move endian/word size checks from runtime to compile time

ok guenther@

4 files changed, 340 insertions, 325 deletions

diff --git a/lib/libcrypto/modes/ctr128.c b/lib/libcrypto/modes/ctr128.c
index 7fd0223701a..23979d64f19 100644
--- a/lib/libcrypto/modes/ctr128.c
+++ b/lib/libcrypto/modes/ctr128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ctr128.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: ctr128.c,v 1.7 2017/08/13 17:46:24 bcook Exp $ */
 /* ====================================================================
  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
  *
@@ -81,22 +81,21 @@ static void ctr128_inc(unsigned char *counter) {
 static void
 ctr128_inc_aligned(unsigned char *counter)
 {
-	size_t *data,c,n;
-
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
-		ctr128_inc(counter);
-		return;
-	}
-
+#if BYTE_ORDER == LITTLE_ENDIAN
+	ctr128_inc(counter);
+#else
+	size_t *data, c, n;
 	data = (size_t *)counter;
-	n = 16/sizeof(size_t);
+	n = 16 / sizeof(size_t);
 	do {
 		--n;
 		c = data[n];
 		++c;
 		data[n] = c;
-		if (c) return;
+		if (c)
+			return;
 	} while (n);
+#endif
 }
 #endif
 
diff --git a/lib/libcrypto/modes/gcm128.c b/lib/libcrypto/modes/gcm128.c
index c080d9c16ae..0b29d9850df 100644
--- a/lib/libcrypto/modes/gcm128.c
+++ b/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.16 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: gcm128.c,v 1.17 2017/08/13 17:46:24 bcook Exp $ */
 /* ====================================================================
  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
@@ -224,29 +224,29 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
 		rem  = (size_t)Z.lo&0xff;
 		Z.lo = (Z.hi<<56)|(Z.lo>>8);
 		Z.hi = (Z.hi>>8);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_8bit[rem];
-		else
-			Z.hi ^= (u64)rem_8bit[rem]<<32;
+#ifdef _LP64
+		Z.hi ^= rem_8bit[rem];
+#else
+		Z.hi ^= (u64)rem_8bit[rem]<<32;
+#endif
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
+	Xi[0] = BSWAP8(Z.hi);
+	Xi[1] = BSWAP8(Z.lo);
 #else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
+	u8 *p = (u8 *)Xi;
+	u32 v;
+	v = (u32)(Z.hi>>32);	PUTU32(p,v);
+	v = (u32)(Z.hi);	PUTU32(p+4,v);
+	v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
+	v = (u32)(Z.lo);	PUTU32(p+12,v);
+#endif
+#else /* BIG_ENDIAN */
+	Xi[0] = Z.hi;
+	Xi[1] = Z.lo;
 #endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
 }
 #define GCM_MUL(ctx,Xi)   gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
 
@@ -307,19 +307,19 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
 	{
 	int j;
 
-	if (BYTE_ORDER == LITTLE_ENDIAN)
-		for (j=0;j<16;++j) {
-			V = Htable[j];
-			Htable[j].hi = V.lo;
-			Htable[j].lo = V.hi;
-		}
-	else
-		for (j=0;j<16;++j) {
-			V = Htable[j];
-			Htable[j].hi = V.lo<<32|V.lo>>32;
-			Htable[j].lo = V.hi<<32|V.hi>>32;
-		}
+#if BYTE_ORDER == LITTLE_ENDIAN
+	for (j=0;j<16;++j) {
+		V = Htable[j];
+		Htable[j].hi = V.lo;
+		Htable[j].lo = V.hi;
 	}
+#else /* BIG_ENDIAN */
+	for (j=0;j<16;++j) {
+		V = Htable[j];
+		Htable[j].hi = V.lo<<32|V.lo>>32;
+		Htable[j].lo = V.hi<<32|V.hi>>32;
+	}
+#endif
 #endif
 }
 
@@ -347,11 +347,11 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
 		rem  = (size_t)Z.lo&0xf;
 		Z.lo = (Z.hi<<60)|(Z.lo>>4);
 		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
+#ifdef _LP64
+		Z.hi ^= rem_4bit[rem];
+#else
+		Z.hi ^= (u64)rem_4bit[rem]<<32;
+#endif
 		Z.hi ^= Htable[nhi].hi;
 		Z.lo ^= Htable[nhi].lo;
 
@@ -364,32 +364,31 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
 		rem  = (size_t)Z.lo&0xf;
 		Z.lo = (Z.hi<<60)|(Z.lo>>4);
 		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
+#ifdef _LP64
+		Z.hi ^= rem_4bit[rem];
+#else
+		Z.hi ^= (u64)rem_4bit[rem]<<32;
+#endif
 		Z.hi ^= Htable[nlo].hi;
 		Z.lo ^= Htable[nlo].lo;
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
+	Xi[0] = BSWAP8(Z.hi);
+	Xi[1] = BSWAP8(Z.lo);
 #else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
+	u8 *p = (u8 *)Xi;
+	u32 v;
+	v = (u32)(Z.hi>>32);	PUTU32(p,v);
+	v = (u32)(Z.hi);	PUTU32(p+4,v);
+	v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
+	v = (u32)(Z.lo);	PUTU32(p+12,v);
+#endif
+#else /* BIG_ENDIAN */
+	Xi[0] = Z.hi;
+	Xi[1] = Z.lo;
 #endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
 }
 
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
@@ -422,11 +421,11 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],
 		rem  = (size_t)Z.lo&0xf;
 		Z.lo = (Z.hi<<60)|(Z.lo>>4);
 		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
+#ifdef _LP64
+		Z.hi ^= rem_4bit[rem];
+#else
+		Z.hi ^= (u64)rem_4bit[rem]<<32;
+#endif
 		Z.hi ^= Htable[nhi].hi;
 		Z.lo ^= Htable[nhi].lo;
 
@@ -440,11 +439,11 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],
 		rem  = (size_t)Z.lo&0xf;
 		Z.lo = (Z.hi<<60)|(Z.lo>>4);
 		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
+#ifdef _LP64
+		Z.hi ^= rem_4bit[rem];
+#else
+		Z.hi ^= (u64)rem_4bit[rem]<<32;
+#endif
 		Z.hi ^= Htable[nlo].hi;
 		Z.lo ^= Htable[nlo].lo;
 	}
@@ -542,23 +541,22 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],
 	Z.hi ^= ((u64)rem_8bit[rem<<4])<<48;
 #endif
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
+	Xi[0] = BSWAP8(Z.hi);
+	Xi[1] = BSWAP8(Z.lo);
 #else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
+	u8 *p = (u8 *)Xi;
+	u32 v;
+	v = (u32)(Z.hi>>32);	PUTU32(p,v);
+	v = (u32)(Z.hi);	PUTU32(p+4,v);
+	v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
+	v = (u32)(Z.lo);	PUTU32(p+12,v);
+#endif
+#else /* BIG_ENDIAN */
+	Xi[0] = Z.hi;
+	Xi[1] = Z.lo;
 #endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
     } while (inp+=16, len-=16);
 }
 #endif
@@ -589,22 +587,21 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2])
 	V.lo = H[1];
 
 	for (j=0; j<16/sizeof(long); ++j) {
-		if (BYTE_ORDER == LITTLE_ENDIAN) {
-			if (sizeof(long)==8) {
+#if BYTE_ORDER == LITTLE_ENDIAN
+#ifdef _LP64
 #ifdef BSWAP8
-				X = (long)(BSWAP8(xi[j]));
+			X = (long)(BSWAP8(xi[j]));
 #else
-				const u8 *p = (const u8 *)(xi+j);
-				X = (long)((u64)GETU32(p)<<32|GETU32(p+4));
+			const u8 *p = (const u8 *)(xi+j);
+			X = (long)((u64)GETU32(p)<<32|GETU32(p+4));
+#endif
+#else
+			const u8 *p = (const u8 *)(xi+j);
+			X = (long)GETU32(p);
+#endif
+#else /* BIG_ENDIAN */
+		X = xi[j];
 #endif
-			}
-			else {
-				const u8 *p = (const u8 *)(xi+j);
-				X = (long)GETU32(p);
-			}
-		}
-		else
-			X = xi[j];
 
 		for (i=0; i<8*sizeof(long); ++i, X<<=1) {
 			u64 M = (u64)(X>>(8*sizeof(long)-1));
@@ -615,23 +612,22 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2])
 		}
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
+	Xi[0] = BSWAP8(Z.hi);
+	Xi[1] = BSWAP8(Z.lo);
 #else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
+	u8 *p = (u8 *)Xi;
+	u32 v;
+	v = (u32)(Z.hi>>32);	PUTU32(p,v);
+	v = (u32)(Z.hi);	PUTU32(p+4,v);
+	v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
+	v = (u32)(Z.lo);	PUTU32(p+12,v);
+#endif
+#else /* BIG_ENDIAN */
+	Xi[0] = Z.hi;
+	Xi[1] = Z.lo;
 #endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
 }
 #define GCM_MUL(ctx,Xi)	  gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
 
@@ -691,20 +687,20 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
 
 	(*block)(ctx->H.c,ctx->H.c,key);
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
-		/* H is stored in host byte order */
+#if BYTE_ORDER == LITTLE_ENDIAN
+	/* H is stored in host byte order */
 #ifdef BSWAP8
-		ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
-		ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
+	ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
+	ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
 #else
-		u8 *p = ctx->H.c;
-		u64 hi,lo;
-		hi = (u64)GETU32(p)  <<32|GETU32(p+4);
-		lo = (u64)GETU32(p+8)<<32|GETU32(p+12);
-		ctx->H.u[0] = hi;
-		ctx->H.u[1] = lo;
+	u8 *p = ctx->H.c;
+	u64 hi,lo;
+	hi = (u64)GETU32(p)  <<32|GETU32(p+4);
+	lo = (u64)GETU32(p+8)<<32|GETU32(p+12);
+	ctx->H.u[0] = hi;
+	ctx->H.u[1] = lo;
+#endif
 #endif
-	}
 
 #if	TABLE_BITS==8
 	gcm_init_8bit(ctx->Htable,ctx->H.u);
@@ -788,45 +784,47 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
 			GCM_MUL(ctx,Yi);
 		}
 		len0 <<= 3;
-		if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-			ctx->Yi.u[1]  ^= BSWAP8(len0);
+		ctx->Yi.u[1]  ^= BSWAP8(len0);
 #else
-			ctx->Yi.c[8]  ^= (u8)(len0>>56);
-			ctx->Yi.c[9]  ^= (u8)(len0>>48);
-			ctx->Yi.c[10] ^= (u8)(len0>>40);
-			ctx->Yi.c[11] ^= (u8)(len0>>32);
-			ctx->Yi.c[12] ^= (u8)(len0>>24);
-			ctx->Yi.c[13] ^= (u8)(len0>>16);
-			ctx->Yi.c[14] ^= (u8)(len0>>8);
-			ctx->Yi.c[15] ^= (u8)(len0);
+		ctx->Yi.c[8]  ^= (u8)(len0>>56);
+		ctx->Yi.c[9]  ^= (u8)(len0>>48);
+		ctx->Yi.c[10] ^= (u8)(len0>>40);
+		ctx->Yi.c[11] ^= (u8)(len0>>32);
+		ctx->Yi.c[12] ^= (u8)(len0>>24);
+		ctx->Yi.c[13] ^= (u8)(len0>>16);
+		ctx->Yi.c[14] ^= (u8)(len0>>8);
+		ctx->Yi.c[15] ^= (u8)(len0);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.u[1]  ^= len0;
 #endif
-		}
-		else
-			ctx->Yi.u[1]  ^= len0;
 
 		GCM_MUL(ctx,Yi);
 
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctr = BSWAP4(ctx->Yi.d[3]);
+		ctr = BSWAP4(ctx->Yi.d[3]);
 #else
-			ctr = GETU32(ctx->Yi.c+12);
+		ctr = GETU32(ctx->Yi.c+12);
+#endif
+#else /* BIG_ENDIAN */
+		ctr = ctx->Yi.d[3];
 #endif
-		else
-			ctr = ctx->Yi.d[3];
 	}
 
 	(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
 	++ctr;
-	if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-		ctx->Yi.d[3] = BSWAP4(ctr);
+	ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-		PUTU32(ctx->Yi.c+12,ctr);
+	PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+	ctx->Yi.d[3] = ctr;
 #endif
-	else
-		ctx->Yi.d[3] = ctr;
 }
 
 int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx,const unsigned char *aad,size_t len)
@@ -914,14 +912,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		ctx->ares = 0;
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
+	ctr = BSWAP4(ctx->Yi.d[3]);
 #else
-		ctr = GETU32(ctx->Yi.c+12);
+	ctr = GETU32(ctx->Yi.c+12);
+#endif
+#else /* BIG_ENDIAN */
+	ctr = ctx->Yi.d[3];
 #endif
-	else
-		ctr = ctx->Yi.d[3];
 
 	n = ctx->mres;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
@@ -952,14 +951,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
 				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
 			out += 16;
@@ -978,14 +978,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
 				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
 			out += 16;
@@ -1001,14 +1002,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
 				ctx->Xi.t[i] ^=
 				out_t[i] = in_t[i]^ctx->EKi.t[i];
@@ -1021,14 +1023,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		if (len) {
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			while (len--) {
 				ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
 				++n;
@@ -1043,14 +1046,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		if (n==0) {
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 		}
 		ctx->Xi.c[n] ^= out[i] = in[i]^ctx->EKi.c[n];
 		n = (n+1)%16;
@@ -1090,14 +1094,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 		ctx->ares = 0;
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
+	ctr = BSWAP4(ctx->Yi.d[3]);
 #else
-		ctr = GETU32(ctx->Yi.c+12);
+	ctr = GETU32(ctx->Yi.c+12);
+#endif
+#else /* BIG_ENDIAN */
+	ctr = ctx->Yi.d[3];
 #endif
-	else
-		ctr = ctx->Yi.d[3];
 
 	n = ctx->mres;
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
@@ -1131,14 +1136,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
 				ctx->Yi.d[3] = BSWAP4(ctr);
 #else
 				PUTU32(ctx->Yi.c+12,ctr);
 #endif
-			else
+#else /* BIG_ENDIAN */
 				ctx->Yi.d[3] = ctr;
+#endif
 			for (i=0; i<16/sizeof(size_t); ++i)
 				out_t[i] = in_t[i]^ctx->EKi.t[i];
 			out += 16;
@@ -1155,14 +1161,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
 				out_t[i] = in_t[i]^ctx->EKi.t[i];
 			out += 16;
@@ -1177,14 +1184,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#ifdef BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i) {
 				size_t c = in[i];
 				out[i] = c^ctx->EKi.t[i];
@@ -1199,14 +1207,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 		if (len) {
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 			while (len--) {
 				u8 c = in[n];
 				ctx->Xi.c[n] ^= c;
@@ -1224,14 +1233,15 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 		if (n==0) {
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
-			if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
+			ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-				PUTU32(ctx->Yi.c+12,ctr);
+			PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+			ctx->Yi.d[3] = ctr;
 #endif
-			else
-				ctx->Yi.d[3] = ctr;
 		}
 		c = in[i];
 		out[i] = c^ctx->EKi.c[n];
@@ -1272,14 +1282,15 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
 		ctx->ares = 0;
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
+	ctr = BSWAP4(ctx->Yi.d[3]);
 #else
-		ctr = GETU32(ctx->Yi.c+12);
+	ctr = GETU32(ctx->Yi.c+12);
+#endif
+#else /* BIG_ENDIAN */
+	ctr = ctx->Yi.d[3];
 #endif
-	else
-		ctr = ctx->Yi.d[3];
 
 	n = ctx->mres;
 	if (n) {
@@ -1298,14 +1309,15 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
 	while (len>=GHASH_CHUNK) {
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		GHASH(ctx,out,GHASH_CHUNK);
 		out += GHASH_CHUNK;
 		in  += GHASH_CHUNK;
@@ -1317,14 +1329,15 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
 
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		in  += i;
 		len -= i;
 #if defined(GHASH)
@@ -1341,14 +1354,15 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
 	if (len) {
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		while (len--) {
 			ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
 			++n;
@@ -1386,14 +1400,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
 		ctx->ares = 0;
 	}
 
-	if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
+	ctr = BSWAP4(ctx->Yi.d[3]);
 #else
-		ctr = GETU32(ctx->Yi.c+12);
+	ctr = GETU32(ctx->Yi.c+12);
+#endif
+#else /* BIG_ENDIAN */
+	ctr = ctx->Yi.d[3];
 #endif
-	else
-		ctr = ctx->Yi.d[3];
 
 	n = ctx->mres;
 	if (n) {
@@ -1415,14 +1430,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
 		GHASH(ctx,in,GHASH_CHUNK);
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		out += GHASH_CHUNK;
 		in  += GHASH_CHUNK;
 		len -= GHASH_CHUNK;
@@ -1445,14 +1461,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
 #endif
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		out += i;
 		in  += i;
 		len -= i;
@@ -1460,14 +1477,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
 	if (len) {
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
-		if (BYTE_ORDER == LITTLE_ENDIAN)
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
+		ctx->Yi.d[3] = BSWAP4(ctr);
 #else
-			PUTU32(ctx->Yi.c+12,ctr);
+		PUTU32(ctx->Yi.c+12,ctr);
+#endif
+#else /* BIG_ENDIAN */
+		ctx->Yi.d[3] = ctr;
 #endif
-		else
-			ctx->Yi.d[3] = ctr;
 		while (len--) {
 			u8 c = in[n];
 			ctx->Xi.c[n] ^= c;
@@ -1492,20 +1510,20 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	if (ctx->mres || ctx->ares)
 		GCM_MUL(ctx,Xi);
 
-	if (BYTE_ORDER == LITTLE_ENDIAN) {
+#if BYTE_ORDER == LITTLE_ENDIAN
 #ifdef BSWAP8
-		alen = BSWAP8(alen);
-		clen = BSWAP8(clen);
+	alen = BSWAP8(alen);
+	clen = BSWAP8(clen);
 #else
-		u8 *p = ctx->len.c;
+	u8 *p = ctx->len.c;
 
-		ctx->len.u[0] = alen;
-		ctx->len.u[1] = clen;
+	ctx->len.u[0] = alen;
+	ctx->len.u[1] = clen;
 
-		alen = (u64)GETU32(p)  <<32|GETU32(p+4);
-		clen = (u64)GETU32(p+8)<<32|GETU32(p+12);
+	alen = (u64)GETU32(p)  <<32|GETU32(p+4);
+	clen = (u64)GETU32(p+8)<<32|GETU32(p+12);
+#endif
 #endif
-	}
 
 	ctx->Xi.u[0] ^= alen;
 	ctx->Xi.u[1] ^= clen;
diff --git a/lib/libcrypto/modes/xts128.c b/lib/libcrypto/modes/xts128.c
index 3e2378379e0..0be23d4ea97 100644
--- a/lib/libcrypto/modes/xts128.c
+++ b/lib/libcrypto/modes/xts128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xts128.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: xts128.c,v 1.7 2017/08/13 17:46:24 bcook Exp $ */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
@@ -98,25 +98,24 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
 
 		if (len==0)	return 0;
 
-		if (BYTE_ORDER == LITTLE_ENDIAN) {
-			unsigned int carry,res;
-			
-			res = 0x87&(((int)tweak.d[3])>>31);
-			carry = (unsigned int)(tweak.u[0]>>63);
-			tweak.u[0] = (tweak.u[0]<<1)^res;
-			tweak.u[1] = (tweak.u[1]<<1)|carry;
-		}
-		else {
-			size_t c;
-
-			for (c=0,i=0;i<16;++i) {
-				/*+ substitutes for |, because c is 1 bit */ 
-				c += ((size_t)tweak.c[i])<<1;
-				tweak.c[i] = (u8)c;
-				c = c>>8;
-			}
-			tweak.c[0] ^= (u8)(0x87&(0-c));
+#if BYTE_ORDER == LITTLE_ENDIAN
+		unsigned int carry,res;
+
+		res = 0x87&(((int)tweak.d[3])>>31);
+		carry = (unsigned int)(tweak.u[0]>>63);
+		tweak.u[0] = (tweak.u[0]<<1)^res;
+		tweak.u[1] = (tweak.u[1]<<1)|carry;
+#else /* BIG_ENDIAN */
+		size_t c;
+
+		for (c=0,i=0;i<16;++i) {
+			/*+ substitutes for |, because c is 1 bit */
+			c += ((size_t)tweak.c[i])<<1;
+			tweak.c[i] = (u8)c;
+			c = c>>8;
 		}
+		tweak.c[0] ^= (u8)(0x87&(0-c));
+#endif
 	}
 	if (enc) {
 		for (i=0;i<len;++i) {
@@ -134,25 +133,24 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
 	else {
 		union { u64 u[2]; u8 c[16]; } tweak1;
 
-		if (BYTE_ORDER == LITTLE_ENDIAN) {
-			unsigned int carry,res;
+#if BYTE_ORDER == LITTLE_ENDIAN
+		unsigned int carry,res;
 
-			res = 0x87&(((int)tweak.d[3])>>31);
-			carry = (unsigned int)(tweak.u[0]>>63);
-			tweak1.u[0] = (tweak.u[0]<<1)^res;
-			tweak1.u[1] = (tweak.u[1]<<1)|carry;
-		}
-		else {
-			size_t c;
-
-			for (c=0,i=0;i<16;++i) {
-				/*+ substitutes for |, because c is 1 bit */ 
-				c += ((size_t)tweak.c[i])<<1;
-				tweak1.c[i] = (u8)c;
-				c = c>>8;
-			}
-			tweak1.c[0] ^= (u8)(0x87&(0-c));
+		res = 0x87&(((int)tweak.d[3])>>31);
+		carry = (unsigned int)(tweak.u[0]>>63);
+		tweak1.u[0] = (tweak.u[0]<<1)^res;
+		tweak1.u[1] = (tweak.u[1]<<1)|carry;
+#else
+		size_t c;
+
+		for (c=0,i=0;i<16;++i) {
+			/*+ substitutes for |, because c is 1 bit */
+			c += ((size_t)tweak.c[i])<<1;
+			tweak1.c[i] = (u8)c;
+			c = c>>8;
 		}
+		tweak1.c[0] ^= (u8)(0x87&(0-c));
+#endif
 #ifdef __STRICT_ALIGNMENT
 		memcpy(scratch.c,inp,16);
 		scratch.u[0] ^= tweak1.u[0];
diff --git a/lib/libcrypto/rc4/rc4_enc.c b/lib/libcrypto/rc4/rc4_enc.c
index 4dacf3f7089..bd928b58c99 100644
--- a/lib/libcrypto/rc4/rc4_enc.c
+++ b/lib/libcrypto/rc4/rc4_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rc4_enc.c,v 1.15 2015/10/21 16:36:50 jsing Exp $ */
+/* $OpenBSD: rc4_enc.c,v 1.16 2017/08/13 17:46:24 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -150,43 +150,43 @@ RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
 		 *
 		 *			<appro@fy.chalmers.se>
 		 */
-		if (BYTE_ORDER != LITTLE_ENDIAN) {	/* BIG-ENDIAN CASE */
+#if BYTE_ORDER == BIG_ENDIAN
 # define BESHFT(c)	(((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
-				ichunk  = *(RC4_CHUNK *)indata;
-				otp = RC4_STEP << BESHFT(0);
-				otp |= RC4_STEP << BESHFT(1);
-				otp |= RC4_STEP << BESHFT(2);
-				otp |= RC4_STEP << BESHFT(3);
-				if (sizeof(RC4_CHUNK) == 8) {
-					otp |= RC4_STEP << BESHFT(4);
-					otp |= RC4_STEP << BESHFT(5);
-					otp |= RC4_STEP << BESHFT(6);
-					otp |= RC4_STEP << BESHFT(7);
-				}
-				*(RC4_CHUNK *)outdata = otp^ichunk;
-				indata += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
+		for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
+			ichunk  = *(RC4_CHUNK *)indata;
+			otp = RC4_STEP << BESHFT(0);
+			otp |= RC4_STEP << BESHFT(1);
+			otp |= RC4_STEP << BESHFT(2);
+			otp |= RC4_STEP << BESHFT(3);
+			if (sizeof(RC4_CHUNK) == 8) {
+				otp |= RC4_STEP << BESHFT(4);
+				otp |= RC4_STEP << BESHFT(5);
+				otp |= RC4_STEP << BESHFT(6);
+				otp |= RC4_STEP << BESHFT(7);
 			}
-		} else {	/* LITTLE-ENDIAN CASE */
+			*(RC4_CHUNK *)outdata = otp^ichunk;
+			indata += sizeof(RC4_CHUNK);
+			outdata += sizeof(RC4_CHUNK);
+		}
+#else
 # define LESHFT(c)	(((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
-				ichunk = *(RC4_CHUNK *)indata;
-				otp = RC4_STEP;
-				otp |= RC4_STEP << 8;
-				otp |= RC4_STEP << 16;
-				otp |= RC4_STEP << 24;
-				if (sizeof(RC4_CHUNK) == 8) {
-					otp |= RC4_STEP << LESHFT(4);
-					otp |= RC4_STEP << LESHFT(5);
-					otp |= RC4_STEP << LESHFT(6);
-					otp |= RC4_STEP << LESHFT(7);
-				}
-				*(RC4_CHUNK *)outdata = otp ^ ichunk;
-				indata += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
+		for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) {
+			ichunk = *(RC4_CHUNK *)indata;
+			otp = RC4_STEP;
+			otp |= RC4_STEP << 8;
+			otp |= RC4_STEP << 16;
+			otp |= RC4_STEP << 24;
+			if (sizeof(RC4_CHUNK) == 8) {
+				otp |= RC4_STEP << LESHFT(4);
+				otp |= RC4_STEP << LESHFT(5);
+				otp |= RC4_STEP << LESHFT(6);
+				otp |= RC4_STEP << LESHFT(7);
 			}
+			*(RC4_CHUNK *)outdata = otp ^ ichunk;
+			indata += sizeof(RC4_CHUNK);
+			outdata += sizeof(RC4_CHUNK);
 		}
+#endif
 	}
 #endif
 #define LOOP(in,out) \