From 0346df34ff8e227fbd40e79cc2c5a73ffec1beb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:45:00 +0200 Subject: [PATCH 01/16] ubsan src/encauth/siv/siv.c:164:19: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here --- src/encauth/siv/siv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/encauth/siv/siv.c b/src/encauth/siv/siv.c index bd6d5b45b..4de52d90b 100644 --- a/src/encauth/siv/siv.c +++ b/src/encauth/siv/siv.c @@ -161,7 +161,7 @@ static LTC_INLINE int s_siv_S2V_T(siv_omac_ctx_t *ctx, } else { s_siv_dbl(D); XMEMSET(&T, 0, sizeof(T)); - XMEMCPY(&T, in, inlen); + if (inlen != 0) XMEMCPY(&T, in, inlen); T.u.byte[inlen] = 0x80; s_siv_xor_buf(D, &T); From 83d2d4ed3dd8ccd351f5bc3e04044013814086a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:46:00 +0200 Subject: [PATCH 02/16] ubsan src/misc/compare_testvector.c:63:25: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:65:33: note: nonnull attribute specified here --- src/misc/compare_testvector.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/misc/compare_testvector.c b/src/misc/compare_testvector.c index f13084960..fd8ae0c77 100644 --- a/src/misc/compare_testvector.c +++ b/src/misc/compare_testvector.c @@ -59,6 +59,8 @@ int ltc_compare_testvector(const void* is, const unsigned long is_len, const voi int res = 0; if(is_len != should_len) { res = is_len > should_len ? -1 : 1; + } else if (is_len == 0 && (!is || !should)) { + res = 0; } else { res = XMEMCMP(is, should, is_len); } From 962851b03948ac3a25e074e435b66d76d68841e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:47:00 +0200 Subject: [PATCH 03/16] ubsan src/pk/ec25519/tweetnacl.c:56:12: runtime error: left shift of negative value -1 --- src/pk/ec25519/tweetnacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ec25519/tweetnacl.c b/src/pk/ec25519/tweetnacl.c index 48446ef9a..79c099013 100644 --- a/src/pk/ec25519/tweetnacl.c +++ b/src/pk/ec25519/tweetnacl.c @@ -53,7 +53,7 @@ sv car25519(gf o) o[i]+=(1LL<<16); c=o[i]>>16; o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15); - o[i]-=c<<16; + o[i]-=((i64)(((u64)(c))<<16)); } } From ccae83dbf96a6b820cfce4668ed6b4b76755f5c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:48:00 +0200 Subject: [PATCH 04/16] ubsan src/pk/ec25519/tweetnacl.c:369:21: runtime error: left shift of negative value -666 --- src/pk/ec25519/tweetnacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ec25519/tweetnacl.c b/src/pk/ec25519/tweetnacl.c index 79c099013..4fee24064 100644 --- a/src/pk/ec25519/tweetnacl.c +++ b/src/pk/ec25519/tweetnacl.c @@ -366,7 +366,7 @@ sv modL(u8 *r,i64 x[64]) for (j = i - 32;j < i - 12;++j) { x[j] += carry - 16 * x[i] * L[j - (i - 32)]; carry = (x[j] + 128) >> 8; - x[j] -= carry << 8; + x[j] -= ((i64)(((u64)(carry)) << 8)); } x[j] += carry; x[i] = 0; From 65a28add5551b35d6fdd3be23d1ee010d22ce518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:49:00 +0200 Subject: [PATCH 05/16] ubsan src/pk/ec448/ec448_common.c:257:17: runtime error: left shift of negative value -239381151 --- src/pk/ec448/ec448_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ec448/ec448_common.c b/src/pk/ec448/ec448_common.c index 65bb0f2bb..2683cbf72 100644 --- a/src/pk/ec448/ec448_common.c +++ b/src/pk/ec448/ec448_common.c @@ -254,7 +254,7 @@ static void s_gf448_mul(gf448 o, const gf448 a, const gf448 b) for (i = 0; i < 30; ++i) { c = t[i] >> 28; t[i+1] += c; - t[i] -= c << 28; + t[i] -= ((long64)(((ulong64)(c)) << 28)); } t[14] += 2 * t[30]; t[6] += t[30]; From 72d8e64bd54198c72ee07427765c912b8ac0a569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:50:00 +0200 Subject: [PATCH 06/16] ubsan src/pk/ec448/ec448_common.c:99:17: runtime error: left shift of negative value -216193609 --- src/pk/ec448/ec448_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ec448/ec448_common.c b/src/pk/ec448/ec448_common.c index 2683cbf72..82dc22f05 100644 --- a/src/pk/ec448/ec448_common.c +++ b/src/pk/ec448/ec448_common.c @@ -96,7 +96,7 @@ static void s_gf448_carry(gf448 o) for (i = 0; i < 15; ++i) { c = o[i] >> 28; o[i+1] += c; - o[i] -= c << 28; + o[i] -= ((long64)(((ulong64)(c)) << 28)); } /* limb 15 overflow: 2^(28*16) = 2^448 == 2^224 + 1 */ c = o[15] >> 28; From cf6a4241c6f8ad8614fde20afeaa546be099b1de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Wed, 20 May 2026 02:51:00 +0200 Subject: [PATCH 07/16] ubsan src/pk/ec448/ec448_common.c:105:15: runtime error: left shift of negative value -1 --- src/pk/ec448/ec448_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ec448/ec448_common.c b/src/pk/ec448/ec448_common.c index 82dc22f05..c8cb71600 100644 --- a/src/pk/ec448/ec448_common.c +++ b/src/pk/ec448/ec448_common.c @@ -102,7 +102,7 @@ static void s_gf448_carry(gf448 o) c = o[15] >> 28; o[0] += c; /* + c * 1 */ o[8] += c; /* + c * 2^224 */ - o[15] -= c << 28; + o[15] -= ((long64)(((ulong64)(c)) << 28)); /* one more pass to settle the extra from limb 0 and 8 */ for (i = 0; i < 15; ++i) { c = o[i] >> 28; From 418925557a91bba9276c0e2d9ae75d8a005af2c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:15:00 +0200 Subject: [PATCH 08/16] ubsan src/modes/ctr/ctr_encrypt.c:56:66: runtime error: load of misaligned address 0x7ffea07ee82f for type 'LTC_FAST_TYPE', which requires 8 byte alignment src/modes/ctr/ctr_encrypt.c:56:64: runtime error: store to misaligned address 0x7ffea07ee82f for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- src/modes/ctr/ctr_encrypt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c index 043b5ae48..0bb2d9e2e 100644 --- a/src/modes/ctr/ctr_encrypt.c +++ b/src/modes/ctr/ctr_encrypt.c @@ -53,8 +53,11 @@ static int s_ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned lo #ifdef LTC_FAST if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->ecb.blocklen)) { for (x = 0; x < ctr->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) ^ - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ctr->pad + x)); + LTC_FAST_TYPE fast_pt, fast_pad, fast_ct; + XMEMCPY(&fast_pt, (unsigned char*)pt + x, sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_pad, (unsigned char*)ctr->pad + x, sizeof(LTC_FAST_TYPE)); + fast_ct = fast_pt ^ fast_pad; + XMEMCPY((unsigned char*)ct + x, &fast_ct, sizeof(LTC_FAST_TYPE)); } pt += ctr->ecb.blocklen; ct += ctr->ecb.blocklen; From 35094b921374cc2ad2a15d3ab1a41bb5466735e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:16:00 +0200 Subject: [PATCH 09/16] ubsan tests/store_test.c:66:91: runtime error: load of misaligned address 0x7ffdd32f0d9f for type 'LTC_FAST_TYPE', which requires 8 byte alignment tests/store_test.c:66:52: runtime error: load of misaligned address 0x7ffdd32f0d71 for type 'LTC_FAST_TYPE', which requires 8 byte alignment tests/store_test.c:66:50: runtime error: store to misaligned address 0x7ffdd32f0dc1 for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- tests/store_test.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/store_test.c b/tests/store_test.c index 5f94a444c..aaf87ce4b 100644 --- a/tests/store_test.c +++ b/tests/store_test.c @@ -63,7 +63,11 @@ int store_test(void) /* now XOR it word for word */ for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&buf[5*y+z+x])) = *(LTC_FAST_TYPE_PTR_CAST(&buf[z+x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&buf[z+y+x+zz])); + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; + XMEMCPY(&fast_src1, &buf[z+x], sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &buf[z+y+x+zz], sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src1; + XMEMCPY(&buf[5*y+z+x], &fast_dst, sizeof(LTC_FAST_TYPE)); } if (memcmp(&buf[4*y+z], &buf[5*y+z], y)) { From 072787e125d8daf483df3b5d2a56bc8d65be2055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:17:00 +0200 Subject: [PATCH 10/16] ubsan src/mac/pmac/pmac_process.c:40:50: runtime error: load of misaligned address 0x57c89c4329ec for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- src/mac/pmac/pmac_process.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c index 8017e3893..493502a3a 100644 --- a/src/mac/pmac/pmac_process.c +++ b/src/mac/pmac/pmac_process.c @@ -37,7 +37,11 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) for (x = 0; x < (inlen - 16); x += 16) { pmac_shift_xor(pmac); for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&Z[y])) = *(LTC_FAST_TYPE_PTR_CAST(&in[y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&pmac->Li[y])); + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; + XMEMCPY(&fast_src1, &in[y], sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &pmac->Li[y], sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src2; + XMEMCPY(&Z[y], &fast_dst, sizeof(LTC_FAST_TYPE)); } if ((err = ecb_encrypt_block(Z, Z, &pmac->key)) != CRYPT_OK) { return err; From a397753dd6fb7d6fcc1d25f433cffdc3946c7553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:18:00 +0200 Subject: [PATCH 11/16] ubsan src/mac/xcbc/xcbc_process.c:35:60: runtime error: load of misaligned address 0x57c89c432ccc for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- src/mac/xcbc/xcbc_process.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mac/xcbc/xcbc_process.c b/src/mac/xcbc/xcbc_process.c index a6e5145f1..7b28b359c 100644 --- a/src/mac/xcbc/xcbc_process.c +++ b/src/mac/xcbc/xcbc_process.c @@ -32,7 +32,11 @@ int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen) if (xcbc->buflen == 0) { while (inlen > (unsigned long)xcbc->blocksize) { for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&(xcbc->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x]))); + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; + XMEMCPY(&fast_src1, &(in[x]), sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &(xcbc->IV[x]), sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src2; + XMEMCPY(&(xcbc->IV[x]), &fast_dst, sizeof(LTC_FAST_TYPE)); } ecb_encrypt_block(xcbc->IV, xcbc->IV, &xcbc->key); in += xcbc->blocksize; From 38da4a0edf42b2a48fcd4a69a1b61e0d9e49e8f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:19:00 +0200 Subject: [PATCH 12/16] ubsan src/mac/f9/f9_process.c:39:58: runtime error: load of misaligned address 0x5c2b1a1d2c14 for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- src/mac/f9/f9_process.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mac/f9/f9_process.c b/src/mac/f9/f9_process.c index 8860da387..1740a5341 100644 --- a/src/mac/f9/f9_process.c +++ b/src/mac/f9/f9_process.c @@ -36,7 +36,11 @@ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen) if (f9->buflen == 0) { while (inlen >= (unsigned long)f9->blocksize) { for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&(f9->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x]))); + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; + XMEMCPY(&fast_src1, &(in[x]), sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &(f9->IV[x]), sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src2; + XMEMCPY(&(f9->IV[x]), &fast_dst, sizeof(LTC_FAST_TYPE)); } ecb_encrypt_block(f9->IV, f9->IV, &f9->key); for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { From da9d717046afc3365eaa35fcff16c803a0e27bb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:20:00 +0200 Subject: [PATCH 13/16] ubsan src/encauth/gcm/gcm_process.c:82:58: runtime error: load of misaligned address 0x596b3e6aa354 for type 'LTC_FAST_TYPE', which requires 8 byte alignment --- src/encauth/gcm/gcm_process.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c index b75c1d040..4fd92ede3 100644 --- a/src/encauth/gcm/gcm_process.c +++ b/src/encauth/gcm/gcm_process.c @@ -79,8 +79,15 @@ int gcm_process(gcm_state *gcm, for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; + XMEMCPY(&fast_src1, &pt[x+y], sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &gcm->buf[y], sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src2; + XMEMCPY(&ct[x + y], &fast_dst, sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src1, &gcm->X[y], sizeof(LTC_FAST_TYPE)); + XMEMCPY(&fast_src2, &ct[x+y], sizeof(LTC_FAST_TYPE)); + fast_dst = fast_src1 ^ fast_src2; + XMEMCPY(&gcm->X[y], &fast_dst, sizeof(LTC_FAST_TYPE)); } /* GMAC it */ gcm->pttotlen += 128; From 4a87d04100a899a54a4e43f360b847fa5c2836c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:21:00 +0200 Subject: [PATCH 14/16] introduce LTC_FAST_TYPE_XOR --- src/headers/tomcrypt_cfg.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h index 14b81d87f..40aa41b2a 100644 --- a/src/headers/tomcrypt_cfg.h +++ b/src/headers/tomcrypt_cfg.h @@ -273,6 +273,15 @@ typedef unsigned long ltc_mp_digit; #else typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; #endif + #define LTC_FAST_TYPE_XOR3(dst, src1, src2) \ + do { \ + LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; \ + XMEMCPY(&fast_src1, (src1), sizeof(LTC_FAST_TYPE)); \ + XMEMCPY(&fast_src2, (src2), sizeof(LTC_FAST_TYPE)); \ + fast_dst = fast_src1 ^ fast_src2; \ + XMEMCPY((dst), &fast_dst, sizeof(LTC_FAST_TYPE)); \ + }while (0) + #define LTC_FAST_TYPE_XOR2(dst, src) LTC_FAST_TYPE_XOR3((dst), (dst), (src)) #endif #if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) From 01c3ea6bb38787369c8946d1978ece8e362ba50b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 12:22:00 +0200 Subject: [PATCH 15/16] start using LTC_FAST_TYPE_XOR --- src/encauth/gcm/gcm_process.c | 11 ++--------- src/mac/f9/f9_process.c | 6 +----- src/mac/pmac/pmac_process.c | 6 +----- src/mac/xcbc/xcbc_process.c | 6 +----- src/modes/ctr/ctr_encrypt.c | 6 +----- tests/store_test.c | 6 +----- 6 files changed, 7 insertions(+), 34 deletions(-) diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c index 4fd92ede3..d9f84694b 100644 --- a/src/encauth/gcm/gcm_process.c +++ b/src/encauth/gcm/gcm_process.c @@ -79,15 +79,8 @@ int gcm_process(gcm_state *gcm, for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; - XMEMCPY(&fast_src1, &pt[x+y], sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &gcm->buf[y], sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src2; - XMEMCPY(&ct[x + y], &fast_dst, sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src1, &gcm->X[y], sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &ct[x+y], sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src2; - XMEMCPY(&gcm->X[y], &fast_dst, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR3(&ct[x + y], &pt[x+y], &gcm->buf[y]); + LTC_FAST_TYPE_XOR2(&gcm->X[y], &ct[x+y]); } /* GMAC it */ gcm->pttotlen += 128; diff --git a/src/mac/f9/f9_process.c b/src/mac/f9/f9_process.c index 1740a5341..a5e31d65a 100644 --- a/src/mac/f9/f9_process.c +++ b/src/mac/f9/f9_process.c @@ -36,11 +36,7 @@ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen) if (f9->buflen == 0) { while (inlen >= (unsigned long)f9->blocksize) { for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; - XMEMCPY(&fast_src1, &(in[x]), sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &(f9->IV[x]), sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src2; - XMEMCPY(&(f9->IV[x]), &fast_dst, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR2(&(f9->IV[x]), &(in[x])); } ecb_encrypt_block(f9->IV, f9->IV, &f9->key); for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c index 493502a3a..1dbb57a46 100644 --- a/src/mac/pmac/pmac_process.c +++ b/src/mac/pmac/pmac_process.c @@ -37,11 +37,7 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) for (x = 0; x < (inlen - 16); x += 16) { pmac_shift_xor(pmac); for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; - XMEMCPY(&fast_src1, &in[y], sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &pmac->Li[y], sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src2; - XMEMCPY(&Z[y], &fast_dst, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR3(&Z[y], &in[y], &pmac->Li[y]); } if ((err = ecb_encrypt_block(Z, Z, &pmac->key)) != CRYPT_OK) { return err; diff --git a/src/mac/xcbc/xcbc_process.c b/src/mac/xcbc/xcbc_process.c index 7b28b359c..c204acbb3 100644 --- a/src/mac/xcbc/xcbc_process.c +++ b/src/mac/xcbc/xcbc_process.c @@ -32,11 +32,7 @@ int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen) if (xcbc->buflen == 0) { while (inlen > (unsigned long)xcbc->blocksize) { for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; - XMEMCPY(&fast_src1, &(in[x]), sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &(xcbc->IV[x]), sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src2; - XMEMCPY(&(xcbc->IV[x]), &fast_dst, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR2(&(xcbc->IV[x]), &(in[x])); } ecb_encrypt_block(xcbc->IV, xcbc->IV, &xcbc->key); in += xcbc->blocksize; diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c index 0bb2d9e2e..45170f5c3 100644 --- a/src/modes/ctr/ctr_encrypt.c +++ b/src/modes/ctr/ctr_encrypt.c @@ -53,11 +53,7 @@ static int s_ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned lo #ifdef LTC_FAST if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->ecb.blocklen)) { for (x = 0; x < ctr->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_pt, fast_pad, fast_ct; - XMEMCPY(&fast_pt, (unsigned char*)pt + x, sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_pad, (unsigned char*)ctr->pad + x, sizeof(LTC_FAST_TYPE)); - fast_ct = fast_pt ^ fast_pad; - XMEMCPY((unsigned char*)ct + x, &fast_ct, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR3((unsigned char *)ct + x, (unsigned char *)pt + x, (unsigned char *)ctr->pad + x); } pt += ctr->ecb.blocklen; ct += ctr->ecb.blocklen; diff --git a/tests/store_test.c b/tests/store_test.c index aaf87ce4b..a6af45934 100644 --- a/tests/store_test.c +++ b/tests/store_test.c @@ -63,11 +63,7 @@ int store_test(void) /* now XOR it word for word */ for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) { - LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; - XMEMCPY(&fast_src1, &buf[z+x], sizeof(LTC_FAST_TYPE)); - XMEMCPY(&fast_src2, &buf[z+y+x+zz], sizeof(LTC_FAST_TYPE)); - fast_dst = fast_src1 ^ fast_src1; - XMEMCPY(&buf[5*y+z+x], &fast_dst, sizeof(LTC_FAST_TYPE)); + LTC_FAST_TYPE_XOR3(&buf[5*y+z+x], &buf[z+x], &buf[z+y+x+zz]); } if (memcmp(&buf[4*y+z], &buf[5*y+z], y)) { From 259ce6f7901da9a02b46aad2ef0b92caa2c19cab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Kn=C3=A1pek?= Date: Thu, 21 May 2026 13:15:00 +0200 Subject: [PATCH 16/16] Get rid of LTC_FAST_TYPE_PTR_CAST entirely. As it might be dangerous to use it. --- src/encauth/ccm/ccm_memory.c | 8 ++++---- src/encauth/gcm/gcm_add_aad.c | 2 +- src/encauth/gcm/gcm_add_iv.c | 2 +- src/encauth/gcm/gcm_mult_h.c | 2 +- src/encauth/gcm/gcm_process.c | 4 ++-- src/headers/tomcrypt_cfg.h | 15 ++++++++++++++- src/mac/f9/f9_process.c | 2 +- src/mac/omac/omac_process.c | 2 +- src/mac/pelican/pelican.c | 2 +- src/mac/pmac/pmac_process.c | 2 +- src/mac/pmac/pmac_shift_xor.c | 3 +-- src/misc/copy_or_zeromem.c | 2 +- src/modes/cbc/cbc_decrypt.c | 6 +++--- src/modes/cbc/cbc_encrypt.c | 4 ++-- src/modes/f8/f8_encrypt.c | 6 ++++-- src/modes/lrw/lrw_process.c | 8 +++++--- src/modes/lrw/lrw_setiv.c | 2 +- src/modes/xts/xts_decrypt.c | 4 ++-- src/modes/xts/xts_encrypt.c | 4 ++-- 19 files changed, 48 insertions(+), 32 deletions(-) diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c index d23904463..48c7a0d7d 100644 --- a/src/encauth/ccm/ccm_memory.c +++ b/src/encauth/ccm/ccm_memory.c @@ -248,8 +248,8 @@ int ccm_memory(int cipher, /* xor the PT against the pad first */ for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])); - *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z])); + LTC_FAST_TYPE_XOR2(&PAD[z], &pt[y+z]); + LTC_FAST_TYPE_XOR3(&ct[y+z], &pt[y+z], &CTRPAD[z]); } if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) { goto error; @@ -268,8 +268,8 @@ int ccm_memory(int cipher, /* xor the PT against the pad last */ for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z])); - *(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])); + LTC_FAST_TYPE_XOR3(&pt[y+z], &ct[y+z], &CTRPAD[z]); + LTC_FAST_TYPE_XOR2(&PAD[z], &pt[y+z]); } if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) { goto error; diff --git a/src/encauth/gcm/gcm_add_aad.c b/src/encauth/gcm/gcm_add_aad.c index 67a86fe52..8e2b13d58 100644 --- a/src/encauth/gcm/gcm_add_aad.c +++ b/src/encauth/gcm/gcm_add_aad.c @@ -81,7 +81,7 @@ int gcm_add_aad(gcm_state *gcm, if (gcm->buflen == 0 && adatalen > 15) { for (x = 0; x < (adatalen & ~15); x += 16) { for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&adata[x + y])); + LTC_FAST_TYPE_XOR2(&gcm->X[y], &adata[x + y]); } gcm_mult_h(gcm, gcm->X); gcm->totlen += 128; diff --git a/src/encauth/gcm/gcm_add_iv.c b/src/encauth/gcm/gcm_add_iv.c index b37a55bf8..d722fcf48 100644 --- a/src/encauth/gcm/gcm_add_iv.c +++ b/src/encauth/gcm/gcm_add_iv.c @@ -45,7 +45,7 @@ int gcm_add_iv(gcm_state *gcm, if (gcm->buflen == 0) { for (x = 0; x < (IVlen & ~15); x += 16) { for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&IV[x + y])); + LTC_FAST_TYPE_XOR2(&gcm->X[y], &IV[x + y]); } gcm_mult_h(gcm, gcm->X); gcm->totlen += 128; diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c index c0fd9c56b..c361c40ed 100644 --- a/src/encauth/gcm/gcm_mult_h.c +++ b/src/encauth/gcm/gcm_mult_h.c @@ -30,7 +30,7 @@ void gcm_mult_h(const gcm_state *gcm, unsigned char *I) for (x = 1; x < 16; x++) { #ifdef LTC_FAST for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&gcm->PC[x][I[x]][y])); + LTC_FAST_TYPE_XOR2(T + y, &gcm->PC[x][I[x]][y]); } #else for (y = 0; y < 16; y++) { diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c index d9f84694b..38e0aab53 100644 --- a/src/encauth/gcm/gcm_process.c +++ b/src/encauth/gcm/gcm_process.c @@ -97,8 +97,8 @@ int gcm_process(gcm_state *gcm, for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); - *(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); + LTC_FAST_TYPE_XOR2(&gcm->X[y], &ct[x+y]); + LTC_FAST_TYPE_XOR3(&pt[x + y], &ct[x+y], &gcm->buf[y]); } /* GMAC it */ gcm->pttotlen += 128; diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h index 40aa41b2a..727bd2cdf 100644 --- a/src/headers/tomcrypt_cfg.h +++ b/src/headers/tomcrypt_cfg.h @@ -267,7 +267,6 @@ typedef unsigned long ltc_mp_digit; #endif #ifdef LTC_FAST - #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x)) #ifdef ENDIAN_64BITWORD typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; #else @@ -282,6 +281,20 @@ typedef unsigned long ltc_mp_digit; XMEMCPY((dst), &fast_dst, sizeof(LTC_FAST_TYPE)); \ }while (0) #define LTC_FAST_TYPE_XOR2(dst, src) LTC_FAST_TYPE_XOR3((dst), (dst), (src)) + #define LTC_FAST_TYPE_MASK(dst, src, mask) \ + do { \ + LTC_FAST_TYPE fast_src, fast_mask, fast_dst; \ + XMEMCPY(&fast_src, (src), sizeof(LTC_FAST_TYPE)); \ + fast_mask = ((LTC_FAST_TYPE)(mask)); \ + fast_dst = fast_src & fast_mask; \ + XMEMCPY((dst), &fast_dst, sizeof(LTC_FAST_TYPE)); \ + }while (0) + #define LTC_FAST_TYPE_ASSIGN(dst, src) \ + do { \ + LTC_FAST_TYPE fast_tmp; \ + XMEMCPY(&fast_tmp, (src), sizeof(LTC_FAST_TYPE)); \ + XMEMCPY((dst), &fast_tmp, sizeof(LTC_FAST_TYPE)); \ + }while (0) #endif #if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) diff --git a/src/mac/f9/f9_process.c b/src/mac/f9/f9_process.c index a5e31d65a..01310946f 100644 --- a/src/mac/f9/f9_process.c +++ b/src/mac/f9/f9_process.c @@ -40,7 +40,7 @@ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen) } ecb_encrypt_block(f9->IV, f9->IV, &f9->key); for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&(f9->ACC[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(f9->IV[x]))); + LTC_FAST_TYPE_XOR2(&(f9->ACC[x]), &(f9->IV[x])); } in += f9->blocksize; inlen -= f9->blocksize; diff --git a/src/mac/omac/omac_process.c b/src/mac/omac/omac_process.c index d2183d507..a1118f5e4 100644 --- a/src/mac/omac/omac_process.c +++ b/src/mac/omac/omac_process.c @@ -34,7 +34,7 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) if (omac->buflen == 0 && inlen > (unsigned long)omac->blklen) { for (x = 0; x < (inlen - omac->blklen); x += omac->blklen) { for (n = 0; n < (unsigned long)omac->blklen; n += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&omac->prev[n])) ^= *(LTC_FAST_TYPE_PTR_CAST(&in[n])); + LTC_FAST_TYPE_XOR2(&omac->prev[n], &in[n]); } in += omac->blklen; if ((err = ecb_encrypt_block(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { diff --git a/src/mac/pelican/pelican.c b/src/mac/pelican/pelican.c index 7d62e8dde..e7bd298e0 100644 --- a/src/mac/pelican/pelican.c +++ b/src/mac/pelican/pelican.c @@ -108,7 +108,7 @@ int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned lon while (inlen & ~15) { int x; for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pelmac->state + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)in + x)); + LTC_FAST_TYPE_XOR2((unsigned char *)pelmac->state + x, (unsigned char *)in + x); } s_four_rounds(pelmac); in += 16; diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c index 1dbb57a46..05aafa1b6 100644 --- a/src/mac/pmac/pmac_process.c +++ b/src/mac/pmac/pmac_process.c @@ -43,7 +43,7 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) return err; } for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&pmac->checksum[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&Z[y])); + LTC_FAST_TYPE_XOR2(&pmac->checksum[y], &Z[y]); } in += 16; } diff --git a/src/mac/pmac/pmac_shift_xor.c b/src/mac/pmac/pmac_shift_xor.c index ad97fa8b3..6d37de888 100644 --- a/src/mac/pmac/pmac_shift_xor.c +++ b/src/mac/pmac/pmac_shift_xor.c @@ -19,8 +19,7 @@ void pmac_shift_xor(pmac_state *pmac) y = pmac_ntz(pmac->block_index++); #ifdef LTC_FAST for (x = 0; x < pmac->block_len; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Li + x)) ^= - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Ls[y] + x)); + LTC_FAST_TYPE_XOR2((unsigned char *)pmac->Li + x, (unsigned char *)pmac->Ls[y] + x); } #else for (x = 0; x < pmac->block_len; x++) { diff --git a/src/misc/copy_or_zeromem.c b/src/misc/copy_or_zeromem.c index a05eac603..9c149782e 100644 --- a/src/misc/copy_or_zeromem.c +++ b/src/misc/copy_or_zeromem.c @@ -34,7 +34,7 @@ void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned lon if (len & ~15) { for (; y < (len & ~15); y += 16) { for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&dest[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&src[y+z])) & fastMask; + LTC_FAST_TYPE_MASK(&dest[y+z], &src[y+z], fastMask); } } } diff --git a/src/modes/cbc/cbc_decrypt.c b/src/modes/cbc/cbc_decrypt.c index 4c3add7ac..e8b552b55 100644 --- a/src/modes/cbc/cbc_decrypt.c +++ b/src/modes/cbc/cbc_decrypt.c @@ -62,9 +62,9 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s /* xor IV against plaintext */ #if defined(LTC_FAST) for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - tmpy = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)tmp + x)); - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) = tmpy; + LTC_FAST_TYPE_XOR3(&tmpy, (unsigned char *)cbc->IV + x, (unsigned char *)tmp + x); + LTC_FAST_TYPE_ASSIGN((unsigned char *)cbc->IV + x, (unsigned char *)ct + x); + LTC_FAST_TYPE_ASSIGN((unsigned char *)pt + x, &tmpy); } #else for (x = 0; x < cbc->ecb.blocklen; x++) { diff --git a/src/modes/cbc/cbc_encrypt.c b/src/modes/cbc/cbc_encrypt.c index 7274d695d..ba74e3f11 100644 --- a/src/modes/cbc/cbc_encrypt.c +++ b/src/modes/cbc/cbc_encrypt.c @@ -51,7 +51,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s /* xor IV against plaintext */ #if defined(LTC_FAST) for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)); + LTC_FAST_TYPE_XOR2((unsigned char *)cbc->IV + x, (unsigned char *)pt + x); } #else for (x = 0; x < cbc->ecb.blocklen; x++) { @@ -67,7 +67,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s /* store IV [ciphertext] for a future block */ #if defined(LTC_FAST) for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); + LTC_FAST_TYPE_ASSIGN((unsigned char *)cbc->IV + x, (unsigned char *)ct + x); } #else for (x = 0; x < cbc->ecb.blocklen; x++) { diff --git a/src/modes/f8/f8_encrypt.c b/src/modes/f8/f8_encrypt.c index ec147fdee..1b50d1b2f 100644 --- a/src/modes/f8/f8_encrypt.c +++ b/src/modes/f8/f8_encrypt.c @@ -56,8 +56,10 @@ int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, sy STORE32H(f8->blockcnt, (buf+(f8->ecb.blocklen-4))); ++(f8->blockcnt); for (x = 0; x < f8->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&ct[x])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x])); - *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&f8->MIV[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&buf[x])); + LTC_FAST_TYPE tmp; + LTC_FAST_TYPE_XOR3(&ct[x], &pt[x], &f8->IV[x]); + LTC_FAST_TYPE_XOR3(&tmp, &f8->MIV[x], &buf[x]); + LTC_FAST_TYPE_XOR2(&f8->IV[x], &tmp); } if ((err = ecb_encrypt_block(f8->IV, f8->IV, &f8->ecb)) != CRYPT_OK) { return err; diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c index a04f90d47..7a63e7824 100644 --- a/src/modes/lrw/lrw_process.c +++ b/src/modes/lrw/lrw_process.c @@ -52,7 +52,9 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i for (; x < 16; x++) { #ifdef LTC_FAST for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(lrw->pad + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][lrw->IV[x]][y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][(lrw->IV[x]-1)&255][y])); + LTC_FAST_TYPE tmp; + LTC_FAST_TYPE_XOR3(&tmp, &lrw->PC[x][lrw->IV[x]][y], &lrw->PC[x][(lrw->IV[x]-1)&255][y]); + LTC_FAST_TYPE_XOR2(lrw->pad + y, &tmp); } #else for (y = 0; y < 16; y++) { @@ -67,7 +69,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i /* xor prod */ #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(pt + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x)); + LTC_FAST_TYPE_XOR3(ct + x, pt + x, prod + x); } #else for (x = 0; x < 16; x++) { @@ -89,7 +91,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i /* xor prod */ #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(ct + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x)); + LTC_FAST_TYPE_XOR3(ct + x, ct + x, prod + x); } #else for (x = 0; x < 16; x++) { diff --git a/src/modes/lrw/lrw_setiv.c b/src/modes/lrw/lrw_setiv.c index 72615e773..81dad3343 100644 --- a/src/modes/lrw/lrw_setiv.c +++ b/src/modes/lrw/lrw_setiv.c @@ -48,7 +48,7 @@ int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw) for (x = 1; x < 16; x++) { #ifdef LTC_FAST for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][IV[x]][y])); + LTC_FAST_TYPE_XOR2(T + y, &lrw->PC[x][IV[x]][y]); } #else for (y = 0; y < 16; y++) { diff --git a/src/modes/xts/xts_decrypt.c b/src/modes/xts/xts_decrypt.c index 50019b9fd..4de037f55 100644 --- a/src/modes/xts/xts_decrypt.c +++ b/src/modes/xts/xts_decrypt.c @@ -16,7 +16,7 @@ static int s_tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned ch /* tweak encrypt block i */ #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&P[x])) = *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x])); + LTC_FAST_TYPE_XOR3(&P[x], &C[x], &T[x]); } #else for (x = 0; x < 16; x++) { @@ -28,7 +28,7 @@ static int s_tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned ch #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x])); + LTC_FAST_TYPE_XOR2(&P[x], &T[x]); } #else for (x = 0; x < 16; x++) { diff --git a/src/modes/xts/xts_encrypt.c b/src/modes/xts/xts_encrypt.c index 65b129c3a..5e177d657 100644 --- a/src/modes/xts/xts_encrypt.c +++ b/src/modes/xts/xts_encrypt.c @@ -16,7 +16,7 @@ static int s_tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char /* tweak encrypt block i */ #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&C[x])) = *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x])); + LTC_FAST_TYPE_XOR3(&C[x], &P[x], &T[x]); } #else for (x = 0; x < 16; x++) { @@ -30,7 +30,7 @@ static int s_tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char #ifdef LTC_FAST for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x])); + LTC_FAST_TYPE_XOR2(&C[x], &T[x]); } #else for (x = 0; x < 16; x++) {