Don't compile AESNI code if we're not AESNI capable

Compile failures were occuring on systems that weren't AESNI capable
because the detection wasn't quite right in a couple of files.

This fixes a run-checker build failure for the 386 compile option.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11022)

1 files changed, 7 insertions, 7 deletions

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
index 86da791c49..c9c2f203ef 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
@@ -13,10 +13,6 @@
 int cipher_capable_aes_cbc_hmac_sha1(void);
 int cipher_capable_aes_cbc_hmac_sha256(void);
 
-#ifdef AES_CBC_HMAC_SHA_CAPABLE
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-
 typedef struct prov_cipher_hw_aes_hmac_sha_ctx_st {
     PROV_CIPHER_HW base; /* must be first */
     void (*init_mac_key)(void *ctx, const unsigned char *inkey, size_t inlen);
@@ -30,6 +26,13 @@ typedef struct prov_cipher_hw_aes_hmac_sha_ctx_st {
 # endif /* OPENSSL_NO_MULTIBLOCK) */
 } PROV_CIPHER_HW_AES_HMAC_SHA;
 
+const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha1(void);
+const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha256(void);
+
+#ifdef AES_CBC_HMAC_SHA_CAPABLE
+# include <openssl/aes.h>
+# include <openssl/sha.h>
+
 typedef struct prov_aes_hmac_sha_ctx_st {
     PROV_CIPHER_CTX base;
     AES_KEY ks;
@@ -59,7 +62,4 @@ typedef struct prov_aes_hmac_sha256_ctx_st {
 
 # define NO_PAYLOAD_LENGTH ((size_t)-1)
 
-const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha1(void);
-const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha256(void);
-
 #endif /* AES_CBC_HMAC_SHA_CAPABLE */