crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
authorAndy Polyakov <appro@openssl.org>
Mon, 5 Nov 2012 17:03:39 +0000 (17:03 +0000)
committerBen Laurie <ben@links.org>
Tue, 4 Jun 2013 13:31:23 +0000 (14:31 +0100)
previous cbc128.c commit].

crypto/modes/cbc128.c
crypto/modes/ccm128.c
crypto/modes/cts128.c

index 34b2a2e..0e54f75 100644 (file)
@@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                                out += 16;
                        }
                }
-               else {
+               else  if (16%sizeof(size_t) == 0) { /* always true */
                        while (len>=16) {
+                               size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
+
                                (*block)(in, out, key);
-                               for(n=0; n<16; n+=sizeof(size_t))
-                                       *(size_t *)(out+n) ^= *(size_t *)(iv+n);
+                               for(n=0; n<16/sizeof(size_t); n++)
+                                       out_t[n] ^= iv_t[n];
                                iv = in;
                                len -= 16;
                                in  += 16;
@@ -166,18 +168,19 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                        }
                }
                else if (16%sizeof(size_t) == 0) { /* always true */
-                       size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
-                       const size_t *in_t=(const size_t *)in;
                        while (len>=16) {
-                               (*block)((const unsigned char *)in_t, tmp.c, key);
+                               size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
+                               const size_t *in_t=(const size_t *)in;
+
+                               (*block)(in, tmp.c, key);
                                for(n=0; n<16/sizeof(size_t); n++) {
                                        c = in_t[n];
                                        out_t[n] = tmp.t[n] ^ ivec_t[n];
                                        ivec_t[n] = c;
                                }
                                len -= 16;
-                               in_t  += 16/sizeof(size_t);
-                               out_t += 16/sizeof(size_t);
+                               in  += 16;
+                               out += 16;
                        }
                }
        }
index c9b35e5..3ce11d0 100644 (file)
@@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
                ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
        }
        else
-               *(u32*)(&ctx->nonce.c[8]) = 0;
+               ctx->nonce.u[1] = 0;
 
        ctx->nonce.c[12] = (u8)(mlen>>24);
        ctx->nonce.c[13] = (u8)(mlen>>16);
index c0e1f36..2d583de 100644 (file)
@@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
        (*cbc)(in,out-16,residue,key,ivec,1);
        memcpy(out,tmp.c,residue);
 #else
-       {
-       size_t n;
-       for (n=0; n<16; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = 0;
+       memset(tmp.c,0,sizeof(tmp));
        memcpy(tmp.c,in,residue);
-       }
        memcpy(out,out-16,residue);
        (*cbc)(tmp.c,out-16,16,key,ivec,1);
 #endif
@@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
 #if defined(CBC_HANDLES_TRUNCATED_IO)
        (*cbc)(in,out-16+residue,residue,key,ivec,1);
 #else
-       {
-       size_t n;
-       for (n=0; n<16; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = 0;
+       memset(tmp.c,0,sizeof(tmp));
        memcpy(tmp.c,in,residue);
-       }
        (*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
 #endif
        return len+residue;
@@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
 
        (*block)(in,tmp.c+16,key);
 
-       for (n=0; n<16; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+       memcpy(tmp.c,tmp.c+16,16);
        memcpy(tmp.c,in+16,residue);
        (*block)(tmp.c,tmp.c,key);
 
@@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 
        (*block)(in+residue,tmp.c+16,key);
 
-       for (n=0; n<16; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+       memcpy(tmp.c,tmp.c+16,16);
        memcpy(tmp.c,in,residue);
        (*block)(tmp.c,tmp.c,key);
 
@@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], cbc128_f cbc)
-{      size_t residue, n;
+{      size_t residue;
        union { size_t align; unsigned char c[32]; } tmp;
 
        assert (in && out && key && ivec);
@@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                out += len;
        }
 
-       for (n=16; n<32; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = 0;
+       memset(tmp.c,0,sizeof(tmp));
        /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
        (*cbc)(in,tmp.c,16,key,tmp.c+16,0);
 
@@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
 size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], cbc128_f cbc)
-{      size_t residue, n;
+{      size_t residue;
        union { size_t align; unsigned char c[32]; } tmp;
 
        assert (in && out && key && ivec);
@@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
                out += len;
        }
 
-       for (n=16; n<32; n+=sizeof(size_t))
-               *(size_t *)(tmp.c+n) = 0;
+       memset(tmp.c,0,sizeof(tmp));
        /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
        (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);