modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.

One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)

diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
index c3bd13bbe2aa5e652a5bc9fbfade98d5c5474a51..f6f8da7ab7939dec242f48ea7b9fd98b4101e9f7 100644 (file)
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@@ -294,7 +294,7 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
 
         /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
         aad_block = (OCB_BLOCK *)(aad + ((i - ctx->blocks_hashed - 1) * 16));
-        ocb_block16_xor(&ctx->offset_aad, aad_block, &tmp1);
+        ocb_block16_xor_misaligned(&ctx->offset_aad, aad_block, &tmp1);
         ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc);
         ocb_block16_xor(&ctx->sum, &tmp2, &ctx->sum);
     }