Remove remaining block128_f casts from EVP AES.

Use aes_encrypt_block128() instead of AES_encrypt(), avoiding risky casts.
author: jsing <> 2025-07-22 09:29:31 +0000
committer: jsing <> 2025-07-22 09:29:31 +0000
commit: 51d40afc578a2778ef71c7194bb3b8499b0610f3 (patch)
tree: 651b72b7850bc9998617d3adacbd7b1f2af7af21 /src
parent: ef16ba98ee6bf1fad529d5b66f4dd0d862d1255c (diff)
download: openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.tar.gz
openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.tar.bz2
openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.zip
2 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/libcrypto/aes/aes_local.h b/src/lib/libcrypto/aes/aes_local.h
index 539373ea06..a265eaac1d 100644
--- a/src/lib/libcrypto/aes/aes_local.h
+++ b/src/lib/libcrypto/aes/aes_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_local.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_local.h,v 1.11 2025/07/22 09:29:31 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -63,6 +63,9 @@ __BEGIN_HIDDEN_DECLS
 /* This controls loop-unrolling in aes_core.c */
 #undef FULL_UNROLL
+void aes_encrypt_block128(const unsigned char *in, unsigned char *out,
+   const void *key);
 void aes_ctr32_encrypt_ctr128f(const unsigned char *in, unsigned char *out,
    size_t blocks, const void *key, const unsigned char ivec[AES_BLOCK_SIZE]);
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 005f1c49b2..63c9f9654c 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.81 2025/07/22 09:13:49 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.82 2025/07/22 09:29:31 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -818,7 +818,7 @@ aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                return 1;
        if (key) {
                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, aes_encrypt_block128);
                /* If we have an iv can set it directly, otherwise use
                 * saved IV.
@@ -1229,7 +1229,7 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        if (key) {
                AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                    &cctx->ks, (block128_f)AES_encrypt);
+                    &cctx->ks, aes_encrypt_block128);
                cctx->key_set = 1;
        }
        if (iv) {
@@ -1402,7 +1402,7 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
                return 0;
        AES_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
-        CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, (block128_f)AES_encrypt);
+        CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, aes_encrypt_block128);
        gcm_ctx->tag_len = tag_len;
        ctx->aead_state = gcm_ctx;
author	jsing <>	2025-07-22 09:29:31 +0000
committer	jsing <>	2025-07-22 09:29:31 +0000
commit	51d40afc578a2778ef71c7194bb3b8499b0610f3 (patch)
tree	651b72b7850bc9998617d3adacbd7b1f2af7af21 /src
parent	ef16ba98ee6bf1fad529d5b66f4dd0d862d1255c (diff)
download	openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.tar.gz openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.tar.bz2 openbsd-51d40afc578a2778ef71c7194bb3b8499b0610f3.zip