From c39a5710d0e4039a4f2bbd53ec284eb89d3b83c4 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 6 May 2019 15:14:49 -0400 Subject: [PATCH] Avoid alignment warnings in openssl rc4.c Add a comment to k5_arcfour_init_state() explaining how we stretch the krb5_data cipher state contract. Use void * casts when interpreting the data pointer to avoid alignment warnings. [ghudson@mit.edu: moved and expanded comment; rewrote commit message] (cherry picked from commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d) --- src/lib/crypto/openssl/enc_provider/rc4.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index 7f3c086ed..a65d57b7a 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -57,7 +57,7 @@ struct arcfour_state { /* In-place IOV crypto */ static krb5_error_code -k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, +k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, size_t num_data) { size_t i; @@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, EVP_CIPHER_CTX *ctx = NULL; struct arcfour_state *arcstate; - arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL; + arcstate = (state != NULL) ? (void *)state->data : NULL; if (arcstate != NULL) { ctx = arcstate->ctx; if (arcstate->loopback != arcstate) @@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, static void k5_arcfour_free_state(krb5_data *state) { - struct arcfour_state *arcstate = (struct arcfour_state *) state->data; + struct arcfour_state *arcstate = (void *)state->data; EVP_CIPHER_CTX_free(arcstate->ctx); free(arcstate); @@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key, { struct arcfour_state *arcstate; + /* + * The cipher state here is a saved pointer to a struct arcfour_state + * object, rather than a flat byte array as in most enc providers. The + * object includes a loopback pointer to detect if if the caller made a + * copy of the krb5_data value or otherwise assumed it was a simple byte + * array. When we cast the data pointer back, we need to go through void * + * to avoid increased alignment warnings. + */ + /* Create a state structure with an uninitialized context. */ arcstate = calloc(1, sizeof(*arcstate)); if (arcstate == NULL)