ML-KEM/ML-DSA: unaligned reads

SparkiDev · SparkiDev · commit 1900da012d76 · 2026-06-17T08:45:02.000+10:00
Use readUnaligned32/64 to ensure no unaligned read faults.
Updated implementations of read/write unaligned 32/64 to not worry about alignment on CPUs that are known to not care.
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
@@ -231,100 +231,159 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 #endif
 }
 
+#if ((defined(WOLFSSL_AARCH64_BUILD) || defined(__aarch64__)) && \
+     defined(__APPLE__)) || \
+    defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_X86_BUILD)
+    #ifndef WOLFSSL_RW_UNALIGNED_32
+        #define WOLFSSL_RW_UNALIGNED_32
+    #endif
+#endif
 WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
 {
+#ifndef WOLFSSL_RW_UNALIGNED_32
     if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         return *(const word32 *)in;
+    }
+#ifndef WOLFSSL_RW_UNALIGNED_32
     else {
         word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
         XMEMCPY(&out, in, sizeof(out));
         return out;
     }
+#endif
 }
 
 WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in)
 {
+#ifndef WOLFSSL_RW_UNALIGNED_32
     if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         *(word32 *)out = in;
+    }
+#ifndef WOLFSSL_RW_UNALIGNED_32
     else {
         XMEMCPY(out, &in, sizeof(in));
     }
+#endif
     return in;
 }
 
 WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in,
                                                    size_t count)
 {
-    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+#ifndef WOLFSSL_RW_UNALIGNED_32
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         const word32 *in_word32 = (const word32 *)in;
         while (count-- > 0)
             *out++ = *in_word32++;
     }
+#ifndef WOLFSSL_RW_UNALIGNED_32
     else {
         XMEMCPY(out, in, count * sizeof(*out));
     }
+#endif
 }
 
 WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
                                                     size_t count)
 {
-    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+#ifndef WOLFSSL_RW_UNALIGNED_32
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         word32 *out_word32 = (word32 *)out;
         while (count-- > 0)
             *out_word32++ = *in++;
     }
+#ifndef WOLFSSL_RW_UNALIGNED_32
     else {
         XMEMCPY(out, in, count * sizeof(*in));
     }
+#endif
 }
 
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
 
+#if ((defined(WOLFSSL_AARCH64_BUILD) || defined(__aarch64__)) && \
+     defined(__APPLE__)) || \
+    defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_X86_BUILD)
+    #ifndef WOLFSSL_RW_UNALIGNED_64
+        #define WOLFSSL_RW_UNALIGNED_64
+    #endif
+#endif
+
 WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
 {
+#ifndef WOLFSSL_RW_UNALIGNED_64
     if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         return *(const word64 *)in;
+    }
+#ifndef WOLFSSL_RW_UNALIGNED_64
     else {
         word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
         XMEMCPY(&out, in, sizeof(out));
         return out;
     }
+#endif
 }
 
 WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
 {
+#ifndef WOLFSSL_RW_UNALIGNED_64
     if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         *(word64 *)out = in;
+    }
+#ifndef WOLFSSL_RW_UNALIGNED_64
     else {
         XMEMCPY(out, &in, sizeof(in));
     }
+#endif
     return in;
 }
 
 WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
                                                    size_t count)
 {
-    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+#ifndef WOLFSSL_RW_UNALIGNED_64
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         const word64 *in_word64 = (const word64 *)in;
         while (count-- > 0)
             *out++ = *in_word64++;
     }
+#ifndef WOLFSSL_RW_UNALIGNED_64
     else {
         XMEMCPY(out, in, count * sizeof(*out));
     }
+#endif
 }
 
 WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
                                                     size_t count)
 {
-    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+#ifndef WOLFSSL_RW_UNALIGNED_64
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+#endif
+    {
         word64 *out_word64 = (word64 *)out;
         while (count-- > 0)
             *out_word64++ = *in++;
     }
+#ifndef WOLFSSL_RW_UNALIGNED_64
     else {
         XMEMCPY(out, in, count * sizeof(*in));
     }
+#endif
 }
 
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
diff --git a/wolfcrypt/src/wc_mldsa.c b/wolfcrypt/src/wc_mldsa.c
@@ -4661,7 +4661,7 @@ static int mldsa_sample_in_ball_ex(int level, wc_Shake* shake256,
     if (ret == 0) {
         /* Step 1: Initialize sign bit index. */
         /* Copy first 8 bytes of first hash block as random sign bits. */
-        signs = *(word64*)block;
+        signs = readUnalignedWord64(block);
 
         /* Step 3: Put in TAU +/- 1s. */
         for (i = (unsigned int)MLDSA_N - tau; i < MLDSA_N; i++) {
diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c
@@ -3759,9 +3759,9 @@ static void mlkem_cbd_eta2(sword16* p, const byte* r)
     #endif
         /* Take the next 4 bytes, little endian, as a 32 bit value. */
     #ifdef BIG_ENDIAN_ORDER
-        word32 t = ByteReverseWord32(*(word32*)r);
+        word32 t = ByteReverseWord32(readUnalignedWord32(r));
     #else
-        word32 t = *(word32*)r;
+        word32 t = readUnalignedWord32(r);
     #endif
         word32 d;
         /* Add second bits to first. */
