "1f352c073b6108d72d9810a30914dff4"),
+	    NULL,
+	    SHEX("6bc1bee22e409f96e93d7e117393172a"
+		 "ae2d8a571e03ac9c9eb76fac45af8e51"
+		 "30c81c46a35ce411e5fbc1191a0a52ef"
+		 "f69f2445df4f9b17ad2b417be66c3710"),
+	    SHEX("f58c4c04d6e5f1ba779eabfb5f7bfbd6"
+		 "9cfc4e967edb808d679f777bc6702c7d"
+		 "39f23369a9d9bacfa530e26304231461"
+		 "b2eb05e2c39be9fcda6c19078c6a9d1b"),
+	    SHEX("000102030405060708090a0b0c0d0e0f"),
+	    NULL);
+
   test_cbc_bulk();
 }
 
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 2c6cac40..781907a9 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -804,7 +804,6 @@ test_aead(const struct nettle_aead *aead,
   length = cleartext->length;
 
   ASSERT (key->length == aead->key_size);
-  ASSERT (digest->length <= aead->digest_size);
 
   data = xalloc(length);
   
@@ -820,41 +819,51 @@ test_aead(const struct nettle_aead *aead,
   else
     aead->set_nonce(ctx, nonce->data);
 
-  if (authtext->length)
+  if (aead->update && authtext->length)
     aead->update(ctx, authtext->length, authtext->data);
-    
+
   if (length)
     aead->encrypt(ctx, length, data, cleartext->data);
 
-  aead->digest(ctx, digest->length, buffer);
+  if (digest)
+    {
+      ASSERT (digest->length <= aead->digest_size);
+      aead->digest(ctx, digest->length, buffer);
+      ASSERT(MEMEQ(digest->length, buffer, digest->data));
+    }
+  else
+    ASSERT(!aead->digest);
 
   ASSERT(MEMEQ(length, data, ciphertext->data));
-  ASSERT(MEMEQ(digest->length, buffer, digest->data));
 
   /* decryption */
-  memset(buffer, 0, aead->digest_size);
-
-  aead->set_decrypt_key(ctx, key->data);
-
-  if (nonce->length != aead->nonce_size)
+  if (aead->set_decrypt_key)
     {
-      ASSERT (set_nonce);
-      set_nonce (ctx, nonce->length, nonce->data);
-    }
-  else
-    aead->set_nonce(ctx, nonce->data);
+      memset(buffer, 0, aead->digest_size);
 
-  if (authtext->length)
-    aead->update(ctx, authtext->length, authtext->data);
-    
-  if (length)
-    aead->decrypt(ctx, length, data, data);
+      aead->set_decrypt_key(ctx, key->data);
 
-  aead->digest(ctx, digest->length, buffer);
+      if (nonce->length != aead->nonce_size)
+	{
+	  ASSERT (set_nonce);
+	  set_nonce (ctx, nonce->length, nonce->data);
+	}
+      else
+	aead->set_nonce(ctx, nonce->data);
 
-  ASSERT(MEMEQ(length, data, cleartext->data));
-  ASSERT(MEMEQ(digest->length, buffer, digest->data));
+      if (aead->update && authtext->length)
+	aead->update(ctx, authtext->length, authtext->data);
+    
+      if (length)
+	aead->decrypt(ctx, length, data, data);
 
+      if (digest)
+	{
+	  aead->digest(ctx, digest->length, buffer);
+	  ASSERT(MEMEQ(digest->length, buffer, digest->data));
+	}
+      ASSERT(MEMEQ(length, data, cleartext->data));
+    }
   free(ctx);
   free(data);
   free(buffer);
diff --git a/x86_64/aesni/cbc-aes128-encrypt.asm b/x86_64/aesni/cbc-aes128-encrypt.asm
new file mode 100644
index 00000000..7375dadd
--- /dev/null
+++ b/x86_64/aesni/cbc-aes128-encrypt.asm
@@ -0,0 +1,108 @@
+C x86_64/aesni/cbc-aes128-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2015, 2018, 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX',	`%rdi')
+define(`LENGTH',`%rsi')
+define(`DST',	`%rdx')
+define(`SRC',	`%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`X', `%xmm11')
+define(`BLOCK', `%xmm12')
+
+	.file "cbc-aes128-encrypt.asm"
+
+	C nettle_cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx,
+	C                       size_t length, uint8_t *dst,
+	C                       const uint8_t *src);
+
+	.text
+	ALIGN(16)
+PROLOGUE(nettle_cbc_aes128_encrypt)
+	W64_ENTRY(4, 13)
+	shr	$4, LENGTH
+	test	LENGTH, LENGTH
+	jz	.Lend
+
+	movups	(CTX), KEY0
+	movups	16(CTX), KEY1
+	movups	32(CTX), KEY2
+	movups	48(CTX), KEY3
+	movups	64(CTX), KEY4
+	movups	80(CTX), KEY5
+	movups	96(CTX), KEY6
+	movups	112(CTX), KEY7
+	movups	128(CTX), KEY8
+	movups	144(CTX), KEY9
+	movups	160(CTX), KEY10
+	movups	176(CTX), X	C Load IV
+
+.Lblock_loop:
+	movups	(SRC), BLOCK	C Cleartext block
+	pxor	KEY0, X
+	pxor	BLOCK, X
+	aesenc	KEY1, X
+	aesenc	KEY2, X
+	aesenc	KEY3, X
+	aesenc	KEY4, X
+	aesenc	KEY5, X
+	aesenc	KEY6, X
+	aesenc	KEY7, X
+	aesenc	KEY8, X
+	aesenc	KEY9, X
+	aesenclast KEY10, X
+
+	movups	X, (DST)
+	add	$16, SRC
+	add	$16, DST
+
+	dec	LENGTH
+	jnz	.Lblock_loop
+
+	C Save IV
+	movups	X, 176(CTX)
+
+.Lend:
+	W64_EXIT(4, 13)
+	ret
+EPILOGUE(nettle_cbc_aes128_encrypt)
diff --git a/x86_64/aesni/cbc-aes192-encrypt.asm b/x86_64/aesni/cbc-aes192-encrypt.asm
new file mode 100644
index 00000000..2438d91f
--- /dev/null
+++ b/x86_64/aesni/cbc-aes192-encrypt.asm
@@ -0,0 +1,114 @@
+C x86_64/aesni/cbc-aes192-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2015, 2018, 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX',	`%rdi')
+define(`LENGTH',`%rsi')
+define(`DST',	`%rdx')
+define(`SRC',	`%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`KEY11', `%xmm11')
+define(`KEY12', `%xmm12')
+define(`X', `%xmm13')
+define(`BLOCK', `%xmm14')
+
+	.file "cbc-aes192-encrypt.asm"
+
+	C nettle_cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx,
+	C                       size_t length, uint8_t *dst,
+	C                       const uint8_t *src);
+
+	.text
+	ALIGN(16)
+PROLOGUE(nettle_cbc_aes192_encrypt)
+	W64_ENTRY(4, 15)
+	shr	$4, LENGTH
+	test	LENGTH, LENGTH
+	jz	.Lend
+
+	movups	(CTX), KEY0
+	movups	16(CTX), KEY1
+	movups	32(CTX), KEY2
+	movups	48(CTX), KEY3
+	movups	64(CTX), KEY4
+	movups	80(CTX), KEY5
+	movups	96(CTX), KEY6
+	movups	112(CTX), KEY7
+	movups	128(CTX), KEY8
+	movups	144(CTX), KEY9
+	movups	160(CTX), KEY10
+	movups	176(CTX), KEY11
+	movups	192(CTX), KEY12
+	movups	208(CTX), X	C Load IV
+
+.Lblock_loop:
+	movups	(SRC), BLOCK	C Cleartext block
+	pxor	KEY0, X
+	pxor	BLOCK, X
+	aesenc	KEY1, X
+	aesenc	KEY2, X
+	aesenc	KEY3, X
+	aesenc	KEY4, X
+	aesenc	KEY5, X
+	aesenc	KEY6, X
+	aesenc	KEY7, X
+	aesenc	KEY8, X
+	aesenc	KEY9, X
+	aesenc	KEY10, X
+	aesenc	KEY11, X
+	aesenclast KEY12, X
+
+	movups	X, (DST)
+	add	$16, SRC
+	add	$16, DST
+
+	dec	LENGTH
+	jnz	.Lblock_loop
+
+	C Save IV
+	movups	X, 208(CTX)
+
+.Lend:
+	W64_EXIT(4, 15)
+	ret
+EPILOGUE(nettle_cbc_aes192_encrypt)
diff --git a/x86_64/aesni/cbc-aes256-encrypt.asm b/x86_64/aesni/cbc-aes256-encrypt.asm
new file mode 100644
index 00000000..6b289c70
--- /dev/null
+++ b/x86_64/aesni/cbc-aes256-encrypt.asm
@@ -0,0 +1,121 @@
+C x86_64/aesni/cbc-aes256-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2015, 2018, 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX',	`%rdi')
+define(`LENGTH',`%rsi')
+define(`DST',	`%rdx')
+define(`SRC',	`%rcx')
+
+define(`KEY0_7', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY8', `%xmm7')
+define(`KEY9', `%xmm8')
+define(`KEY10', `%xmm9')
+define(`KEY11', `%xmm10')
+define(`KEY12', `%xmm11')
+define(`KEY13', `%xmm12')
+define(`KEY14', `%xmm13')
+
+define(`X', `%xmm14')
+define(`BLOCK', `%xmm15')
+
+	.file "cbc-aes256-encrypt.asm"
+
+	C nettle_cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx,
+	C                       size_t length, uint8_t *dst,
+	C                       const uint8_t *src);
+
+	.text
+	ALIGN(16)
+PROLOGUE(nettle_cbc_aes256_encrypt)
+	W64_ENTRY(4, 16)
+	shr	$4, LENGTH
+	test	LENGTH, LENGTH
+	jz	.Lend
+
+	movups	(CTX), KEY0_7
+	movups	16(CTX), KEY1
+	movups	32(CTX), KEY2
+	movups	48(CTX), KEY3
+	movups	64(CTX), KEY4
+	movups	80(CTX), KEY5
+	movups	96(CTX), KEY6
+	movups	128(CTX), KEY8
+	movups	144(CTX), KEY9
+	movups	160(CTX), KEY10
+	movups	176(CTX), KEY11
+	movups	192(CTX), KEY12
+	movups	208(CTX), KEY13
+	movups	224(CTX), KEY14
+	movups	240(CTX), X	C Load IV
+
+.Lblock_loop:
+	movups	(SRC), BLOCK	C Cleartext block
+	pxor	KEY0_7, X
+	movups	112(CTX), KEY0_7
+	pxor	BLOCK, X
+	aesenc	KEY1, X
+	aesenc	KEY2, X
+	aesenc	KEY3, X
+	aesenc	KEY4, X
+	aesenc	KEY5, X
+	aesenc	KEY6, X
+	aesenc	KEY0_7, X
+	movups	(CTX), KEY0_7
+	aesenc	KEY8, X
+	aesenc	KEY9, X
+	aesenc	KEY10, X
+	aesenc	KEY11, X
+	aesenc	KEY12, X
+	aesenc	KEY13, X
+	aesenclast KEY14, X
+
+	movups	X, (DST)
+	add	$16, SRC
+	add	$16, DST
+
+	dec	LENGTH
+	jnz	.Lblock_loop
+
+	C Save IV
+	movups	X, 240(CTX)
+
+.Lend:
+	W64_EXIT(4, 16)
+	ret
+EPILOGUE(nettle_cbc_aes256_encrypt)
diff --git a/x86_64/fat/cbc-aes128-encrypt-2.asm b/x86_64/fat/cbc-aes128-encrypt-2.asm
new file mode 100644
index 00000000..9782cd94
--- /dev/null
+++ b/x86_64/fat/cbc-aes128-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/cbc-aes128-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_cbc_aes128_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/cbc-aes128-encrypt.asm')
diff --git a/x86_64/fat/cbc-aes192-encrypt-2.asm b/x86_64/fat/cbc-aes192-encrypt-2.asm
new file mode 100644
index 00000000..81322418
--- /dev/null
+++ b/x86_64/fat/cbc-aes192-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/cbc_aes192-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_cbc_aes192_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/cbc-aes192-encrypt.asm')
diff --git a/x86_64/fat/cbc-aes256-encrypt-2.asm b/x86_64/fat/cbc-aes256-encrypt-2.asm
new file mode 100644
index 00000000..abd1fcf3
--- /dev/null
+++ b/x86_64/fat/cbc-aes256-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/cbc_aes256-encrypt.asm
+
+ifelse(`
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_cbc_aes256_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/cbc-aes256-encrypt.asm')
author	Niels Möller <nisse@lysator.liu.se>	2021-09-12 17:30:27 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2021-09-12 17:30:27 +0200
commit	dfc8ee82e1f1be274ee62937d350731d40cddcde (patch)
tree	4178b530e8e24df7cba308ca518508b999d16ade
parent	d5b0b9cb4f70fb9ae86512d4fbc4ba8536d1f493 (diff)
parent	686fd559d8e8a59730c33c2d9790806a51b81dc2 (diff)
download	nettle-dfc8ee82e1f1be274ee62937d350731d40cddcde.tar.gz