krb5 commit: Avoid alignment warnings in openssl rc4.c

Greg Hudson ghudson at mit.edu
Thu May 9 14:39:54 EDT 2019 

https://github.com/krb5/krb5/commit/1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d
commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Mon May 6 15:14:49 2019 -0400

    Avoid alignment warnings in openssl rc4.c
    
    Add a comment to k5_arcfour_init_state() explaining how we stretch the
    krb5_data cipher state contract.  Use void * casts when interpreting
    the data pointer to avoid alignment warnings.
    
    [ghudson at mit.edu: moved and expanded comment; rewrote commit message]

 src/lib/crypto/openssl/enc_provider/rc4.c |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
index 7f3c086..a65d57b 100644
--- a/src/lib/crypto/openssl/enc_provider/rc4.c
+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -57,7 +57,7 @@ struct arcfour_state {
 
 /* In-place IOV crypto */
 static krb5_error_code
-k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
                    size_t num_data)
 {
     size_t i;
@@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
     EVP_CIPHER_CTX *ctx = NULL;
     struct arcfour_state *arcstate;
 
-    arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL;
+    arcstate = (state != NULL) ? (void *)state->data : NULL;
     if (arcstate != NULL) {
         ctx = arcstate->ctx;
         if (arcstate->loopback != arcstate)
@@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
 static void
 k5_arcfour_free_state(krb5_data *state)
 {
-    struct arcfour_state *arcstate = (struct arcfour_state *) state->data;
+    struct arcfour_state *arcstate = (void *)state->data;
 
     EVP_CIPHER_CTX_free(arcstate->ctx);
     free(arcstate);
@@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key,
 {
     struct arcfour_state *arcstate;
 
+    /*
+     * The cipher state here is a saved pointer to a struct arcfour_state
+     * object, rather than a flat byte array as in most enc providers.  The
+     * object includes a loopback pointer to detect if if the caller made a
+     * copy of the krb5_data value or otherwise assumed it was a simple byte
+     * array.  When we cast the data pointer back, we need to go through void *
+     * to avoid increased alignment warnings.
+     */
+
     /* Create a state structure with an uninitialized context. */
     arcstate = calloc(1, sizeof(*arcstate));
     if (arcstate == NULL)

More information about the cvs-krb5 mailing list