Index: head/sys/crypto/aesni/aesni.h
===================================================================
--- head/sys/crypto/aesni/aesni.h
+++ head/sys/crypto/aesni/aesni.h
@@ -63,7 +63,7 @@
 	int mlen;
 	int hash_len;
 	void (*hash_init)(void *);
-	void (*hash_update)(void *, const void *, unsigned);
+	int (*hash_update)(void *, void *, unsigned);
 	void (*hash_finalize)(void *, void *);
 	bool hmac;
 };
Index: head/sys/crypto/aesni/aesni.c
===================================================================
--- head/sys/crypto/aesni/aesni.c
+++ head/sys/crypto/aesni/aesni.c
@@ -386,8 +386,8 @@
 MODULE_VERSION(aesni, 1);
 MODULE_DEPEND(aesni, crypto, 1, 1, 1);
 
-static void
-intel_sha1_update(void *vctx, const void *vdata, u_int datalen)
+static int
+intel_sha1_update(void *vctx, void *vdata, u_int datalen)
 {
 	struct sha1_ctxt *ctx = vctx;
 	const char *data = vdata;
@@ -419,6 +419,8 @@
 			intel_sha1_step(ctx->h.b32, (void *)ctx->m.b8, 1);
 		off += copysiz;
 	}
+
+	return (0);
 }
 
 static void
@@ -433,8 +435,8 @@
 	sha1_result(ctx, digest);
 }
 
-static void
-intel_sha256_update(void *vctx, const void *vdata, u_int len)
+static int
+intel_sha256_update(void *vctx, void *vdata, u_int len)
 {
 	SHA256_CTX *ctx = vctx;
 	uint64_t bitlen;
@@ -454,7 +456,7 @@
 	/* Handle the case where we don't need to perform any transforms */
 	if (len < 64 - r) {
 		memcpy(&ctx->buf[r], src, len);
-		return;
+		return (0);
 	}
 
 	/* Finish the current block */
@@ -473,6 +475,8 @@
 
 	/* Copy left over data into buffer */
 	memcpy(ctx->buf, src, len);
+
+	return (0);
 }
 
 static void
@@ -844,20 +848,16 @@
 		ses->hash_update(&sctx, hmac_key, sizeof(hmac_key));
 
 		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    __DECONST(int (*)(void *, void *, u_int), ses->hash_update),
-		    &sctx);
+		    ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,
 			    crp->crp_payload_output_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 		else
 			crypto_apply(crp, crp->crp_payload_start,
-			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    crp->crp_payload_length, ses->hash_update, &sctx);
 		ses->hash_finalize(res, &sctx);
 
 		/* Outer hash: (K ^ OPAD) || inner hash */
@@ -873,20 +873,17 @@
 		ses->hash_init(&sctx);
 
 		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    __DECONST(int (*)(void *, void *, u_int), ses->hash_update),
-		    &sctx);
+		    ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,
 			    crp->crp_payload_output_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 		else
 			crypto_apply(crp, crp->crp_payload_start,
 			    crp->crp_payload_length,
-			    __DECONST(int (*)(void *, void *, u_int),
-			    ses->hash_update), &sctx);
+			    ses->hash_update, &sctx);
 
 		ses->hash_finalize(res, &sctx);
 	}