diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8
index ebe28e20c1cf..1e03edf9bcea 100644
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@@ -583,8 +583,8 @@ hmac-sha2-512	512		ah: 96bit ICV (no document)
 		512		ah-old: 128bit ICV (no document)
 hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
 				ah-old: 128bit ICV (no document)
-.\"aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
-.\"		128		ah-old: 128bit ICV (no document)
+aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
+		128		ah-old: 128bit ICV (no document)
 .Ed
 .Pp
 Followings are the list of encryption algorithms that can be used as
@@ -605,7 +605,7 @@ cast128-cbc	40 to 128	rfc2451
 des-deriv	64		ipsec-ciph-des-derived-01
 3des-deriv	192		no document
 rijndael-cbc	128/192/256	rfc3602
-.\"aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
+aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
 .Ed
 .Pp
 Note that the first 128 bits of a key for
diff --git a/sys/conf/files b/sys/conf/files
index 68add60a1d8e..89cf7390f0f1 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -208,7 +208,7 @@ crypto/des/des_ecb.c	optional ipsec ipsec_esp
 crypto/des/des_setkey.c	optional ipsec ipsec_esp
 crypto/rijndael/rijndael-alg-fst.c	optional ipsec
 crypto/rijndael/rijndael-api-fst.c	optional ipsec
-opencrypto/rmd160.c		optional ipsec
+opencrypto/rmd160.c	optional ipsec
 crypto/sha1.c		optional ipsec
 crypto/sha2/sha2.c	optional ipsec
 ddb/db_access.c		optional ddb
@@ -1462,12 +1462,12 @@ netinet/tcp_syncache.c	optional inet
 netinet/tcp_timer.c	optional inet
 netinet/tcp_usrreq.c	optional inet
 netinet/udp_usrreq.c	optional inet
-#netinet6/ah_aesxcbcmac.c	optional ipsec
+netinet6/ah_aesxcbcmac.c	optional ipsec
 netinet6/ah_core.c	optional ipsec
 netinet6/ah_input.c	optional ipsec
 netinet6/ah_output.c	optional ipsec
 netinet6/dest6.c	optional inet6
-#netinet6/esp_aesctr.c	optional ipsec ipsec_esp
+netinet6/esp_aesctr.c	optional ipsec ipsec_esp
 netinet6/esp_core.c	optional ipsec ipsec_esp
 netinet6/esp_input.c	optional ipsec ipsec_esp
 netinet6/esp_output.c	optional ipsec ipsec_esp
diff --git a/sys/netinet6/ah_core.c b/sys/netinet6/ah_core.c
index 4e7f59469833..a2a0309d1745 100644
--- a/sys/netinet6/ah_core.c
+++ b/sys/netinet6/ah_core.c
@@ -189,12 +189,10 @@ ah_algorithm_lookup(idx)
 			"hmac-ripemd160",
 			ah_hmac_ripemd160_init, ah_hmac_ripemd160_loop,
 			ah_hmac_ripemd160_result, },
-#ifdef ENABLE_AES_XCBC_MAC
 		{ ah_sumsiz_1216, ah_common_mature, 128, 128,
 			"aes-xcbc-mac",
 			ah_aes_xcbc_mac_init, ah_aes_xcbc_mac_loop,
 			ah_aes_xcbc_mac_result, },
-#endif
 	};
 
 	switch (idx) {
@@ -216,10 +214,8 @@ ah_algorithm_lookup(idx)
 		return &ah_algorithms[7];
 	case SADB_X_AALG_RIPEMD160HMAC:
 		return &ah_algorithms[8];
-#ifdef ENABLE_AES_XCBC_MAC
 	case SADB_X_AALG_AES_XCBC_MAC:
 		return &ah_algorithms[9];
-#endif
 	default:
 		return NULL;
 	}
diff --git a/sys/netinet6/esp_core.c b/sys/netinet6/esp_core.c
index dba6a7a58878..6fe977156ad9 100644
--- a/sys/netinet6/esp_core.c
+++ b/sys/netinet6/esp_core.c
@@ -153,11 +153,9 @@ static const struct esp_algorithm esp_algorithms[] = {
 		esp_common_ivlen, esp_cbc_decrypt,
 		esp_cbc_encrypt, esp_rijndael_schedule,
 		esp_rijndael_blockdecrypt, esp_rijndael_blockencrypt },
-#ifdef ENABLE_EALG_AESCTR
 	{ 16, 8, esp_aesctr_mature, 160, 288, esp_aesctr_schedlen, "aes-ctr",
 		esp_common_ivlen, esp_aesctr_decrypt,
 		esp_aesctr_encrypt, esp_aesctr_schedule },
-#endif
 };
 
 const struct esp_algorithm *
@@ -178,10 +176,8 @@ esp_algorithm_lookup(idx)
 		return &esp_algorithms[4];
 	case SADB_X_EALG_RIJNDAELCBC:
 		return &esp_algorithms[5];
-#ifdef ENABLE_EALG_AESCTR
 	case SADB_X_EALG_AESCTR:
 		return &esp_algorithms[6];
-#endif
 	default:
 		return NULL;
 	}
diff --git a/sys/netinet6/esp_rijndael.h b/sys/netinet6/esp_rijndael.h
index 5018bf11ac5a..91f2d94b2b66 100644
--- a/sys/netinet6/esp_rijndael.h
+++ b/sys/netinet6/esp_rijndael.h
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: esp_rijndael.h,v 1.1 2000/09/20 18:15:22 itojun Exp $	*/
+/*	$KAME: esp_rijndael.h,v 1.2 2003/01/20 00:55:27 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
diff --git a/usr.sbin/setkey/setkey.8 b/usr.sbin/setkey/setkey.8
index ebe28e20c1cf..1e03edf9bcea 100644
--- a/usr.sbin/setkey/setkey.8
+++ b/usr.sbin/setkey/setkey.8
@@ -583,8 +583,8 @@ hmac-sha2-512	512		ah: 96bit ICV (no document)
 		512		ah-old: 128bit ICV (no document)
 hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
 				ah-old: 128bit ICV (no document)
-.\"aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
-.\"		128		ah-old: 128bit ICV (no document)
+aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
+		128		ah-old: 128bit ICV (no document)
 .Ed
 .Pp
 Followings are the list of encryption algorithms that can be used as
@@ -605,7 +605,7 @@ cast128-cbc	40 to 128	rfc2451
 des-deriv	64		ipsec-ciph-des-derived-01
 3des-deriv	192		no document
 rijndael-cbc	128/192/256	rfc3602
-.\"aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
+aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
 .Ed
 .Pp
 Note that the first 128 bits of a key for