diff --git a/libnettle-s390x-CPACF-SHA-AES-support.patch b/libnettle-s390x-CPACF-SHA-AES-support.patch
deleted file mode 100644
index d1225ec..0000000
--- a/libnettle-s390x-CPACF-SHA-AES-support.patch
+++ /dev/null
@@ -1,5766 +0,0 @@
-From c7391e5cdb8a0afc05186d484bc9f752b8f0c074 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
-Date: Tue, 10 Aug 2021 22:05:40 +0200
-Subject: [PATCH] x86_64: Refactor aesni assembly, with specific functions for
- each key size.
-
----
- ChangeLog                                     |  13 ++
- fat-x86_64.c                                  |  80 +++++++---
- x86_64/aesni/aes-decrypt-internal.asm         | 134 ----------------
- x86_64/aesni/aes-encrypt-internal.asm         | 134 ----------------
- x86_64/aesni/aes128-decrypt.asm               | 136 ++++++++++++++++
- x86_64/aesni/aes128-encrypt.asm               | 136 ++++++++++++++++
- x86_64/aesni/aes192-decrypt.asm               | 146 ++++++++++++++++++
- x86_64/aesni/aes192-encrypt.asm               | 146 ++++++++++++++++++
- x86_64/aesni/aes256-decrypt.asm               | 113 ++++++++++++++
- x86_64/aesni/aes256-encrypt.asm               | 113 ++++++++++++++
- ...pt-internal-2.asm => aes128-decrypt-2.asm} |  11 +-
- ...rypt-internal.asm => aes128-encrypt-2.asm} |  11 +-
- ...pt-internal-2.asm => aes192-decrypt-2.asm} |  11 +-
- ...rypt-internal.asm => aes192-encrypt-2.asm} |  11 +-
- x86_64/fat/aes256-decrypt-2.asm               |  36 +++++
- x86_64/fat/aes256-encrypt-2.asm               |  36 +++++
- 16 files changed, 955 insertions(+), 312 deletions(-)
- delete mode 100644 x86_64/aesni/aes-decrypt-internal.asm
- delete mode 100644 x86_64/aesni/aes-encrypt-internal.asm
- create mode 100644 x86_64/aesni/aes128-decrypt.asm
- create mode 100644 x86_64/aesni/aes128-encrypt.asm
- create mode 100644 x86_64/aesni/aes192-decrypt.asm
- create mode 100644 x86_64/aesni/aes192-encrypt.asm
- create mode 100644 x86_64/aesni/aes256-decrypt.asm
- create mode 100644 x86_64/aesni/aes256-encrypt.asm
- rename x86_64/fat/{aes-encrypt-internal-2.asm => aes128-decrypt-2.asm} (82%)
- rename x86_64/fat/{aes-encrypt-internal.asm => aes128-encrypt-2.asm} (82%)
- rename x86_64/fat/{aes-decrypt-internal-2.asm => aes192-decrypt-2.asm} (82%)
- rename x86_64/fat/{aes-decrypt-internal.asm => aes192-encrypt-2.asm} (82%)
- create mode 100644 x86_64/fat/aes256-decrypt-2.asm
- create mode 100644 x86_64/fat/aes256-encrypt-2.asm
-
-Index: nettle-3.7.3/fat-x86_64.c
-===================================================================
---- nettle-3.7.3.orig/fat-x86_64.c
-+++ nettle-3.7.3/fat-x86_64.c
-@@ -111,13 +111,24 @@ get_x86_features (struct x86_features *f
-     }
- }
- 
--DECLARE_FAT_FUNC(_nettle_aes_encrypt, aes_crypt_internal_func)
--DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, x86_64)
--DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, aesni)
--
--DECLARE_FAT_FUNC(_nettle_aes_decrypt, aes_crypt_internal_func)
--DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, x86_64)
--DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, aesni)
-+DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func)
-+DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, aesni)
-+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, aesni)
-+DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func)
-+DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, aesni)
-+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, aesni)
-+DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func)
-+DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, aesni)
-+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, aesni)
- 
- DECLARE_FAT_FUNC(nettle_memxor, memxor_func)
- DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64)
-@@ -160,15 +171,23 @@ fat_init (void)
-     {
-       if (verbose)
- 	fprintf (stderr, "libnettle: using aes instructions.\n");
--      _nettle_aes_encrypt_vec = _nettle_aes_encrypt_aesni;
--      _nettle_aes_decrypt_vec = _nettle_aes_decrypt_aesni;
-+      nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_aesni;
-+      nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_aesni;
-+      nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_aesni;
-+      nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_aesni;
-+      nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_aesni;
-+      nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_aesni;
-     }
-   else
-     {
-       if (verbose)
- 	fprintf (stderr, "libnettle: not using aes instructions.\n");
--      _nettle_aes_encrypt_vec = _nettle_aes_encrypt_x86_64;
--      _nettle_aes_decrypt_vec = _nettle_aes_decrypt_x86_64;
-+      nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c;
-+      nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c;
-+      nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c;
-+      nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c;
-+      nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c;
-+      nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c;
-     }
- 
-   if (features.have_sha_ni)
-@@ -199,19 +218,32 @@ fat_init (void)
-     }
- }
- 
--DEFINE_FAT_FUNC(_nettle_aes_encrypt, void,
--		(unsigned rounds, const uint32_t *keys,
--		 const struct aes_table *T,
--		 size_t length, uint8_t *dst,
--		 const uint8_t *src),
--		(rounds, keys, T, length, dst, src))
--
--DEFINE_FAT_FUNC(_nettle_aes_decrypt, void,
--		(unsigned rounds, const uint32_t *keys,
--		 const struct aes_table *T,
--		 size_t length, uint8_t *dst,
--		 const uint8_t *src),
--		(rounds, keys, T, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes128_encrypt, void,
-+ (const struct aes128_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes128_decrypt, void,
-+ (const struct aes128_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+
-+DEFINE_FAT_FUNC(nettle_aes192_encrypt, void,
-+ (const struct aes192_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes192_decrypt, void,
-+ (const struct aes192_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+
-+DEFINE_FAT_FUNC(nettle_aes256_encrypt, void,
-+ (const struct aes256_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
-+ (const struct aes256_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
- 
- DEFINE_FAT_FUNC(nettle_memxor, void *,
- 		(void *dst, const void *src, size_t n),
-Index: nettle-3.7.3/x86_64/aesni/aes-decrypt-internal.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/aesni/aes-decrypt-internal.asm
-+++ /dev/null
-@@ -1,134 +0,0 @@
--C x86_64/aesni/aes-decrypt-internal.asm
--
--
--ifelse(`
--   Copyright (C) 2015, 2018 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--C Input argument
--define(`ROUNDS', `%rdi')
--define(`KEYS',	`%rsi')
--C define(`TABLE',	`%rdx') C Unused here
--define(`LENGTH',`%rcx')
--define(`DST',	`%r8')
--define(`SRC',	`%r9')
--
--define(`KEY0', `%xmm0')
--define(`KEY1', `%xmm1')
--define(`KEY2', `%xmm2')
--define(`KEY3', `%xmm3')
--define(`KEY4', `%xmm4')
--define(`KEY5', `%xmm5')
--define(`KEY6', `%xmm6')
--define(`KEY7', `%xmm7')
--define(`KEY8', `%xmm8')
--define(`KEY9', `%xmm9')
--define(`KEY10', `%xmm10')
--define(`KEY11', `%xmm11')
--define(`KEY12', `%xmm12')
--define(`KEY13', `%xmm13')
--define(`KEYLAST', `%xmm14')
--define(`BLOCK', `%xmm15')
--
--	.file "aes-decrypt-internal.asm"
--
--	C _aes_decrypt(unsigned rounds, const uint32_t *keys,
--	C	       const struct aes_table *T,
--	C	       size_t length, uint8_t *dst,
--	C	       uint8_t *src)
--	.text
--	ALIGN(16)
--PROLOGUE(_nettle_aes_decrypt)
--	W64_ENTRY(6, 16)
--	shr	$4, LENGTH
--	test	LENGTH, LENGTH
--	jz	.Lend
--
--	movups	(KEYS), KEY0
--	movups	16(KEYS), KEY1
--	movups	32(KEYS), KEY2
--	movups	48(KEYS), KEY3
--	movups	64(KEYS), KEY4
--	movups	80(KEYS), KEY5
--	movups	96(KEYS), KEY6
--	movups	112(KEYS), KEY7
--	movups	128(KEYS), KEY8
--	movups	144(KEYS), KEY9
--	lea	160(KEYS), KEYS
--	sub	$10, XREG(ROUNDS)	C Also clears high half
--	je	.Lkey_last
--
--	movups	(KEYS), KEY10
--	movups	16(KEYS), KEY11
--	lea	(KEYS, ROUNDS, 8), KEYS
--	lea	(KEYS, ROUNDS, 8), KEYS
--
--	cmpl	$2, XREG(ROUNDS)
--	je	.Lkey_last
--	movups	-32(KEYS), KEY12
--	movups	-16(KEYS), KEY13
--
--.Lkey_last:
--	movups	(KEYS), KEYLAST
--
--.Lblock_loop:
--	movups	(SRC), BLOCK
--	pxor	KEY0, BLOCK
--	aesdec	KEY1, BLOCK
--	aesdec	KEY2, BLOCK
--	aesdec	KEY3, BLOCK
--	aesdec	KEY4, BLOCK
--	aesdec	KEY5, BLOCK
--	aesdec	KEY6, BLOCK
--	aesdec	KEY7, BLOCK
--	aesdec	KEY8, BLOCK
--	aesdec	KEY9, BLOCK
--	testl	XREG(ROUNDS), XREG(ROUNDS)
--	je	.Lblock_end
--	aesdec	KEY10, BLOCK
--	aesdec	KEY11, BLOCK
--	cmpl	$2, XREG(ROUNDS)
--	je	.Lblock_end
--
--	aesdec	KEY12, BLOCK
--	aesdec	KEY13, BLOCK
--
--.Lblock_end:
--	aesdeclast KEYLAST, BLOCK
--
--	movups	BLOCK, (DST)
--	add	$16, SRC
--	add	$16, DST
--	dec	LENGTH
--	jnz	.Lblock_loop
--
--.Lend:
--	W64_EXIT(6, 16)
--	ret
--EPILOGUE(_nettle_aes_decrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes-encrypt-internal.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/aesni/aes-encrypt-internal.asm
-+++ /dev/null
-@@ -1,134 +0,0 @@
--C x86_64/aesni/aes-encrypt-internal.asm
--
--
--ifelse(`
--   Copyright (C) 2015, 2018 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--C Input argument
--define(`ROUNDS', `%rdi')
--define(`KEYS',	`%rsi')
--C define(`TABLE',	`%rdx') C Unused here
--define(`LENGTH',`%rcx')
--define(`DST',	`%r8')
--define(`SRC',	`%r9')
--
--define(`KEY0', `%xmm0')
--define(`KEY1', `%xmm1')
--define(`KEY2', `%xmm2')
--define(`KEY3', `%xmm3')
--define(`KEY4', `%xmm4')
--define(`KEY5', `%xmm5')
--define(`KEY6', `%xmm6')
--define(`KEY7', `%xmm7')
--define(`KEY8', `%xmm8')
--define(`KEY9', `%xmm9')
--define(`KEY10', `%xmm10')
--define(`KEY11', `%xmm11')
--define(`KEY12', `%xmm12')
--define(`KEY13', `%xmm13')
--define(`KEYLAST', `%xmm14')
--define(`BLOCK', `%xmm15')
--
--	.file "aes-encrypt-internal.asm"
--
--	C _aes_encrypt(unsigned rounds, const uint32_t *keys,
--	C	       const struct aes_table *T,
--	C	       size_t length, uint8_t *dst,
--	C	       uint8_t *src)
--	.text
--	ALIGN(16)
--PROLOGUE(_nettle_aes_encrypt)
--	W64_ENTRY(6, 16)
--	shr	$4, LENGTH
--	test	LENGTH, LENGTH
--	jz	.Lend
--
--	movups	(KEYS), KEY0
--	movups	16(KEYS), KEY1
--	movups	32(KEYS), KEY2
--	movups	48(KEYS), KEY3
--	movups	64(KEYS), KEY4
--	movups	80(KEYS), KEY5
--	movups	96(KEYS), KEY6
--	movups	112(KEYS), KEY7
--	movups	128(KEYS), KEY8
--	movups	144(KEYS), KEY9
--	lea	160(KEYS), KEYS
--	sub	$10, XREG(ROUNDS)	C Also clears high half
--	je	.Lkey_last
--
--	movups	(KEYS), KEY10
--	movups	16(KEYS), KEY11
--	lea	(KEYS, ROUNDS, 8), KEYS
--	lea	(KEYS, ROUNDS, 8), KEYS
--
--	cmpl	$2, XREG(ROUNDS)
--	je	.Lkey_last
--	movups	-32(KEYS), KEY12
--	movups	-16(KEYS), KEY13
--
--.Lkey_last:
--	movups	(KEYS), KEYLAST
--
--.Lblock_loop:
--	movups	(SRC), BLOCK
--	pxor	KEY0, BLOCK
--	aesenc	KEY1, BLOCK
--	aesenc	KEY2, BLOCK
--	aesenc	KEY3, BLOCK
--	aesenc	KEY4, BLOCK
--	aesenc	KEY5, BLOCK
--	aesenc	KEY6, BLOCK
--	aesenc	KEY7, BLOCK
--	aesenc	KEY8, BLOCK
--	aesenc	KEY9, BLOCK
--	testl	XREG(ROUNDS), XREG(ROUNDS)
--	je	.Lblock_end
--	aesenc	KEY10, BLOCK
--	aesenc	KEY11, BLOCK
--	cmpl	$2, XREG(ROUNDS)
--	je	.Lblock_end
--
--	aesenc	KEY12, BLOCK
--	aesenc	KEY13, BLOCK
--
--.Lblock_end:
--	aesenclast KEYLAST, BLOCK
--
--	movups	BLOCK, (DST)
--	add	$16, SRC
--	add	$16, DST
--	dec	LENGTH
--	jnz	.Lblock_loop
--
--.Lend:
--	W64_EXIT(6, 16)
--	ret
--EPILOGUE(_nettle_aes_encrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm
-@@ -0,0 +1,136 @@
-+C x86_64/aesni/aes128-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`X', `%xmm11')
-+define(`Y', `%xmm12')
-+
-+	.file "aes128-decrypt.asm"
-+
-+	C nettle_aes128_decrypt(const struct aes128_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes128_decrypt)
-+	W64_ENTRY(4, 13)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	shr	LENGTH
-+	jnc	.Lblock_loop
-+
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesdec	KEY1, X
-+	aesdec	KEY2, X
-+	aesdec	KEY3, X
-+	aesdec	KEY4, X
-+	aesdec	KEY5, X
-+	aesdec	KEY6, X
-+	aesdec	KEY7, X
-+	aesdec	KEY8, X
-+	aesdec	KEY9, X
-+	aesdeclast KEY10, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	movups	16(SRC), Y
-+	pxor	KEY0, X
-+	pxor	KEY0, Y
-+	aesdec	KEY1, X
-+	aesdec	KEY1, Y
-+	aesdec	KEY2, X
-+	aesdec	KEY2, Y
-+	aesdec	KEY3, X
-+	aesdec	KEY3, Y
-+	aesdec	KEY4, X
-+	aesdec	KEY4, Y
-+	aesdec	KEY5, X
-+	aesdec	KEY5, Y
-+	aesdec	KEY6, X
-+	aesdec	KEY6, Y
-+	aesdec	KEY7, X
-+	aesdec	KEY7, Y
-+	aesdec	KEY8, X
-+	aesdec	KEY8, Y
-+	aesdec	KEY9, X
-+	aesdec	KEY9, Y
-+	aesdeclast KEY10, X
-+	aesdeclast KEY10, Y
-+
-+	movups	X, (DST)
-+	movups	Y, 16(DST)
-+	add	$32, SRC
-+	add	$32, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 13)
-+	ret
-+EPILOGUE(nettle_aes128_decrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm
-@@ -0,0 +1,136 @@
-+C x86_64/aesni/aes128-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`X', `%xmm11')
-+define(`Y', `%xmm12')
-+
-+	.file "aes128-encrypt.asm"
-+
-+	C nettle_aes128_encrypt(const struct aes128_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes128_encrypt)
-+	W64_ENTRY(4, 13)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	shr	LENGTH
-+	jnc	.Lblock_loop
-+
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesenc	KEY1, X
-+	aesenc	KEY2, X
-+	aesenc	KEY3, X
-+	aesenc	KEY4, X
-+	aesenc	KEY5, X
-+	aesenc	KEY6, X
-+	aesenc	KEY7, X
-+	aesenc	KEY8, X
-+	aesenc	KEY9, X
-+	aesenclast KEY10, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	movups	16(SRC), Y
-+	pxor	KEY0, X
-+	pxor	KEY0, Y
-+	aesenc	KEY1, X
-+	aesenc	KEY1, Y
-+	aesenc	KEY2, X
-+	aesenc	KEY2, Y
-+	aesenc	KEY3, X
-+	aesenc	KEY3, Y
-+	aesenc	KEY4, X
-+	aesenc	KEY4, Y
-+	aesenc	KEY5, X
-+	aesenc	KEY5, Y
-+	aesenc	KEY6, X
-+	aesenc	KEY6, Y
-+	aesenc	KEY7, X
-+	aesenc	KEY7, Y
-+	aesenc	KEY8, X
-+	aesenc	KEY8, Y
-+	aesenc	KEY9, X
-+	aesenc	KEY9, Y
-+	aesenclast KEY10, X
-+	aesenclast KEY10, Y
-+
-+	movups	X, (DST)
-+	movups	Y, 16(DST)
-+	add	$32, SRC
-+	add	$32, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 13)
-+	ret
-+EPILOGUE(nettle_aes128_encrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm
-@@ -0,0 +1,146 @@
-+C x86_64/aesni/aes192-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`KEY11', `%xmm11')
-+define(`KEY12', `%xmm12')
-+define(`X', `%xmm13')
-+define(`Y', `%xmm14')
-+
-+	.file "aes192-decrypt.asm"
-+
-+	C nettle_aes192_decrypt(const struct aes192_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes192_decrypt)
-+	W64_ENTRY(4, 15)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	movups	176(CTX), KEY11
-+	movups	192(CTX), KEY12
-+	shr	LENGTH
-+	jnc	.Lblock_loop
-+
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesdec	KEY1, X
-+	aesdec	KEY2, X
-+	aesdec	KEY3, X
-+	aesdec	KEY4, X
-+	aesdec	KEY5, X
-+	aesdec	KEY6, X
-+	aesdec	KEY7, X
-+	aesdec	KEY8, X
-+	aesdec	KEY9, X
-+	aesdec	KEY10, X
-+	aesdec	KEY11, X
-+	aesdeclast KEY12, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	movups	16(SRC), Y
-+	pxor	KEY0, X
-+	pxor	KEY0, Y
-+	aesdec	KEY1, X
-+	aesdec	KEY1, Y
-+	aesdec	KEY2, X
-+	aesdec	KEY2, Y
-+	aesdec	KEY3, X
-+	aesdec	KEY3, Y
-+	aesdec	KEY4, X
-+	aesdec	KEY4, Y
-+	aesdec	KEY5, X
-+	aesdec	KEY5, Y
-+	aesdec	KEY6, X
-+	aesdec	KEY6, Y
-+	aesdec	KEY7, X
-+	aesdec	KEY7, Y
-+	aesdec	KEY8, X
-+	aesdec	KEY8, Y
-+	aesdec	KEY9, X
-+	aesdec	KEY9, Y
-+	aesdec	KEY10, X
-+	aesdec	KEY10, Y
-+	aesdec	KEY11, X
-+	aesdec	KEY11, Y
-+	aesdeclast KEY12, X
-+	aesdeclast KEY12, Y
-+
-+	movups	X, (DST)
-+	movups	Y, 16(DST)
-+	add	$32, SRC
-+	add	$32, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 15)
-+	ret
-+EPILOGUE(nettle_aes192_decrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm
-@@ -0,0 +1,146 @@
-+C x86_64/aesni/aes192-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`KEY11', `%xmm11')
-+define(`KEY12', `%xmm12')
-+define(`X', `%xmm13')
-+define(`Y', `%xmm14')
-+
-+	.file "aes192-encrypt.asm"
-+
-+	C nettle_aes192_encrypt(const struct aes192_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes192_encrypt)
-+	W64_ENTRY(4, 15)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	movups	176(CTX), KEY11
-+	movups	192(CTX), KEY12
-+	shr	LENGTH
-+	jnc	.Lblock_loop
-+
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesenc	KEY1, X
-+	aesenc	KEY2, X
-+	aesenc	KEY3, X
-+	aesenc	KEY4, X
-+	aesenc	KEY5, X
-+	aesenc	KEY6, X
-+	aesenc	KEY7, X
-+	aesenc	KEY8, X
-+	aesenc	KEY9, X
-+	aesenc	KEY10, X
-+	aesenc	KEY11, X
-+	aesenclast KEY12, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	movups	16(SRC), Y
-+	pxor	KEY0, X
-+	pxor	KEY0, Y
-+	aesenc	KEY1, X
-+	aesenc	KEY1, Y
-+	aesenc	KEY2, X
-+	aesenc	KEY2, Y
-+	aesenc	KEY3, X
-+	aesenc	KEY3, Y
-+	aesenc	KEY4, X
-+	aesenc	KEY4, Y
-+	aesenc	KEY5, X
-+	aesenc	KEY5, Y
-+	aesenc	KEY6, X
-+	aesenc	KEY6, Y
-+	aesenc	KEY7, X
-+	aesenc	KEY7, Y
-+	aesenc	KEY8, X
-+	aesenc	KEY8, Y
-+	aesenc	KEY9, X
-+	aesenc	KEY9, Y
-+	aesenc	KEY10, X
-+	aesenc	KEY10, Y
-+	aesenc	KEY11, X
-+	aesenc	KEY11, Y
-+	aesenclast KEY12, X
-+	aesenclast KEY12, Y
-+
-+	movups	X, (DST)
-+	movups	Y, 16(DST)
-+	add	$32, SRC
-+	add	$32, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 15)
-+	ret
-+EPILOGUE(nettle_aes192_encrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm
-@@ -0,0 +1,113 @@
-+C x86_64/aesni/aes256-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`KEY11', `%xmm11')
-+define(`KEY12', `%xmm12')
-+define(`KEY13', `%xmm13')
-+define(`KEY14', `%xmm14')
-+define(`X', `%xmm15')
-+
-+	.file "aes256-decrypt.asm"
-+
-+	C nettle_aes256_decrypt(const struct aes256_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes256_decrypt)
-+	W64_ENTRY(4, 16)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	movups	176(CTX), KEY11
-+	movups	192(CTX), KEY12
-+	movups	208(CTX), KEY13
-+	movups	224(CTX), KEY14
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesdec	KEY1, X
-+	aesdec	KEY2, X
-+	aesdec	KEY3, X
-+	aesdec	KEY4, X
-+	aesdec	KEY5, X
-+	aesdec	KEY6, X
-+	aesdec	KEY7, X
-+	aesdec	KEY8, X
-+	aesdec	KEY9, X
-+	aesdec	KEY10, X
-+	aesdec	KEY11, X
-+	aesdec	KEY12, X
-+	aesdec	KEY13, X
-+	aesdeclast KEY14, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 16)
-+	ret
-+EPILOGUE(nettle_aes256_decrypt)
-Index: nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm
-@@ -0,0 +1,113 @@
-+C x86_64/aesni/aes256-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2015, 2018, 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C Input argument
-+define(`CTX',	`%rdi')
-+define(`LENGTH',`%rsi')
-+define(`DST',	`%rdx')
-+define(`SRC',	`%rcx')
-+
-+define(`KEY0', `%xmm0')
-+define(`KEY1', `%xmm1')
-+define(`KEY2', `%xmm2')
-+define(`KEY3', `%xmm3')
-+define(`KEY4', `%xmm4')
-+define(`KEY5', `%xmm5')
-+define(`KEY6', `%xmm6')
-+define(`KEY7', `%xmm7')
-+define(`KEY8', `%xmm8')
-+define(`KEY9', `%xmm9')
-+define(`KEY10', `%xmm10')
-+define(`KEY11', `%xmm11')
-+define(`KEY12', `%xmm12')
-+define(`KEY13', `%xmm13')
-+define(`KEY14', `%xmm14')
-+define(`X', `%xmm15')
-+
-+	.file "aes256-encrypt.asm"
-+
-+	C nettle_aes256_encrypt(const struct aes256_ctx *ctx,
-+	C                       size_t length, uint8_t *dst,
-+	C                       const uint8_t *src);
-+
-+	.text
-+	ALIGN(16)
-+PROLOGUE(nettle_aes256_encrypt)
-+	W64_ENTRY(4, 16)
-+	shr	$4, LENGTH
-+	test	LENGTH, LENGTH
-+	jz	.Lend
-+
-+	movups	(CTX), KEY0
-+	movups	16(CTX), KEY1
-+	movups	32(CTX), KEY2
-+	movups	48(CTX), KEY3
-+	movups	64(CTX), KEY4
-+	movups	80(CTX), KEY5
-+	movups	96(CTX), KEY6
-+	movups	112(CTX), KEY7
-+	movups	128(CTX), KEY8
-+	movups	144(CTX), KEY9
-+	movups	160(CTX), KEY10
-+	movups	176(CTX), KEY11
-+	movups	192(CTX), KEY12
-+	movups	208(CTX), KEY13
-+	movups	224(CTX), KEY14
-+
-+.Lblock_loop:
-+	movups	(SRC), X
-+	pxor	KEY0, X
-+	aesenc	KEY1, X
-+	aesenc	KEY2, X
-+	aesenc	KEY3, X
-+	aesenc	KEY4, X
-+	aesenc	KEY5, X
-+	aesenc	KEY6, X
-+	aesenc	KEY7, X
-+	aesenc	KEY8, X
-+	aesenc	KEY9, X
-+	aesenc	KEY10, X
-+	aesenc	KEY11, X
-+	aesenc	KEY12, X
-+	aesenc	KEY13, X
-+	aesenclast KEY14, X
-+
-+	movups	X, (DST)
-+	add	$16, SRC
-+	add	$16, DST
-+	dec	LENGTH
-+	jnz	.Lblock_loop
-+
-+.Lend:
-+	W64_EXIT(4, 16)
-+	ret
-+EPILOGUE(nettle_aes256_encrypt)
-Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal-2.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal-2.asm
-+++ /dev/null
-@@ -1,35 +0,0 @@
--C x86_64/fat/aes-encrypt-internal-2.asm
--
--
--ifelse(`
--   Copyright (C) 2015 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--define(`fat_transform', `$1_aesni')
--include_src(`x86_64/aesni/aes-encrypt-internal.asm')
-Index: nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes128-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes128-decrypt.asm')
-Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal.asm
-+++ /dev/null
-@@ -1,35 +0,0 @@
--C x86_64/fat/aes-encrypt-internal.asm
--
--
--ifelse(`
--   Copyright (C) 2015 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--define(`fat_transform', `$1_x86_64')
--include_src(`x86_64/aes-encrypt-internal.asm')
-Index: nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes128-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes128-encrypt.asm')
-Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal-2.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal-2.asm
-+++ /dev/null
-@@ -1,35 +0,0 @@
--C x86_64/fat/aes-decrypt-internal-2.asm
--
--
--ifelse(`
--   Copyright (C) 2015 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--define(`fat_transform', `$1_aesni')
--include_src(`x86_64/aesni/aes-decrypt-internal.asm')
-Index: nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes192-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes192-decrypt.asm')
-Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal.asm
-===================================================================
---- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal.asm
-+++ /dev/null
-@@ -1,35 +0,0 @@
--C x86_64/fat/aes-decrypt-internal.asm
--
--
--ifelse(`
--   Copyright (C) 2015 Niels Möller
--
--   This file is part of GNU Nettle.
--
--   GNU Nettle is free software: you can redistribute it and/or
--   modify it under the terms of either:
--
--     * the GNU Lesser General Public License as published by the Free
--       Software Foundation; either version 3 of the License, or (at your
--       option) any later version.
--
--   or
--
--     * the GNU General Public License as published by the Free
--       Software Foundation; either version 2 of the License, or (at your
--       option) any later version.
--
--   or both in parallel, as here.
--
--   GNU Nettle is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--   General Public License for more details.
--
--   You should have received copies of the GNU General Public License and
--   the GNU Lesser General Public License along with this program.  If
--   not, see http://www.gnu.org/licenses/.
--')
--
--define(`fat_transform', `$1_x86_64')
--include_src(`x86_64/aes-decrypt-internal.asm')
-Index: nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes192-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes192-encrypt.asm')
-Index: nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes256-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes256-decrypt.asm')
-Index: nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C x86_64/fat/aes256-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_aesni')
-+include_src(`x86_64/aesni/aes256-encrypt.asm')
-Index: nettle-3.7.3/Makefile.in
-===================================================================
---- nettle-3.7.3.orig/Makefile.in
-+++ nettle-3.7.3/Makefile.in
-@@ -74,8 +74,10 @@ dvi installcheck uninstallcheck:
- 
- all-here: $(TARGETS) $(DOCTARGETS)
- 
--nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
-+nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
-+		 aes128-decrypt.c aes192-decrypt.c aes256-decrypt.c \
- 		 aes-encrypt-internal.c aes-encrypt.c aes-encrypt-table.c \
-+		 aes128-encrypt.c aes192-encrypt.c aes256-encrypt.c \
- 		 aes-invert-internal.c aes-set-key-internal.c \
- 		 aes-set-encrypt-key.c aes-set-decrypt-key.c \
- 		 aes128-set-encrypt-key.c aes128-set-decrypt-key.c \
-@@ -217,7 +219,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
- 		  ed448-shake256.c ed448-shake256-pubkey.c \
- 		  ed448-shake256-sign.c ed448-shake256-verify.c
- 
--OPT_SOURCES = fat-arm.c fat-ppc.c fat-x86_64.c mini-gmp.c
-+OPT_SOURCES = fat-arm.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
- 
- HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
- 	  base16.h base64.h bignum.h buffer.h camellia.h cast128.h \
-@@ -616,7 +618,8 @@ distdir: $(DISTFILES)
- 	set -e; for d in sparc32 sparc64 x86 \
- 		x86_64 x86_64/aesni x86_64/sha_ni x86_64/fat \
- 		arm arm/neon arm/v6 arm/fat \
--		powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat ; do \
-+		powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat \
-+		s390x s390x/vf s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 s390x/fat ; do \
- 	  mkdir "$(distdir)/$$d" ; \
- 	  find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' -o -name README ')' \
- 	    -exec cp '{}' "$(distdir)/$$d" ';' ; \
-Index: nettle-3.7.3/configure.ac
-===================================================================
---- nettle-3.7.3.orig/configure.ac
-+++ nettle-3.7.3/configure.ac
-@@ -97,6 +97,14 @@ AC_ARG_ENABLE(power-altivec,
-   AC_HELP_STRING([--enable-power-altivec], [Enable POWER altivec and vsx extensions. (default=no)]),,
-   [enable_altivec=no])
- 
-+AC_ARG_ENABLE(s390x-vf,
-+  AC_HELP_STRING([--enable-s390x-vf], [Enable vector facility on z/Architecture. (default=no)]),,
-+  [enable_s390x_vf=no])
-+
-+AC_ARG_ENABLE(s390x-msa,
-+  AC_HELP_STRING([--enable-s390x-msa], [Enable message-security assist extensions on z/Architecture. (default=no)]),,
-+  [enable_s390x_msa=no])
-+
- AC_ARG_ENABLE(mini-gmp,
-   AC_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),,
-   [enable_mini_gmp=no])
-@@ -344,6 +352,17 @@ case "$host_cpu" in
-       ABI=64
-     ])
-     ;;
-+  *s390x*)
-+    AC_TRY_COMPILE([
-+#if defined(__s390x__)
-+#error 64-bit s390x
-+#endif
-+    ], [], [
-+      ABI=32
-+    ], [
-+      ABI=64
-+    ])
-+    ;;
- esac
- 
- if test "x$ABI" != xstandard ; then
-@@ -477,7 +496,23 @@ if test "x$enable_assembler" = xyes ; th
- 	fi
-       fi
-       ;;
--
-+    *s390x*)
-+      if test "$ABI" = 64 ; then
-+        asm_path="s390x"
-+        if test "x$enable_fat" = xyes ; then
-+	        asm_path="s390x/fat $asm_path"
-+	        OPT_NETTLE_SOURCES="fat-s390x.c $OPT_NETTLE_SOURCES"
-+          FAT_TEST_LIST="none vf msa msa_x1 msa_x2 msa_x4"
-+        else
-+          if test "$enable_s390x_vf" = yes ; then
-+            asm_path="s390x/vf $asm_path"
-+          fi
-+          if test "$enable_s390x_msa" = yes ; then
-+            asm_path="s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 $asm_path"
-+          fi
-+        fi
-+      fi
-+      ;;
-     *)
-       enable_assembler=no
-       ;;
-@@ -487,6 +522,12 @@ fi
- # Files which replace a C source file (or otherwise don't correspond
- # to a new object file).
- asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
-+		aes128-set-encrypt-key.asm aes128-set-decrypt-key.asm \
-+		aes128-encrypt.asm aes128-decrypt.asm \
-+		aes192-set-encrypt-key.asm aes192-set-decrypt-key.asm \
-+		aes192-encrypt.asm aes192-decrypt.asm \
-+		aes256-set-encrypt-key.asm aes256-set-decrypt-key.asm \
-+		aes256-encrypt.asm aes256-decrypt.asm \
- 		arcfour-crypt.asm camellia-crypt-internal.asm \
- 		md5-compress.asm memxor.asm memxor3.asm \
- 		poly1305-internal.asm \
-@@ -497,8 +538,14 @@ asm_replace_list="aes-encrypt-internal.a
- 		sha3-permute.asm umac-nh.asm umac-nh-n.asm machine.m4"
- 
- # Assembler files which generate additional object files if they are used.
--asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm \
--  aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm \
-+asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm cpu-facility.asm \
-+  aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm memxor3-2.asm \
-+  aes128-set-encrypt-key-2.asm aes128-set-decrypt-key-2.asm \
-+  aes128-encrypt-2.asm aes128-decrypt-2.asm \
-+  aes192-set-encrypt-key-2.asm aes192-set-decrypt-key-2.asm \
-+  aes192-encrypt-2.asm aes192-decrypt-2.asm \
-+  aes256-set-encrypt-key-2.asm aes256-set-decrypt-key-2.asm \
-+  aes256-encrypt-2.asm aes256-decrypt-2.asm \
-   chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \
-   salsa20-2core.asm salsa20-core-internal-2.asm \
-   sha1-compress-2.asm sha256-compress-2.asm \
-@@ -605,8 +652,24 @@ AC_SUBST([ASM_PPC_WANT_R_REGISTERS])
- AH_VERBATIM([HAVE_NATIVE],
- [/* Define to 1 each of the following for which a native (ie. CPU specific)
-     implementation of the corresponding routine exists.  */
-+#undef HAVE_NATIVE_memxor3
- #undef HAVE_NATIVE_aes_decrypt
- #undef HAVE_NATIVE_aes_encrypt
-+#undef HAVE_NATIVE_aes128_decrypt
-+#undef HAVE_NATIVE_aes128_encrypt
-+#undef HAVE_NATIVE_aes128_invert_key
-+#undef HAVE_NATIVE_aes128_set_decrypt_key
-+#undef HAVE_NATIVE_aes128_set_encrypt_key
-+#undef HAVE_NATIVE_aes192_decrypt
-+#undef HAVE_NATIVE_aes192_encrypt
-+#undef HAVE_NATIVE_aes192_invert_key
-+#undef HAVE_NATIVE_aes192_set_decrypt_key
-+#undef HAVE_NATIVE_aes192_set_encrypt_key
-+#undef HAVE_NATIVE_aes256_decrypt
-+#undef HAVE_NATIVE_aes256_encrypt
-+#undef HAVE_NATIVE_aes256_invert_key
-+#undef HAVE_NATIVE_aes256_set_decrypt_key
-+#undef HAVE_NATIVE_aes256_set_encrypt_key
- #undef HAVE_NATIVE_chacha_core
- #undef HAVE_NATIVE_chacha_2core
- #undef HAVE_NATIVE_chacha_3core
-Index: nettle-3.7.3/s390x/README
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/README
-@@ -0,0 +1,60 @@
-+Registers Conventions[1]
-+
-+Register Status Use
-+
-+r0, r1     General purpose                                       Volatile
-+r2         Parameter passing and return values                   Volatile
-+r3, r4, r5 Parameter passing                                     Volatile
-+r6         Parameter passing                                     Saved
-+r7 - r11   Local variables                                       Saved
-+r12        Local variable, commonly used as GOT pointer          Saved
-+r13        Local variable, commonly used as Literal Pool pointer Saved
-+r14        Return address                                        Volatile
-+r15        Stack pointer                                         Saved
-+
-+f0, f2, f4, f6 Parameter passing and return values Volatile
-+f1, f3, f5, f7 General purpose                     Volatile
-+f8 – f15       General purpose                     Saved
-+
-+Vector Register Conventions
-+
-+Register Use
-+
-+VR0 - VR7    Volatile
-+VR8 - VR15   Bytes 0-7 are non-volatile, Bytes 8-15 are volatile
-+VR16 - VR23  Non-volatile
-+VR24 - VR31  Volatile
-+
-+General Registers[2]
-+
-+In addition to their use as accumulators in general
-+arithmetic and logical operations, 15 of the 16 general
-+registers are also used as base-address and
-+index registers in address generation. In these
-+cases, the registers are designated by a four-bit B
-+field or X field in an instruction. A value of zero in the
-+B or X field specifies that no base or index is to be
-+applied, and, thus, general register 0 cannot be designated
-+as containing a base address or index.
-+
-+Parameter passing[1]
-+
-+Values shorter than 64 bits are sign- or zero-extended (as appropriate)
-+to 64 bits. Arguments not handled in the registers are passed in the parameter
-+words of the caller’s stack frame.
-+
-+Dynamic stack space allocation[1]
-+
-+1. After a new stack frame is acquired, and before the first dynamic space
-+allocation, a new register, the frame pointer or FP, is set to the value of the
-+stack pointer.
-+2. The amount of dynamic space to be allocated is rounded up to a multiple of 8
-+bytes, so that 8-byte stack alignment is maintained.
-+3. The stack pointer is decreased by the rounded byte count, and the address of
-+the previous stack frame (the back chain) may be stored at the word addressed
-+by the new stack pointer. The back chain is not necessary to restore from this
-+allocation at the end of the function since the frame pointer can be used to
-+restore the stack pointer.
-+
-+[1] http://legacy.redhat.com/pub/redhat/linux/7.1/es/os/s390x/doc/lzsabi0.pdf
-+[2] https://www.ibm.com/support/pages/zarchitecture-principles-operation
-Index: nettle-3.7.3/aes-decrypt-table.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes-decrypt-table.c
-@@ -0,0 +1,345 @@
-+/* aes-decrypt-table.c
-+
-+   Decryption function for aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <stdlib.h>
-+
-+#include "aes-internal.h"
-+
-+const struct aes_table
-+_nettle_aes_decrypt_table =
-+  { /* isbox */
-+    {
-+      0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
-+      0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
-+      0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
-+      0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
-+      0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
-+      0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
-+      0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
-+      0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
-+      0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
-+      0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
-+      0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
-+      0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
-+      0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
-+      0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
-+      0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
-+      0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
-+      0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
-+      0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
-+      0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
-+      0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
-+      0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
-+      0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
-+      0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
-+      0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
-+      0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
-+      0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
-+      0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
-+      0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
-+      0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
-+      0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
-+      0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
-+      0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d,
-+    },
-+    { /* itable */
-+      {
-+	0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,
-+	0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b,
-+	0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
-+	0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,
-+	0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d,
-+	0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
-+	0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,
-+	0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e,
-+	0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
-+	0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,
-+	0x184adf63,0x82311ae5,0x60335197,0x457f5362,
-+	0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
-+	0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,
-+	0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566,
-+	0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3,
-+	0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,
-+	0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e,
-+	0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
-+	0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,
-+	0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd,
-+	0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
-+	0xb58d5491,0x055dc471,0x6fd40604,0xff155060,
-+	0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967,
-+	0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
-+	0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000,
-+	0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c,
-+	0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
-+	0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,
-+	0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b,
-+	0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
-+	0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,
-+	0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14,
-+	0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
-+	0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,
-+	0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8,
-+	0xcadc31d7,0x10856342,0x40229713,0x2011c684,
-+	0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,
-+	0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177,
-+	0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
-+	0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,
-+	0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498,
-+	0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
-+	0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54,
-+	0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382,
-+	0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
-+	0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,
-+	0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83,
-+	0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef,
-+	0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,
-+	0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235,
-+	0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
-+	0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117,
-+	0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4,
-+	0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
-+	0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,
-+	0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d,
-+	0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
-+	0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,
-+	0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773,
-+	0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
-+	0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,
-+	0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff,
-+	0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
-+	0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0,
-+      },
-+#if !AES_SMALL
-+      { /* Before: itable[1] */
-+	0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96,
-+	0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93,
-+	0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525,
-+	0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f,
-+	0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1,
-+	0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6,
-+	0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da,
-+	0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44,
-+	0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd,
-+	0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4,
-+	0x4adf6318,0x311ae582,0x33519760,0x7f536245,
-+	0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994,
-+	0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7,
-+	0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a,
-+	0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5,
-+	0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c,
-+	0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1,
-+	0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a,
-+	0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475,
-+	0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51,
-+	0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46,
-+	0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff,
-+	0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777,
-+	0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db,
-+	0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000,
-+	0x86800983,0xed2b3248,0x70111eac,0x725a6c4e,
-+	0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627,
-+	0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a,
-+	0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e,
-+	0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16,
-+	0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d,
-+	0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8,
-+	0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd,
-+	0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34,
-+	0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863,
-+	0xdc31d7ca,0x85634210,0x22971340,0x11c68420,
-+	0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d,
-+	0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0,
-+	0x16b32b6c,0xb970a999,0x489411fa,0x64e94722,
-+	0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef,
-+	0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836,
-+	0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4,
-+	0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462,
-+	0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5,
-+	0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3,
-+	0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b,
-+	0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8,
-+	0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6,
-+	0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6,
-+	0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0,
-+	0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315,
-+	0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f,
-+	0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df,
-+	0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f,
-+	0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e,
-+	0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13,
-+	0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89,
-+	0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c,
-+	0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf,
-+	0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886,
-+	0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f,
-+	0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41,
-+	0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490,
-+	0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042,
-+      },{ /* Before: itable[2] */
-+	0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e,
-+	0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303,
-+	0x302055fa,0x76adf66d,0xcc889176,0x02f5254c,
-+	0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3,
-+	0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0,
-+	0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9,
-+	0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59,
-+	0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8,
-+	0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71,
-+	0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a,
-+	0xdf63184a,0x1ae58231,0x51976033,0x5362457f,
-+	0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b,
-+	0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8,
-+	0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab,
-+	0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508,
-+	0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82,
-+	0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2,
-+	0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe,
-+	0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb,
-+	0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110,
-+	0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd,
-+	0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15,
-+	0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e,
-+	0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee,
-+	0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000,
-+	0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72,
-+	0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739,
-+	0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e,
-+	0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91,
-+	0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a,
-+	0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17,
-+	0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9,
-+	0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60,
-+	0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e,
-+	0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1,
-+	0x31d7cadc,0x63421085,0x97134022,0xc6842011,
-+	0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1,
-+	0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3,
-+	0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264,
-+	0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90,
-+	0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b,
-+	0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf,
-+	0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246,
-+	0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af,
-+	0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312,
-+	0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb,
-+	0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a,
-+	0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8,
-+	0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c,
-+	0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066,
-+	0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8,
-+	0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6,
-+	0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04,
-+	0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51,
-+	0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41,
-+	0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347,
-+	0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c,
-+	0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1,
-+	0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37,
-+	0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db,
-+	0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40,
-+	0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195,
-+	0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1,
-+	0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257,
-+      },{ /* Before: itable[3] */
-+	0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27,
-+	0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3,
-+	0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02,
-+	0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362,
-+	0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe,
-+	0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3,
-+	0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952,
-+	0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9,
-+	0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9,
-+	0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace,
-+	0x63184adf,0xe582311a,0x97603351,0x62457f53,
-+	0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08,
-+	0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b,
-+	0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55,
-+	0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837,
-+	0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216,
-+	0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269,
-+	0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6,
-+	0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6,
-+	0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e,
-+	0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6,
-+	0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550,
-+	0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9,
-+	0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8,
-+	0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000,
-+	0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a,
-+	0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d,
-+	0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36,
-+	0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b,
-+	0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12,
-+	0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b,
-+	0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e,
-+	0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f,
-+	0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb,
-+	0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4,
-+	0xd7cadc31,0x42108563,0x13402297,0x842011c6,
-+	0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129,
-+	0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1,
-+	0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9,
-+	0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033,
-+	0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4,
-+	0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad,
-+	0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e,
-+	0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3,
-+	0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225,
-+	0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b,
-+	0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f,
-+	0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815,
-+	0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0,
-+	0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2,
-+	0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7,
-+	0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691,
-+	0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496,
-+	0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165,
-+	0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b,
-+	0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6,
-+	0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13,
-+	0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147,
-+	0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7,
-+	0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44,
-+	0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3,
-+	0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d,
-+	0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156,
-+	0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8,
-+      },
-+#endif /* !AES_SMALL */
-+    }
-+  };
-Index: nettle-3.7.3/aes-decrypt.c
-===================================================================
---- nettle-3.7.3.orig/aes-decrypt.c
-+++ nettle-3.7.3/aes-decrypt.c
-@@ -35,316 +35,10 @@
- # include "config.h"
- #endif
- 
--#include <assert.h>
- #include <stdlib.h>
- 
- #include "aes-internal.h"
- 
--static const struct aes_table
--_aes_decrypt_table =
--  { /* isbox */
--    {
--      0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
--      0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
--      0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
--      0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
--      0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
--      0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
--      0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
--      0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
--      0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
--      0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
--      0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
--      0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
--      0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
--      0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
--      0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
--      0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
--      0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
--      0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
--      0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
--      0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
--      0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
--      0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
--      0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
--      0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
--      0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
--      0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
--      0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
--      0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
--      0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
--      0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
--      0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
--      0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d,
--    },
--    { /* itable */
--      { 
--	0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,
--	0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b,
--	0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
--	0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,
--	0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d,
--	0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
--	0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,
--	0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e,
--	0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
--	0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,
--	0x184adf63,0x82311ae5,0x60335197,0x457f5362,
--	0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
--	0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,
--	0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566,
--	0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3,
--	0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,
--	0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e,
--	0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
--	0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,
--	0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd,
--	0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
--	0xb58d5491,0x055dc471,0x6fd40604,0xff155060,
--	0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967,
--	0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
--	0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000,
--	0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c,
--	0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
--	0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,
--	0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b,
--	0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
--	0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,
--	0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14,
--	0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
--	0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,
--	0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8,
--	0xcadc31d7,0x10856342,0x40229713,0x2011c684,
--	0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,
--	0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177,
--	0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
--	0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,
--	0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498,
--	0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
--	0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54,
--	0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382,
--	0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
--	0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,
--	0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83,
--	0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef,
--	0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,
--	0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235,
--	0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
--	0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117,
--	0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4,
--	0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
--	0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,
--	0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d,
--	0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
--	0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,
--	0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773,
--	0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
--	0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,
--	0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff,
--	0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
--	0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0,
--      },
--#if !AES_SMALL
--      { /* Before: itable[1] */
--	0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96,
--	0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93,
--	0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525,
--	0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f,
--	0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1,
--	0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6,
--	0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da,
--	0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44,
--	0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd,
--	0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4,
--	0x4adf6318,0x311ae582,0x33519760,0x7f536245,
--	0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994,
--	0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7,
--	0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a,
--	0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5,
--	0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c,
--	0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1,
--	0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a,
--	0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475,
--	0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51,
--	0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46,
--	0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff,
--	0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777,
--	0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db,
--	0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000,
--	0x86800983,0xed2b3248,0x70111eac,0x725a6c4e,
--	0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627,
--	0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a,
--	0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e,
--	0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16,
--	0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d,
--	0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8,
--	0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd,
--	0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34,
--	0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863,
--	0xdc31d7ca,0x85634210,0x22971340,0x11c68420,
--	0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d,
--	0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0,
--	0x16b32b6c,0xb970a999,0x489411fa,0x64e94722,
--	0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef,
--	0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836,
--	0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4,
--	0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462,
--	0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5,
--	0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3,
--	0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b,
--	0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8,
--	0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6,
--	0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6,
--	0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0,
--	0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315,
--	0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f,
--	0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df,
--	0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f,
--	0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e,
--	0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13,
--	0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89,
--	0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c,
--	0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf,
--	0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886,
--	0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f,
--	0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41,
--	0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490,
--	0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042,
--      },{ /* Before: itable[2] */
--	0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e,
--	0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303,
--	0x302055fa,0x76adf66d,0xcc889176,0x02f5254c,
--	0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3,
--	0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0,
--	0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9,
--	0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59,
--	0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8,
--	0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71,
--	0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a,
--	0xdf63184a,0x1ae58231,0x51976033,0x5362457f,
--	0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b,
--	0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8,
--	0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab,
--	0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508,
--	0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82,
--	0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2,
--	0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe,
--	0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb,
--	0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110,
--	0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd,
--	0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15,
--	0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e,
--	0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee,
--	0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000,
--	0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72,
--	0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739,
--	0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e,
--	0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91,
--	0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a,
--	0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17,
--	0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9,
--	0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60,
--	0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e,
--	0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1,
--	0x31d7cadc,0x63421085,0x97134022,0xc6842011,
--	0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1,
--	0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3,
--	0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264,
--	0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90,
--	0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b,
--	0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf,
--	0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246,
--	0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af,
--	0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312,
--	0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb,
--	0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a,
--	0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8,
--	0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c,
--	0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066,
--	0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8,
--	0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6,
--	0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04,
--	0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51,
--	0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41,
--	0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347,
--	0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c,
--	0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1,
--	0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37,
--	0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db,
--	0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40,
--	0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195,
--	0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1,
--	0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257,
--      },{ /* Before: itable[3] */
--	0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27,
--	0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3,
--	0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02,
--	0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362,
--	0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe,
--	0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3,
--	0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952,
--	0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9,
--	0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9,
--	0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace,
--	0x63184adf,0xe582311a,0x97603351,0x62457f53,
--	0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08,
--	0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b,
--	0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55,
--	0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837,
--	0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216,
--	0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269,
--	0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6,
--	0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6,
--	0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e,
--	0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6,
--	0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550,
--	0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9,
--	0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8,
--	0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000,
--	0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a,
--	0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d,
--	0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36,
--	0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b,
--	0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12,
--	0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b,
--	0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e,
--	0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f,
--	0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb,
--	0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4,
--	0xd7cadc31,0x42108563,0x13402297,0x842011c6,
--	0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129,
--	0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1,
--	0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9,
--	0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033,
--	0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4,
--	0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad,
--	0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e,
--	0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3,
--	0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225,
--	0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b,
--	0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f,
--	0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815,
--	0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0,
--	0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2,
--	0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7,
--	0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691,
--	0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496,
--	0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165,
--	0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b,
--	0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6,
--	0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13,
--	0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147,
--	0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7,
--	0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44,
--	0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3,
--	0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d,
--	0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156,
--	0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8,
--      },
--#endif /* !AES_SMALL */  
--    }
--  };
--
- void
- aes_decrypt(const struct aes_ctx *ctx,
- 	    size_t length, uint8_t *dst,
-@@ -364,33 +58,3 @@ aes_decrypt(const struct aes_ctx *ctx,
-       break;
-     }
- }
--
--void
--aes128_decrypt(const struct aes128_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_aes_decrypt_table,
--		      length, dst, src);
--}
--
--void
--aes192_decrypt(const struct aes192_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_aes_decrypt_table,
--		      length, dst, src);
--}
--
--void
--aes256_decrypt(const struct aes256_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_aes_decrypt_table,
--		      length, dst, src);
--}
-Index: nettle-3.7.3/aes-encrypt.c
-===================================================================
---- nettle-3.7.3.orig/aes-encrypt.c
-+++ nettle-3.7.3/aes-encrypt.c
-@@ -35,7 +35,6 @@
- # include "config.h"
- #endif
- 
--#include <assert.h>
- #include <stdlib.h>
- 
- #include "aes-internal.h"
-@@ -62,33 +61,3 @@ aes_encrypt(const struct aes_ctx *ctx,
-       break;
-     }
- }
--
--void
--aes128_encrypt(const struct aes128_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
--		      length, dst, src);
--}
--
--void
--aes192_encrypt(const struct aes192_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
--		      length, dst, src);
--}
--
--void
--aes256_encrypt(const struct aes256_ctx *ctx,
--	       size_t length, uint8_t *dst,
--	       const uint8_t *src)
--{
--  assert(!(length % AES_BLOCK_SIZE) );
--  _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
--		      length, dst, src);
--}
-Index: nettle-3.7.3/aes-internal.h
-===================================================================
---- nettle-3.7.3.orig/aes-internal.h
-+++ nettle-3.7.3/aes-internal.h
-@@ -96,9 +96,8 @@ _nettle_aes_decrypt(unsigned rounds, con
-   | ((uint32_t) T->sbox[ B2(w2) ] << 16)		\
-   | ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k))
-      
--/* Globally visible so that the same sbox table can be used by aes_set_encrypt_key */
--
- extern const struct aes_table _nettle_aes_encrypt_table;
- #define aes_sbox (_nettle_aes_encrypt_table.sbox)
-+extern const struct aes_table _nettle_aes_decrypt_table;
- 
- #endif /* NETTLE_AES_INTERNAL_H_INCLUDED */
-Index: nettle-3.7.3/aes128-decrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes128-decrypt.c
-@@ -0,0 +1,59 @@
-+/* aes128-decrypt.c
-+
-+   Decryption function for aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes128_decrypt
-+void
-+_nettle_aes128_decrypt_c(const struct aes128_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes128_decrypt _nettle_aes128_decrypt_c
-+#endif
-+
-+void
-+nettle_aes128_decrypt(const struct aes128_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/aes128-encrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes128-encrypt.c
-@@ -0,0 +1,59 @@
-+/* aes128-encrypt.c
-+
-+   Encryption function for the aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes128_encrypt
-+void
-+_nettle_aes128_encrypt_c(const struct aes128_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes128_encrypt _nettle_aes128_encrypt_c
-+#endif
-+
-+void
-+nettle_aes128_encrypt(const struct aes128_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/aes192-decrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes192-decrypt.c
-@@ -0,0 +1,59 @@
-+/* aes192-decrypt.c
-+
-+   Decryption function for aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes192_decrypt
-+void
-+_nettle_aes192_decrypt_c(const struct aes192_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes192_decrypt _nettle_aes192_decrypt_c
-+#endif
-+
-+void
-+nettle_aes192_decrypt(const struct aes192_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/aes192-encrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes192-encrypt.c
-@@ -0,0 +1,59 @@
-+/* aes192-encrypt.c
-+
-+   Encryption function for the aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes192_encrypt
-+void
-+_nettle_aes192_encrypt_c(const struct aes192_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes192_encrypt _nettle_aes192_encrypt_c
-+#endif
-+
-+void
-+nettle_aes192_encrypt(const struct aes192_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/aes256-decrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes256-decrypt.c
-@@ -0,0 +1,59 @@
-+/* aes256-decrypt.c
-+
-+   Decryption function for aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes256_decrypt
-+void
-+_nettle_aes256_decrypt_c(const struct aes256_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes256_decrypt _nettle_aes256_decrypt_c
-+#endif
-+
-+void
-+nettle_aes256_decrypt(const struct aes256_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/aes256-encrypt.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/aes256-encrypt.c
-@@ -0,0 +1,59 @@
-+/* aes256-encrypt.c
-+
-+   Encryption function for the aes/rijndael block cipher.
-+
-+   Copyright (C) 2002, 2013 Niels Möller
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "aes-internal.h"
-+
-+/* For fat builds */
-+#if HAVE_NATIVE_aes256_encrypt
-+void
-+_nettle_aes256_encrypt_c(const struct aes256_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+# define nettle_aes256_encrypt _nettle_aes256_encrypt_c
-+#endif
-+
-+void
-+nettle_aes256_encrypt(const struct aes256_ctx *ctx,
-+	       size_t length, uint8_t *dst,
-+	       const uint8_t *src)
-+{
-+  assert(!(length % AES_BLOCK_SIZE) );
-+  _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
-+		      length, dst, src);
-+}
-Index: nettle-3.7.3/s390x/machine.m4
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/machine.m4
-@@ -0,0 +1,38 @@
-+C Register usage:
-+define(`RA', `%r14') C Return address
-+define(`SP', `%r15') C Stack pointer
-+
-+define(`STANDARD_STACK_FRAME',`160')
-+
-+C Dynamic stack space allocation
-+C AP is a general register to which the allocated space is assigned
-+C SPACE_LEN is the length of space, must be a multiple of 8
-+C FREE_STACK macro can be used to free the allocated space
-+C ALLOC_STACK(AP, SPACE_LEN)
-+define(`ALLOC_STACK',
-+`lgr            $1,SP
-+    aghi           SP,-(STANDARD_STACK_FRAME+$2)
-+    stg            $1,0(SP)
-+    la             $1,STANDARD_STACK_FRAME (SP)')
-+
-+C Free allocated stack space
-+C FREE_STACK(SPACE_LEN)
-+define(`FREE_STACK',
-+`aghi           SP,STANDARD_STACK_FRAME+$1')
-+
-+C XOR contents of two areas in storage with specific length
-+C DST: The destination area of storage
-+C SRC: The source area of storage
-+C LEN: The length of storage area. LEN <= 256
-+C TMP_ADDR: A temporary register that handles the XOR instrcution address
-+C All parameters are general registers and cannot be assigned to
-+C general register 0
-+C XOR_LEN(DST, SRC, LEN, TMP_ADDR)
-+define(`XOR_LEN',
-+`larl           $4,18f
-+    aghi           $3,-1
-+    jm             19f
-+    ex             $3,0($4)
-+    j              19f
-+18: xc             0(1,$1),0($2)
-+19:')
-Index: nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x1/aes128-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-128 function.
-+C The parameter block used for the KM-AES-128 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (16 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes128-decrypt.asm"
-+
-+.text
-+
-+C void
-+C aes128_decrypt(const struct aes128_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes128_decrypt)
-+    lghi           %r0,128|18                    C KM function code (KM-AES-128), enable modifier bit to perform decryption operation
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-15 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes128_decrypt)
-Index: nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x1/aes128-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-128 function.
-+C The parameter block used for the KM-AES-128 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (16 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes128-encrypt.asm"
-+
-+.text
-+
-+C void
-+C aes128_encrypt(const struct aes128_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes128_encrypt)
-+    lghi           %r0,18                        C KM function code (KM-AES-128)
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-15 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes128_encrypt)
-Index: nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm
-@@ -0,0 +1,52 @@
-+C s390x/msa_x1/aes128-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes128-set-decrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes128_invert_key(struct aes128_ctx *dst, const struct aes128_ctx *src)
-+
-+PROLOGUE(nettle_aes128_invert_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(16,%r2),0(%r3)              C copy Cryptographic Key (16 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes128_invert_key)
-+
-+C void
-+C aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes128_set_decrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(16,%r2),0(%r3)              C copy Cryptographic Key (16 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes128_set_decrypt_key)
-Index: nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm
-@@ -0,0 +1,43 @@
-+C s390x/msa_x1/aes128-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes128-set-encrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes128_set_encrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(16,%r2),0(%r3)              C copy Cryptographic Key (16 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes128_set_encrypt_key)
-Index: nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x2/aes192-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-192 function.
-+C The parameter block used for the KM-AES-192 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (24 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes192-decrypt.asm"
-+
-+.text
-+
-+C void
-+C aes192_decrypt(const struct aes192_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes192_decrypt)
-+    lghi           %r0,128|19                    C KM function code (KM-AES-192), enable modifier bit to perform decryption operation
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-23 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes192_decrypt)
-Index: nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x2/aes192-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-192 function.
-+C The parameter block used for the KM-AES-192 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (24 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes192-encrypt.asm"
-+
-+.text
-+
-+C void
-+C aes192_encrypt(const struct aes192_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes192_encrypt)
-+    lghi           %r0,19                        C KM function code (KM-AES-192)
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-23 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes192_encrypt)
-Index: nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm
-@@ -0,0 +1,52 @@
-+C s390x/msa_x2/aes192-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes192-set-decrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes192_invert_key(struct aes192_ctx *dst, const struct aes192_ctx *src)
-+
-+PROLOGUE(nettle_aes192_invert_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(24,%r2),0(%r3)              C copy Cryptographic Key (24 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes192_invert_key)
-+
-+C void
-+C aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes192_set_decrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(24,%r2),0(%r3)              C copy Cryptographic Key (24 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes192_set_decrypt_key)
-Index: nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm
-@@ -0,0 +1,43 @@
-+C s390x/msa_x2/aes192-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes192-set-encrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes192_set_encrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(24,%r2),0(%r3)              C copy Cryptographic Key (24 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes192_set_encrypt_key)
-Index: nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x2/aes256-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-256 function.
-+C The parameter block used for the KM-AES-256 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (32 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes256-decrypt.asm"
-+
-+.text
-+
-+C void
-+C aes256_decrypt(const struct aes256_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes256_decrypt)
-+    lghi           %r0,128|20                    C KM function code (KM-AES-256), enable modifier bit to perform decryption operation
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-31 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes256_decrypt)
-Index: nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm
-@@ -0,0 +1,60 @@
-+C s390x/msa_x2/aes256-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C The second operand is ciphered as specified by the function code using a cryptographic
-+C key in the parameter block, and the result is placed in the first-operand location.
-+
-+C This implementation uses KM-AES-256 function.
-+C The parameter block used for the KM-AES-256 function has the following format:
-+C *----------------------------------------------*
-+C |         Cryptographic Key (32 bytes)         |
-+C *----------------------------------------------*
-+
-+.file "aes256-encrypt.asm"
-+
-+.text
-+
-+C void
-+C aes256_encrypt(const struct aes256_ctx *ctx,
-+C                size_t length, uint8_t *dst,
-+C                const uint8_t *src)
-+
-+PROLOGUE(nettle_aes256_encrypt)
-+    lghi           %r0,20                        C KM function code (KM-AES-256)
-+    lgr            %r1,%r2                       C parameter block: byte offsets 0-31 Cryptographic Key
-+    lgr            %r2,%r5
-+1:  .long   0xb92e0042                           C km %r4,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    br             RA
-+EPILOGUE(nettle_aes256_encrypt)
-Index: nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm
-@@ -0,0 +1,52 @@
-+C s390x/msa_x2/aes256-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes256-set-decrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes256_invert_key(struct aes256_ctx *dst, const struct aes256_ctx *src)
-+
-+PROLOGUE(nettle_aes256_invert_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(32,%r2),0(%r3)              C copy Cryptographic Key (32 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes256_invert_key)
-+
-+C void
-+C aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes256_set_decrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(32,%r2),0(%r3)              C copy Cryptographic Key (32 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes256_set_decrypt_key)
-Index: nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm
-@@ -0,0 +1,43 @@
-+C s390x/msa_x2/aes256-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "aes256-set-encrypt-key.asm"
-+
-+.text
-+
-+C void
-+C aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
-+
-+PROLOGUE(nettle_aes256_set_encrypt_key)
-+    C AES cipher functions only need the raw cryptographic key so just copy it to AES context
-+    mvc            0(32,%r2),0(%r3)              C copy Cryptographic Key (32 bytes)
-+    br             RA
-+EPILOGUE(nettle_aes256_set_encrypt_key)
-Index: nettle-3.7.3/s390x/msa_x4/gcm-hash.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x4/gcm-hash.asm
-@@ -0,0 +1,99 @@
-+C s390x/msa_x4/gcm-hash.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
-+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C the second operand is processed as specified by the function code using an initial chaining value in
-+C the parameter block, and the result replaces the chaining value.
-+
-+C This implementation uses KIMD-GHASH function.
-+C The parameter block used for the KIMD-GHASH function has the following format:
-+C *----------------------------------------------*
-+C |       Initial Chaining Value (16 bytes)      |
-+C |----------------------------------------------|
-+C |            Hash Subkey (16 bytes)            |
-+C *----------------------------------------------*
-+
-+C Size of parameter block
-+define(`PB_SIZE', `32')
-+
-+C gcm_set_key() assigns H value in the middle element of the table
-+define(`H_idx', `128*16')
-+
-+.file "gcm-hash.asm"
-+
-+.text
-+
-+C void gcm_init_key (union gcm_block *table)
-+
-+PROLOGUE(_nettle_gcm_init_key)
-+    C Except for Hash Subkey (H), KIMD-GHASH does not need any pre-computed values so just return to the caller.
-+    br             RA
-+EPILOGUE(_nettle_gcm_init_key)
-+
-+C void gcm_hash (const struct gcm_key *key, union gcm_block *x,
-+C                size_t length, const uint8_t *data)
-+
-+PROLOGUE(_nettle_gcm_hash)
-+    ldgr           %f0,%r6                       C load non-volatile general register 6 into volatile float-point register 0
-+    C --- allocate a stack space for parameter block in addition to 16-byte buffer to handle leftover bytes ---
-+    ALLOC_STACK(%r1,PB_SIZE+16)                  C parameter block (must be general register 1)
-+    lgr            %r6,%r3
-+    mvc            0(16,%r1),0(%r3)              C copy x Initial Chaining Value field
-+    mvc            16(16,%r1),H_idx (%r2)        C copy H to Hash Subkey field
-+    lghi           %r0,65                        C GHASH function code (must be general register 0)
-+    lgr            %r2,%r5                       C location of leftmost byte of data (must not be odd-numbered general register nor be general register 0)
-+    C number of bytes (must be general register of data + 1). length must be a multiple of the data block size (16).
-+    risbg          %r3,%r4,0,187,0               C Insert bit offsets 0-59, bit offset 0 of the fourth operand is set to clear the remaining bits.
-+1:  .long   0xb93e0002                           C kimd %r0,%r2
-+    brc            1,1b                          C safely branch back in case of partial completion
-+    C --- handle leftovers ---
-+    risbg          %r5,%r4,60,191,0              C Insert bit offsets 60-63 and clear the remaining bits.
-+    jz             4f
-+    lgr            %r4,%r2
-+    C --- copy the leftovers to allocated stack buffer and pad the remaining bytes with zero ---
-+    la             %r2,PB_SIZE (%r1)
-+    lghi           %r3,16
-+2:  mvcle          %r2,%r4,0
-+    brc            1,2b
-+    aghi           %r2,-16
-+    aghi           %r3,16
-+3:  .long   0xb93e0002                           C kimd %r0,%r2
-+    brc            1,3b                          C safely branch back in case of partial completion
-+4:
-+    mvc            0(16,%r6),0(%r1)              C store x
-+    xc             0(PB_SIZE+16,%r1),0(%r1)      C wipe parameter block content and leftover bytes of data from stack
-+    FREE_STACK(PB_SIZE+16)
-+    lgdr           %r6,%f0                       C restore general register 6
-+    br             RA
-+EPILOGUE(_nettle_gcm_hash)
-Index: nettle-3.7.3/aes128-set-decrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes128-set-decrypt-key.c
-+++ nettle-3.7.3/aes128-set-decrypt-key.c
-@@ -40,14 +40,28 @@
- #include "aes-internal.h"
- #include "macros.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes128_invert_key
- void
--aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src)
-+_nettle_aes128_invert_key_c(struct aes128_ctx *dst,
-+		  const struct aes128_ctx *src);
-+# define nettle_aes128_invert_key _nettle_aes128_invert_key_c
-+#endif
-+
-+#if HAVE_NATIVE_aes128_set_decrypt_key
-+void
-+_nettle_aes128_set_decrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key);
-+# define nettle_aes128_set_decrypt_key _nettle_aes128_set_decrypt_key_c
-+#endif
-+
-+void
-+nettle_aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src)
- {
-   _nettle_aes_invert (_AES128_ROUNDS, dst->keys, src->keys);
- }
- 
- void
--aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
-+nettle_aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
- {
-   aes128_set_encrypt_key (ctx, key);
-   aes128_invert_key (ctx, ctx);
-Index: nettle-3.7.3/aes128-set-encrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes128-set-encrypt-key.c
-+++ nettle-3.7.3/aes128-set-encrypt-key.c
-@@ -37,8 +37,15 @@
- 
- #include "aes-internal.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes128_set_encrypt_key
- void
--aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
-+_nettle_aes128_set_encrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key);
-+# define nettle_aes128_set_encrypt_key _nettle_aes128_set_encrypt_key_c
-+#endif
-+
-+void
-+nettle_aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
- {
-   _nettle_aes_set_key (_AES128_ROUNDS, AES128_KEY_SIZE / 4, ctx->keys, key);
- }
-Index: nettle-3.7.3/aes192-set-decrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes192-set-decrypt-key.c
-+++ nettle-3.7.3/aes192-set-decrypt-key.c
-@@ -38,14 +38,28 @@
- #include "aes-internal.h"
- #include "macros.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes192_invert_key
- void
--aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src)
-+_nettle_aes192_invert_key_c(struct aes192_ctx *dst,
-+		  const struct aes192_ctx *src);
-+# define nettle_aes192_invert_key _nettle_aes192_invert_key_c
-+#endif
-+
-+#if HAVE_NATIVE_aes192_set_decrypt_key
-+void
-+_nettle_aes192_set_decrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key);
-+# define nettle_aes192_set_decrypt_key _nettle_aes192_set_decrypt_key_c
-+#endif
-+
-+void
-+nettle_aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src)
- {
-   _nettle_aes_invert (_AES192_ROUNDS, dst->keys, src->keys);
- }
- 
- void
--aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
-+nettle_aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
- {
-   aes192_set_encrypt_key (ctx, key);
-   aes192_invert_key (ctx, ctx);
-Index: nettle-3.7.3/aes192-set-encrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes192-set-encrypt-key.c
-+++ nettle-3.7.3/aes192-set-encrypt-key.c
-@@ -37,8 +37,15 @@
- 
- #include "aes-internal.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes192_set_encrypt_key
- void
--aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
-+_nettle_aes192_set_encrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key);
-+# define nettle_aes192_set_encrypt_key _nettle_aes192_set_encrypt_key_c
-+#endif
-+
-+void
-+nettle_aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
- {
-   _nettle_aes_set_key (_AES192_ROUNDS, AES192_KEY_SIZE / 4, ctx->keys, key);
- }
-Index: nettle-3.7.3/aes256-set-decrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes256-set-decrypt-key.c
-+++ nettle-3.7.3/aes256-set-decrypt-key.c
-@@ -38,14 +38,28 @@
- #include "aes-internal.h"
- #include "macros.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes256_invert_key
- void
--aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src)
-+_nettle_aes256_invert_key_c(struct aes256_ctx *dst,
-+		  const struct aes256_ctx *src);
-+# define nettle_aes256_invert_key _nettle_aes256_invert_key_c
-+#endif
-+
-+#if HAVE_NATIVE_aes256_set_decrypt_key
-+void
-+_nettle_aes256_set_decrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key);
-+# define nettle_aes256_set_decrypt_key _nettle_aes256_set_decrypt_key_c
-+#endif
-+
-+void
-+nettle_aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src)
- {
-   _nettle_aes_invert (_AES256_ROUNDS, dst->keys, src->keys);
- }
- 
- void
--aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
-+nettle_aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
- {
-   aes256_set_encrypt_key (ctx, key);
-   aes256_invert_key (ctx, ctx);
-Index: nettle-3.7.3/aes256-set-encrypt-key.c
-===================================================================
---- nettle-3.7.3.orig/aes256-set-encrypt-key.c
-+++ nettle-3.7.3/aes256-set-encrypt-key.c
-@@ -37,8 +37,15 @@
- 
- #include "aes-internal.h"
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_aes256_set_encrypt_key
- void
--aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
-+_nettle_aes256_set_encrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key);
-+# define nettle_aes256_set_encrypt_key _nettle_aes256_set_encrypt_key_c
-+#endif
-+
-+void
-+nettle_aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
- {
-   _nettle_aes_set_key (_AES256_ROUNDS, AES256_KEY_SIZE / 4, ctx->keys, key);
- }
-Index: nettle-3.7.3/fat-s390x.c
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/fat-s390x.c
-@@ -0,0 +1,485 @@
-+/* fat-s390x.c
-+
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+*/
-+
-+#define _GNU_SOURCE
-+
-+#if HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
-+#include <assert.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-+# if __GLIBC_PREREQ(2, 16)
-+#  define USE_GETAUXVAL 1
-+#  include <sys/auxv.h>
-+# endif
-+#endif
-+
-+#include "nettle-types.h"
-+
-+#include "memxor.h"
-+#include "aes.h"
-+#include "gcm.h"
-+#include "gcm-internal.h"
-+#include "fat-setup.h"
-+
-+/* Max number of doublewords returned by STFLE */
-+#define FACILITY_DOUBLEWORDS_MAX 3
-+#define FACILITY_INDEX(bit) ((bit) / 64)
-+/* STFLE and cipher query store doublewords as bit-reversed.
-+   reverse facility bit or function code in doubleword */
-+#define FACILITY_BIT(bit) (1ULL << (63 - (bit) % 64))
-+
-+/* Define from arch/s390/include/asm/elf.h in Linux kernel */
-+#ifndef HWCAP_S390_STFLE
-+#define HWCAP_S390_STFLE 4
-+#endif
-+
-+/* Facility bits */
-+#define FAC_VF 129      /* vector facility */
-+#define FAC_MSA 17      /* message-security assist */
-+#define FAC_MSA_X4 77   /* message-security-assist extension 4 */
-+
-+/* Function codes */
-+#define AES_128_CODE 18
-+#define AES_192_CODE 19
-+#define AES_256_CODE 20
-+#define SHA_1_CODE 1
-+#define SHA_256_CODE 2
-+#define SHA_512_CODE 3
-+#define GHASH_CODE 65
-+
-+struct s390x_features
-+{
-+  int have_vector_facility;
-+  int have_km_aes128;
-+  int have_km_aes192;
-+  int have_km_aes256;
-+  int have_kimd_sha_1;
-+  int have_kimd_sha_256;
-+  int have_kimd_sha_512;
-+  int have_kimd_ghash;
-+};
-+
-+void _nettle_stfle(uint64_t *facility, uint64_t facility_size);
-+void _nettle_km_status(uint64_t *status);
-+void _nettle_kimd_status(uint64_t *status);
-+
-+#define MATCH(s, slen, literal, llen) \
-+  ((slen) == (llen) && memcmp ((s), (literal), llen) == 0)
-+
-+static void
-+get_s390x_features (struct s390x_features *features)
-+{
-+  features->have_vector_facility = 0;
-+  features->have_km_aes128 = 0;
-+  features->have_km_aes192 = 0;
-+  features->have_km_aes256 = 0;
-+  features->have_kimd_sha_1 = 0;
-+  features->have_kimd_sha_256 = 0;
-+  features->have_kimd_sha_512 = 0;
-+  features->have_kimd_ghash = 0;
-+
-+  const char *s = secure_getenv (ENV_OVERRIDE);
-+  if (s)
-+    for (;;)
-+    {
-+      const char *sep = strchr (s, ',');
-+      size_t length = sep ? (size_t) (sep - s) : strlen(s);
-+
-+      if (MATCH (s, length, "vf", 2))
-+        features->have_vector_facility = 1;
-+      else if (MATCH (s, length, "msa", 3))
-+        features->have_kimd_sha_1 = 1;
-+      else if (MATCH (s, length, "msa_x1", 6))
-+      {
-+        features->have_km_aes128 = 1;
-+        features->have_kimd_sha_256 = 1;
-+      }
-+      else if (MATCH (s, length, "msa_x2", 6))
-+      {
-+        features->have_km_aes192 = 1;
-+        features->have_km_aes256 = 1;
-+        features->have_kimd_sha_512 = 1;
-+      }
-+      else if (MATCH (s, length, "msa_x4", 6))
-+        features->have_kimd_ghash = 1;
-+      if (!sep)
-+        break;
-+      s = sep + 1;
-+    }
-+  else
-+  {
-+#if USE_GETAUXVAL
-+    unsigned long hwcap = getauxval(AT_HWCAP);
-+    if (hwcap & HWCAP_S390_STFLE)
-+    {
-+      uint64_t facilities[FACILITY_DOUBLEWORDS_MAX] = {0};
-+      _nettle_stfle(facilities, FACILITY_DOUBLEWORDS_MAX);
-+
-+      if (facilities[FACILITY_INDEX(FAC_VF)] & FACILITY_BIT(FAC_VF))
-+        features->have_vector_facility = 1;
-+
-+      if (facilities[FACILITY_INDEX(FAC_MSA)] & FACILITY_BIT(FAC_MSA))
-+      {
-+        uint64_t query_status[2] = {0};
-+        _nettle_km_status(query_status);
-+        if (query_status[FACILITY_INDEX(AES_128_CODE)] & FACILITY_BIT(AES_128_CODE))
-+          features->have_km_aes128 = 1;
-+        if (query_status[FACILITY_INDEX(AES_192_CODE)] & FACILITY_BIT(AES_192_CODE))
-+          features->have_km_aes192 = 1;
-+        if (query_status[FACILITY_INDEX(AES_256_CODE)] & FACILITY_BIT(AES_256_CODE))
-+          features->have_km_aes256 = 1;
-+        
-+        memset(query_status, 0, sizeof(query_status));
-+        _nettle_kimd_status(query_status);
-+        if (query_status[FACILITY_INDEX(SHA_1_CODE)] & FACILITY_BIT(SHA_1_CODE))
-+          features->have_kimd_sha_1 = 1;
-+        if (query_status[FACILITY_INDEX(SHA_256_CODE)] & FACILITY_BIT(SHA_256_CODE))
-+          features->have_kimd_sha_256 = 1;
-+        if (query_status[FACILITY_INDEX(SHA_512_CODE)] & FACILITY_BIT(SHA_512_CODE))
-+          features->have_kimd_sha_512 = 1;
-+      }
-+
-+      if (facilities[FACILITY_INDEX(FAC_MSA_X4)] & FACILITY_BIT(FAC_MSA_X4))
-+      {
-+        uint64_t query_status[2] = {0};
-+        _nettle_kimd_status(query_status);
-+        if (query_status[FACILITY_INDEX(GHASH_CODE)] & FACILITY_BIT(GHASH_CODE))
-+          features->have_kimd_ghash = 1;
-+      }
-+    }
-+#endif
-+  }
-+}
-+
-+/* MEMXOR3 */
-+DECLARE_FAT_FUNC(nettle_memxor3, memxor3_func)
-+DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, c)
-+DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, s390x)
-+
-+/* AES128 */
-+DECLARE_FAT_FUNC(nettle_aes128_set_encrypt_key, aes128_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes128_set_decrypt_key, aes128_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes128_invert_key, aes128_invert_key_func)
-+DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, s390x)
-+
-+/* AES192 */
-+DECLARE_FAT_FUNC(nettle_aes192_set_encrypt_key, aes192_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes192_set_decrypt_key, aes192_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes192_invert_key, aes192_invert_key_func)
-+DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, s390x)
-+
-+/* AES256 */
-+DECLARE_FAT_FUNC(nettle_aes256_set_encrypt_key, aes256_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes256_set_decrypt_key, aes256_set_key_func)
-+DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes256_invert_key, aes256_invert_key_func)
-+DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, s390x)
-+DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func)
-+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c)
-+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, s390x)
-+
-+/* GHASH */
-+#if GCM_TABLE_BITS == 8
-+DECLARE_FAT_FUNC(_nettle_gcm_init_key, gcm_init_key_func)
-+DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, c)
-+DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, s390x)
-+
-+DECLARE_FAT_FUNC(_nettle_gcm_hash, gcm_hash_func)
-+DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, c)
-+DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, s390x)
-+#endif /* GCM_TABLE_BITS == 8 */
-+
-+DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func)
-+DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c)
-+DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, s390x)
-+
-+DECLARE_FAT_FUNC(_nettle_sha256_compress, sha256_compress_func)
-+DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, c)
-+DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, s390x)
-+
-+DECLARE_FAT_FUNC(_nettle_sha512_compress, sha512_compress_func)
-+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, c)
-+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, s390x)
-+
-+static void CONSTRUCTOR
-+fat_init (void)
-+{
-+  struct s390x_features features;
-+  int verbose;
-+
-+  get_s390x_features (&features);
-+  verbose = getenv (ENV_VERBOSE) != NULL;
-+
-+  /* MEMXOR3 */
-+  if (features.have_vector_facility)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling vectorized memxor3.\n");
-+    nettle_memxor3_vec = _nettle_memxor3_s390x;
-+  }
-+  else
-+  {
-+    nettle_memxor3_vec = _nettle_memxor3_c;
-+  }
-+
-+  /* AES128 */
-+  if (features.have_km_aes128)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated AES128 EBC mode.\n");
-+    nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_s390x;
-+    nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_s390x;
-+    nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_s390x;
-+    nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_s390x;
-+    nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_s390x;
-+  }
-+  else
-+  {
-+    nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_c;
-+    nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_c;
-+    nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_c;
-+    nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c;
-+    nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c;
-+  }
-+
-+  /* AES192 */
-+  if (features.have_km_aes192)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated AES192 EBC mode.\n");
-+    nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_s390x;
-+    nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_s390x;
-+    nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_s390x;
-+    nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_s390x;
-+    nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_s390x;
-+  }
-+  else
-+  {
-+    nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_c;
-+    nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_c;
-+    nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_c;
-+    nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c;
-+    nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c;
-+  }
-+
-+  /* AES256 */
-+  if (features.have_km_aes256)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated AES256 EBC mode.\n");
-+    nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_s390x;
-+    nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_s390x;
-+    nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_s390x;
-+    nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_s390x;
-+    nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_s390x;
-+  }
-+  else
-+  {
-+    nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_c;
-+    nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_c;
-+    nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_c;
-+    nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c;
-+    nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c;
-+  }
-+
-+  /* GHASH */
-+  if (features.have_kimd_ghash)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated GHASH.\n");
-+    _nettle_gcm_init_key_vec = _nettle_gcm_init_key_s390x;
-+    _nettle_gcm_hash_vec = _nettle_gcm_hash_s390x;
-+  }
-+  else
-+  {
-+    _nettle_gcm_init_key_vec = _nettle_gcm_init_key_c;
-+    _nettle_gcm_hash_vec = _nettle_gcm_hash_c;
-+  }
-+
-+  /* SHA1 */
-+  if (features.have_kimd_sha_1)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated SHA1 compress code.\n");
-+    nettle_sha1_compress_vec = _nettle_sha1_compress_s390x;
-+  }
-+  else
-+  {
-+    nettle_sha1_compress_vec = _nettle_sha1_compress_c;
-+  }
-+
-+  /* SHA256 */
-+  if (features.have_kimd_sha_256)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated SHA256 compress code.\n");
-+    _nettle_sha256_compress_vec = _nettle_sha256_compress_s390x;
-+  }
-+  else
-+  {
-+    _nettle_sha256_compress_vec = _nettle_sha256_compress_c;
-+  }
-+
-+  /* SHA512 */
-+  if (features.have_kimd_sha_512)
-+  {
-+    if (verbose)
-+      fprintf (stderr, "libnettle: enabling hardware accelerated SHA512 compress code.\n");
-+    _nettle_sha512_compress_vec = _nettle_sha512_compress_s390x;
-+  }
-+  else
-+  {
-+    _nettle_sha512_compress_vec = _nettle_sha512_compress_c;
-+  }
-+}
-+
-+/* MEMXOR3 */
-+DEFINE_FAT_FUNC(nettle_memxor3, void *,
-+		(void *dst_in, const void *a_in, const void *b_in, size_t n),
-+		(dst_in, a_in, b_in, n))
-+
-+/* AES128 */
-+DEFINE_FAT_FUNC(nettle_aes128_set_encrypt_key, void,
-+ (struct aes128_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes128_set_decrypt_key, void,
-+ (struct aes128_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes128_invert_key, void,
-+ (struct aes128_ctx *dst, const struct aes128_ctx *src),
-+ (dst, src))
-+DEFINE_FAT_FUNC(nettle_aes128_encrypt, void,
-+ (const struct aes128_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes128_decrypt, void,
-+ (const struct aes128_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+
-+/* AES192 */
-+DEFINE_FAT_FUNC(nettle_aes192_set_encrypt_key, void,
-+ (struct aes192_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes192_set_decrypt_key, void,
-+ (struct aes192_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes192_invert_key, void,
-+ (struct aes192_ctx *dst, const struct aes192_ctx *src),
-+ (dst, src))
-+DEFINE_FAT_FUNC(nettle_aes192_encrypt, void,
-+ (const struct aes192_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes192_decrypt, void,
-+ (const struct aes192_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+
-+/* AES256 */
-+DEFINE_FAT_FUNC(nettle_aes256_set_encrypt_key, void,
-+ (struct aes256_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes256_set_decrypt_key, void,
-+ (struct aes256_ctx *ctx, const uint8_t *key),
-+ (ctx, key))
-+DEFINE_FAT_FUNC(nettle_aes256_invert_key, void,
-+ (struct aes256_ctx *dst, const struct aes256_ctx *src),
-+ (dst, src))
-+DEFINE_FAT_FUNC(nettle_aes256_encrypt, void,
-+ (const struct aes256_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
-+ (const struct aes256_ctx *ctx, size_t length,
-+  uint8_t *dst,const uint8_t *src),
-+ (ctx, length, dst, src))
-+
-+/* GHASH */
-+#if GCM_TABLE_BITS == 8
-+DEFINE_FAT_FUNC(_nettle_gcm_init_key, void,
-+		(union nettle_block16 *table),
-+		(table))
-+DEFINE_FAT_FUNC(_nettle_gcm_hash, void,
-+		(const struct gcm_key *key, union nettle_block16 *x,
-+		 size_t length, const uint8_t *data),
-+		(key, x, length, data))
-+#endif /* GCM_TABLE_BITS == 8 */
-+
-+/* SHA1 */
-+DEFINE_FAT_FUNC(nettle_sha1_compress, void,
-+		(uint32_t *state, const uint8_t *input),
-+		(state, input))
-+
-+/* SHA256 */
-+DEFINE_FAT_FUNC(_nettle_sha256_compress, void,
-+		(uint32_t *state, const uint8_t *input, const uint32_t *k),
-+		(state, input, k))
-+
-+/* SHA512 */
-+DEFINE_FAT_FUNC(_nettle_sha512_compress, void,
-+		(uint64_t *state, const uint8_t *input, const uint64_t *k),
-+		(state, input, k))
-Index: nettle-3.7.3/fat-setup.h
-===================================================================
---- nettle-3.7.3.orig/fat-setup.h
-+++ nettle-3.7.3/fat-setup.h
-@@ -157,6 +157,7 @@ struct salsa20_ctx;
- 
- typedef void void_func (void);
- 
-+struct aes_table;
- typedef void aes_crypt_internal_func (unsigned rounds, const uint32_t *keys,
- 				      const struct aes_table *T,
- 				      size_t length, uint8_t *dst,
-@@ -169,6 +170,7 @@ typedef void gcm_hash_func (const struct
- 			    size_t length, const uint8_t *data);
- 
- typedef void *(memxor_func)(void *dst, const void *src, size_t n);
-+typedef void *(memxor3_func)(void *dst_in, const void *a_in, const void *b_in, size_t n);
- 
- typedef void salsa20_core_func (uint32_t *dst, const uint32_t *src, unsigned rounds);
- typedef void salsa20_crypt_func (struct salsa20_ctx *ctx, unsigned rounds,
-@@ -193,3 +195,21 @@ typedef void chacha_crypt_func(struct ch
- 			       size_t length,
- 			       uint8_t *dst,
- 			       const uint8_t *src);
-+
-+struct aes128_ctx;
-+typedef void aes128_set_key_func (struct aes128_ctx *ctx, const uint8_t *key);
-+typedef void aes128_invert_key_func (struct aes128_ctx *dst, const struct aes128_ctx *src);
-+typedef void aes128_crypt_func (const struct aes128_ctx *ctx, size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+
-+struct aes192_ctx;
-+typedef void aes192_set_key_func (struct aes192_ctx *ctx, const uint8_t *key);
-+typedef void aes192_invert_key_func (struct aes192_ctx *dst, const struct aes192_ctx *src);
-+typedef void aes192_crypt_func (const struct aes192_ctx *ctx, size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-+
-+struct aes256_ctx;
-+typedef void aes256_set_key_func (struct aes256_ctx *ctx, const uint8_t *key);
-+typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256_ctx *src);
-+typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst,
-+	       const uint8_t *src);
-Index: nettle-3.7.3/s390x/fat/gcm-hash.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/gcm-hash.asm
-@@ -0,0 +1,38 @@
-+C s390x/fat/gcm-hash.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl picked up by configure
-+dnl PROLOGUE(_nettle_fat_gcm_init_key)
-+dnl PROLOGUE(_nettle_fat_gcm_hash)
-+
-+define(`fat_transform', `$1_s390x')
-+include_src(`s390x/msa_x4/gcm-hash.asm')
-Index: nettle-3.7.3/s390x/fat/cpu-facility.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/cpu-facility.asm
-@@ -0,0 +1,62 @@
-+C s390x/fat/cpu-facility.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "cpu-facility.asm"
-+
-+.text
-+
-+C void _nettle_stfle(uint64_t *facility, uint64_t facility_size)
-+
-+PROLOGUE(_nettle_stfle)
-+    lgr            %r0,%r3                       C facility_size
-+    aghi           %r0,-1                        C facility_size - 1
-+    .long          0xb2b02000                    C stfle 0(%r2)
-+    br             RA
-+EPILOGUE(_nettle_stfle)
-+
-+C void _nettle_km_status(uint64_t *status)
-+
-+PROLOGUE(_nettle_km_status)
-+    lghi           %r0,0                         C query code
-+    lgr            %r1,%r2                       C status
-+    .long          0xb92e0022                    C km %r2,%r2. Operands are ignored
-+    br             RA
-+EPILOGUE(_nettle_km_status)
-+
-+C void _nettle_kimd_status(uint64_t *status)
-+
-+PROLOGUE(_nettle_kimd_status)
-+    lghi           %r0,0                         C query code
-+    lgr            %r1,%r2                       C status
-+    .long          0xb93e0002                    C kimd %r0,%r2. Operands are ignored
-+    br             RA
-+EPILOGUE(_nettle_kimd_status)
-Index: nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes128-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x1/aes128-decrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes128-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x1/aes128-encrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm
-@@ -0,0 +1,38 @@
-+C s390x/fat/aes128-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl picked up by configure
-+dnl PROLOGUE(nettle_aes128_invert_key)
-+dnl PROLOGUE(nettle_aes128_set_decrypt_key)
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x1/aes128-set-decrypt-key.asm')
-Index: nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes128-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes128_set_encrypt_key) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x1/aes128-set-encrypt-key.asm')
-Index: nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes192-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes192-decrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes192-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes192-encrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm
-@@ -0,0 +1,38 @@
-+C s390x/fat/aes192-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl picked up by configure
-+dnl PROLOGUE(nettle_aes192_invert_key)
-+dnl PROLOGUE(nettle_aes192_set_decrypt_key)
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes192-set-decrypt-key.asm')
-Index: nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes192-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes192_set_encrypt_key) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes192-set-encrypt-key.asm')
-Index: nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes256-decrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes256-decrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes256-encrypt.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes256-encrypt.asm')
-Index: nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm
-@@ -0,0 +1,38 @@
-+C s390x/fat/aes256-set-decrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl picked up by configure
-+dnl PROLOGUE(nettle_aes256_invert_key)
-+dnl PROLOGUE(nettle_aes256_set_decrypt_key)
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes256-set-decrypt-key.asm')
-Index: nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/aes256-set-encrypt-key.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_aes256_set_encrypt_key) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa_x2/aes256-set-encrypt-key.asm')
-Index: nettle-3.7.3/s390x/memxor.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/memxor.asm
-@@ -0,0 +1,52 @@
-+C s390x/memxor.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "memxor.asm"
-+
-+.text
-+
-+C void * memxor(void *dst, const void *src, size_t n)      
-+
-+PROLOGUE(nettle_memxor)
-+    srlg           %r5,%r4,8
-+    clgije         %r5,0,Llen
-+L256_loop:
-+    xc             0(256,%r2),0(%r3)
-+    aghi           %r2,256
-+    aghi           %r3,256
-+    brctg          %r5,L256_loop
-+Llen:
-+    risbg          %r5,%r4,56,191,0
-+    jz             Ldone
-+    XOR_LEN(%r2,%r3,%r5,%r1)
-+Ldone:
-+    br             RA
-+EPILOGUE(nettle_memxor)
-Index: nettle-3.7.3/memxor3.c
-===================================================================
---- nettle-3.7.3.orig/memxor3.c
-+++ nettle-3.7.3/memxor3.c
-@@ -45,6 +45,13 @@
- 
- #define WORD_T_THRESH 16
- 
-+/* For fat builds */
-+#if HAVE_NATIVE_memxor3
-+void *
-+_nettle_memxor3_c(void *dst_in, const void *a_in, const void *b_in, size_t n);
-+# define nettle_memxor3 _nettle_memxor3_c
-+#endif
-+
- /* XOR word-aligned areas. n is the number of words, not bytes. */
- static void
- memxor3_common_alignment (word_t *dst,
-@@ -236,7 +243,8 @@ memxor3_different_alignment_all (word_t
-    internally by cbc decrypt, and it is not advertised or documented
-    to nettle users. */
- void *
--memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n)
-+nettle_memxor3(void *dst_in, const void *a_in, 
-+				 const void *b_in, size_t n)
- {
-   unsigned char *dst = dst_in;
-   const unsigned char *a = a_in;
-Index: nettle-3.7.3/s390x/fat/memxor3-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/memxor3-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/memxor3-2.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_memxor3) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/vf/memxor3.asm')
-Index: nettle-3.7.3/s390x/vf/memxor3.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/vf/memxor3.asm
-@@ -0,0 +1,85 @@
-+C s390/memxor3.asm
-+
-+ifelse(`
-+   Copyright (C) 2020 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+.file "memxor3.asm"
-+
-+.text
-+.machine arch12
-+
-+C void * memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n)
-+
-+PROLOGUE(nettle_memxor3)
-+    agr            %r2,%r5
-+    agr            %r3,%r5
-+    agr            %r4,%r5
-+Lmod:
-+    risbg          %r1,%r5,60,191,0
-+    jz             L1x
-+    sgr            %r3,%r1
-+    sgr            %r4,%r1
-+    sgr            %r2,%r1
-+    aghi           %r1,-1                        C highest index
-+    vll            %v24,%r1,0(%r3)
-+    vll            %v28,%r1,0(%r4)
-+    vx             %v24,%v24,%v28
-+    vstl           %v24,%r1,0(%r2)
-+L1x:
-+    risbg          %r1,%r5,58,187,0
-+    jz             L4x
-+    srlg           %r1,%r1,4                     C 1-block loop count 'n / 16'
-+L1x_loop:
-+    aghi           %r3,-16
-+    aghi           %r4,-16
-+    aghi           %r2,-16
-+    vl             %v24,0(%r3),0
-+    vl             %v28,0(%r4),0
-+    vx             %v24,%v24,%v28
-+    vst            %v24,0(%r2),0
-+    brctg          %r1,L1x_loop
-+L4x:
-+    risbg          %r1,%r5,0,185,0
-+    jz             Ldone
-+    srlg           %r1,%r1,6                     C 4-blocks loop count 'n / (16 * 4)'
-+L4x_loop:
-+    aghi           %r3,-64
-+    aghi           %r4,-64
-+    aghi           %r2,-64
-+    vlm            %v24,%v27,0(%r3),0
-+    vlm            %v28,%v31,0(%r4),0
-+    vx             %v24,%v24,%v28
-+    vx             %v25,%v25,%v29
-+    vx             %v26,%v26,%v30
-+    vx             %v27,%v27,%v31
-+    vstm           %v24,%v27,0(%r2),0
-+    brctg          %r1,L4x_loop
-+Ldone:
-+    br             RA
-+EPILOGUE(nettle_memxor3)
-Index: nettle-3.7.3/s390x/fat/sha1-compress-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/sha1-compress-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/sha1-compress-2.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(nettle_sha1_compress) picked up by configure
-+
-+define(`fat_transform', `_$1_s390x')
-+include_src(`s390x/msa/sha1-compress.asm')
-Index: nettle-3.7.3/s390x/msa/sha1-compress.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa/sha1-compress.asm
-@@ -0,0 +1,72 @@
-+C s390x/msa/sha1-compress.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
-+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C the second operand is processed as specified by the function code using an initial chaining value in
-+C the parameter block, and the result replaces the chaining value.
-+
-+C This implementation uses KIMD-SHA-1 function.
-+C The parameter block used for the KIMD-SHA-1 function has the following format:
-+C *----------------------------------------------*
-+C |                 H0 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H1 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H2 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H3 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H4 (4 bytes)                 |
-+C *----------------------------------------------*
-+
-+.file "sha1-compress.asm"
-+
-+.text
-+
-+C SHA function code
-+define(`SHA1_FUNCTION_CODE', `1')
-+C Size of block
-+define(`SHA1_BLOCK_SIZE', `64')
-+
-+C void nettle_sha1_compress(uint32_t *state, const uint8_t *input)
-+
-+PROLOGUE(nettle_sha1_compress)
-+    lghi           %r0,SHA1_FUNCTION_CODE        C FUNCTION_CODE
-+    lgr            %r1,%r2
-+    lgr            %r4,%r3
-+    lghi           %r5,SHA1_BLOCK_SIZE
-+1:  .long   0xb93e0004                           C kimd %r0,%r4. perform KIMD-SHA operation on data
-+    brc            1,1b
-+    br             RA
-+EPILOGUE(nettle_sha1_compress)
-Index: nettle-3.7.3/s390x/fat/sha256-compress-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/sha256-compress-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/sha256-compress-2.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(_nettle_sha256_compress) picked up by configure
-+
-+define(`fat_transform', `$1_s390x')
-+include_src(`s390x/msa_x1/sha256-compress.asm')
-Index: nettle-3.7.3/s390x/fat/sha512-compress-2.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/fat/sha512-compress-2.asm
-@@ -0,0 +1,36 @@
-+C s390x/fat/sha512-compress-2.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+dnl PROLOGUE(_nettle_sha512_compress) picked up by configure
-+
-+define(`fat_transform', `$1_s390x')
-+include_src(`s390x/msa_x2/sha512-compress.asm')
-Index: nettle-3.7.3/s390x/msa_x1/sha256-compress.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x1/sha256-compress.asm
-@@ -0,0 +1,80 @@
-+C s390x/msa_x1/sha256-compress.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
-+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C the second operand is processed as specified by the function code using an initial chaining value in
-+C the parameter block, and the result replaces the chaining value.
-+
-+C This implementation uses KIMD-SHA-256 function.
-+C The parameter block used for the KIMD-SHA-256 function has the following format:
-+C *----------------------------------------------*
-+C |                 H0 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H1 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H2 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H3 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H4 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H5 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H6 (4 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H7 (4 bytes)                 |
-+C *----------------------------------------------*
-+
-+.file "sha256-compress.asm"
-+
-+.text
-+
-+C SHA function code
-+define(`SHA256_FUNCTION_CODE', `2')
-+C Size of block
-+define(`SHA256_BLOCK_SIZE', `64')
-+
-+C void 
-+C _nettle_sha256_compress(uint32_t *state, const uint8_t *input,
-+C                         const uint32_t *k)
-+
-+PROLOGUE(_nettle_sha256_compress)
-+    lghi           %r0,SHA256_FUNCTION_CODE      C SHA-256 Function Code
-+    lgr            %r1,%r2
-+    lgr            %r4,%r3
-+    lghi           %r5,SHA256_BLOCK_SIZE
-+1:  .long   0xb93e0004                           C kimd %r0,%r4. perform KIMD-SHA operation on data
-+    brc            1,1b
-+    br             RA
-+EPILOGUE(_nettle_sha256_compress)
-Index: nettle-3.7.3/s390x/msa_x2/sha512-compress.asm
-===================================================================
---- /dev/null
-+++ nettle-3.7.3/s390x/msa_x2/sha512-compress.asm
-@@ -0,0 +1,80 @@
-+C s390x/msa_x2/sha512-compress.asm
-+
-+ifelse(`
-+   Copyright (C) 2021 Mamone Tarsha
-+   This file is part of GNU Nettle.
-+
-+   GNU Nettle is free software: you can redistribute it and/or
-+   modify it under the terms of either:
-+
-+     * the GNU Lesser General Public License as published by the Free
-+       Software Foundation; either version 3 of the License, or (at your
-+       option) any later version.
-+
-+   or
-+
-+     * the GNU General Public License as published by the Free
-+       Software Foundation; either version 2 of the License, or (at your
-+       option) any later version.
-+
-+   or both in parallel, as here.
-+
-+   GNU Nettle is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   General Public License for more details.
-+
-+   You should have received copies of the GNU General Public License and
-+   the GNU Lesser General Public License along with this program.  If
-+   not, see http://www.gnu.org/licenses/.
-+')
-+
-+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
-+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
-+C A function specified by the function code in general register 0 is performed.
-+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
-+C the second operand is processed as specified by the function code using an initial chaining value in
-+C the parameter block, and the result replaces the chaining value.
-+
-+C This implementation uses KIMD-SHA-512 function.
-+C The parameter block used for the KIMD-SHA-512 function has the following format:
-+C *----------------------------------------------*
-+C |                 H0 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H1 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H2 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H3 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H4 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H5 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H6 (8 bytes)                 |
-+C |----------------------------------------------|
-+C |                 H7 (8 bytes)                 |
-+C *----------------------------------------------*
-+
-+.file "sha512-compress.asm"
-+
-+.text
-+
-+C SHA function code
-+define(`SHA512_FUNCTION_CODE', `3')
-+C Size of block
-+define(`SHA512_BLOCK_SIZE', `128')
-+
-+C void 
-+C _nettle_sha512_compress(uint64_t *state, const uint8_t *input,
-+C                         const uint64_t *k)
-+
-+PROLOGUE(_nettle_sha512_compress)
-+    lghi           %r0,SHA512_FUNCTION_CODE      C SHA-512 Function Code
-+    lgr            %r1,%r2
-+    lgr            %r4,%r3
-+    lghi           %r5,SHA512_BLOCK_SIZE
-+1:  .long   0xb93e0004                           C kimd %r0,%r4. perform KIMD-SHA operation on data
-+    brc            1,1b
-+    br             RA
-+EPILOGUE(_nettle_sha512_compress)
diff --git a/libnettle.changes b/libnettle.changes
index e544266..43ea8b8 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Mon Jul 11 19:22:12 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.8:
+  This release includes a couple of new features, and many
+  performance improvements. It adds assembly code for two more
+  architectures: ARM64 and S390x.
+
+  The new version is intended to be fully source and binary
+  compatible with Nettle-3.6. The shared library names are
+  libnettle.so.8.5 and libhogweed.so.6.5, with sonames
+  libnettle.so.8 and libhogweed.so.6.
+
+  New features:
+
+  * AES keywrap (RFC 3394), contributed by Nicolas Mora.
+
+  * SM3 hash function, contributed by Tianjia Zhang.
+
+  * New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
+    cbc_aes256_encrypt.
+
+    On processors where AES is fast enough, e.g., x86_64 with
+    aesni instructions, the overhead of using Nettle's general
+    cbc_encrypt can be significant. The new functions can be
+    implemented in assembly, to do multiple blocks with reduced
+    per-block overhead.
+
+    Note that there's no corresponding new decrypt functions,
+    since the general cbc_decrypt doesn't suffer from the same
+    performance problem.
+
+  Bug fixes:
+
+  * Fix fat builds for x86_64 windows, these appear to never
+    have worked.
+
+  Optimizations:
+
+  * New ARM64 implementation of AES, GCM, Chacha, SHA1 and
+    SHA256, for processors supporting crypto extensions. Great
+    speedups, and fat builds are supported. Contributed by
+    Mamone Tarsha.
+
+  * New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
+    SHA256, SHA512 and SHA3. Great speedups, and fat builds are
+    supported. Contributed by Mamone Tarsha.
+
+  * New PPC64 assembly for ecc modulo/redc operations,
+    contributed by Amitay Isaacs, Martin Schwenke and Alastair
+    D´Silva.
+
+  * The x86_64 AES implementation using aesni instructions has
+    been reorganized with one separate function per key size,
+    each interleaving the processing of two blocks at a time
+    (when the caller processes multiple blocks with each call).
+    This gives a modest performance improvement on some
+    processors.
+
+  * Rewritten and faster x86_64 poly1305 assembly.
+- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) 
+
 -------------------------------------------------------------------
 Wed Jun 15 14:08:02 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
 
diff --git a/libnettle.spec b/libnettle.spec
index c0602e7..772ff5f 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -19,7 +19,7 @@
 %define soname 8
 %define hogweed_soname 6
 Name:           libnettle
-Version:        3.7.3
+Version:        3.8
 Release:        0
 Summary:        Cryptographic Library
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later
@@ -30,8 +30,6 @@ Source1:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
 Source4:        %{name}-rpmlintrc
-#PATCH-FIX-UPSTREAM Provide s390x CPACF/SHA/AES Support for Crypto Libraries [jsc#SLE-20733]
-Patch0:         libnettle-s390x-CPACF-SHA-AES-support.patch
 BuildRequires:  autoconf
 BuildRequires:  fipscheck
 BuildRequires:  gmp-devel >= 6.1.0
diff --git a/nettle-3.7.3.tar.gz b/nettle-3.7.3.tar.gz
deleted file mode 100644
index 341af74..0000000
--- a/nettle-3.7.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0
-size 2383985
diff --git a/nettle-3.7.3.tar.gz.sig b/nettle-3.7.3.tar.gz.sig
deleted file mode 100644
index e73fe56..0000000
Binary files a/nettle-3.7.3.tar.gz.sig and /dev/null differ
diff --git a/nettle-3.8.tar.gz b/nettle-3.8.tar.gz
new file mode 100644
index 0000000..903f2f0
--- /dev/null
+++ b/nettle-3.8.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7576c68481c198f644b08c160d1a4850ba9449e308069455b5213319f234e8e6
+size 2404258
diff --git a/nettle-3.8.tar.gz.sig b/nettle-3.8.tar.gz.sig
new file mode 100644
index 0000000..74b3c56
Binary files /dev/null and b/nettle-3.8.tar.gz.sig differ