Avoid undefined behavior with unaligned accesses

Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11781)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-24 21:10:13 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-05-27 20:14:24 +0200
commit: d03ffeaf45da6541875bff05b3f79d8dba355c97 (patch)
tree: ac35aaa2f7db75b06bbce9c54623fa6abdc644cc /crypto/modes/xts128.c
parent: efdfc392aac6d56fe385223cd26687fa26ca9af3 (diff)
1 files changed, 16 insertions, 8 deletions
diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
index b5bda5e640..b2d3fff74c 100644
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
@@ -11,6 +11,14 @@
 #include "modes_local.h"
 #include <string.h>
 
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u64 u64_a1 __attribute((__aligned__(1)));
+# else
+typedef u64 u64_a1;
+# endif
+#endif
+
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
                           const unsigned char iv[16],
                           const unsigned char *inp, unsigned char *out,
@@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
         scratch.u[0] ^= tweak.u[0];
         scratch.u[1] ^= tweak.u[1];
 #else
-        scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0];
-        scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1];
+        scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0];
+        scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1];
 #endif
         (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
 #if defined(STRICT_ALIGNMENT)
@@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
         scratch.u[1] ^= tweak.u[1];
         memcpy(out, scratch.c, 16);
 #else
-        ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0];
-        ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1];
+        ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0];
+        ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1];
 #endif
         inp += 16;
         out += 16;
@@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
         scratch.u[0] ^= tweak1.u[0];
         scratch.u[1] ^= tweak1.u[1];
 #else
-        scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0];
-        scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1];
+        scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0];
+        scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1];
 #endif
         (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
         scratch.u[0] ^= tweak1.u[0];
@@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
         scratch.u[1] ^= tweak.u[1];
         memcpy(out, scratch.c, 16);
 #else
-        ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0];
-        ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1];
+        ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0];
+        ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1];
 #endif
     }
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-24 21:10:13 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-05-27 20:14:24 +0200
commit	d03ffeaf45da6541875bff05b3f79d8dba355c97 (patch)
tree	ac35aaa2f7db75b06bbce9c54623fa6abdc644cc /crypto/modes/xts128.c
parent	efdfc392aac6d56fe385223cd26687fa26ca9af3 (diff)