When I look at the logic in https://git.lysator.liu.se/nettle/nettle/-/blob/master/fat-s390x.c?ref_type=..., automatic detection of hardware acceleration for aes128, aes192 and aes256 is done independently for each key size, based on corresponding bits in the "km status" words.

While when configured manually, at configure time or using NETTLE_FAT_OVERRIDE, there are instead two flags, "msa_x1" enabling aes128 (and sha256), and "msa_x2" enabling aes192, aes256 (and sha512).

I'm thinking that if we could enable all or none of the s390x aes assembly, then we could make things a bit simpler, only overriding the internal _nettle_aes_set_key and _nettle_aes_invert_key, instead of all 9 of aes{128,192,256}_{set_encrypt,set_decrypt,invert}_key.

Are there s390x machines out there that have hardware support for just some of the aes key sizes but not all?

Regards, /Niels