From bac3e025d0e76adcdafc8b26a67bf5a0a4abbed6 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 22 Jul 2025 09:29:31 +0000
Subject: Remove remaining block128_f casts from EVP AES.

Use aes_encrypt_block128() instead of AES_encrypt(), avoiding risky casts.
---
 src/lib/libcrypto/aes/aes_local.h | 5 ++++-
 src/lib/libcrypto/evp/e_aes.c     | 8 ++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/aes/aes_local.h b/src/lib/libcrypto/aes/aes_local.h
index 539373ea06..a265eaac1d 100644
--- a/src/lib/libcrypto/aes/aes_local.h
+++ b/src/lib/libcrypto/aes/aes_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_local.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_local.h,v 1.11 2025/07/22 09:29:31 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -63,6 +63,9 @@ __BEGIN_HIDDEN_DECLS
 /* This controls loop-unrolling in aes_core.c */
 #undef FULL_UNROLL
 
+void aes_encrypt_block128(const unsigned char *in, unsigned char *out,
+   const void *key);
+
 void aes_ctr32_encrypt_ctr128f(const unsigned char *in, unsigned char *out,
     size_t blocks, const void *key, const unsigned char ivec[AES_BLOCK_SIZE]);
 
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 005f1c49b2..63c9f9654c 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.81 2025/07/22 09:13:49 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.82 2025/07/22 09:29:31 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -818,7 +818,7 @@ aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		return 1;
 	if (key) {
 		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
+		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, aes_encrypt_block128);
 
 		/* If we have an iv can set it directly, otherwise use
 		 * saved IV.
@@ -1229,7 +1229,7 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	if (key) {
 		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
 		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-		    &cctx->ks, (block128_f)AES_encrypt);
+		    &cctx->ks, aes_encrypt_block128);
 		cctx->key_set = 1;
 	}
 	if (iv) {
@@ -1402,7 +1402,7 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
 		return 0;
 
 	AES_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
-	CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, (block128_f)AES_encrypt);
+	CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, aes_encrypt_block128);
 	gcm_ctx->tag_len = tag_len;
 	ctx->aead_state = gcm_ctx;
 
-- 
cgit v1.2.3-55-g6feb