libtom · MarekKnapek · May 20, 2026 · May 20, 2026 · May 20, 2026 · May 20, 2026
diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c
@@ -248,8 +248,8 @@ int ccm_memory(int cipher,
 
                 /* xor the PT against the pad first */
                 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
-                    *(LTC_FAST_TYPE_PTR_CAST(&PAD[z]))  ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z]));
-                    *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z]));
+                    LTC_FAST_TYPE_XOR2(&PAD[z], &pt[y+z]);
+                    LTC_FAST_TYPE_XOR3(&ct[y+z], &pt[y+z], &CTRPAD[z]);
                 }
                 if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
                    goto error;
@@ -268,8 +268,8 @@ int ccm_memory(int cipher,
 
                 /* xor the PT against the pad last */
                 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
-                    *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z]));
-                    *(LTC_FAST_TYPE_PTR_CAST(&PAD[z]))  ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z]));
+                    LTC_FAST_TYPE_XOR3(&pt[y+z], &ct[y+z], &CTRPAD[z]);
+                    LTC_FAST_TYPE_XOR2(&PAD[z], &pt[y+z]);
                 }
                 if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
                    goto error;

diff --git a/src/encauth/gcm/gcm_add_aad.c b/src/encauth/gcm/gcm_add_aad.c
@@ -81,7 +81,7 @@ int gcm_add_aad(gcm_state *gcm,
    if (gcm->buflen == 0 && adatalen > 15) {
       for (x = 0; x < (adatalen & ~15); x += 16) {
           for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&adata[x + y]));
+              LTC_FAST_TYPE_XOR2(&gcm->X[y], &adata[x + y]);
           }
           gcm_mult_h(gcm, gcm->X);
           gcm->totlen += 128;

diff --git a/src/encauth/gcm/gcm_add_iv.c b/src/encauth/gcm/gcm_add_iv.c
@@ -45,7 +45,7 @@ int gcm_add_iv(gcm_state *gcm,
    if (gcm->buflen == 0) {
       for (x = 0; x < (IVlen & ~15); x += 16) {
           for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&IV[x + y]));
+              LTC_FAST_TYPE_XOR2(&gcm->X[y], &IV[x + y]);
           }
           gcm_mult_h(gcm, gcm->X);
           gcm->totlen += 128;

diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c
@@ -30,7 +30,7 @@ void gcm_mult_h(const gcm_state *gcm, unsigned char *I)
    for (x = 1; x < 16; x++) {
 #ifdef LTC_FAST
        for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-           *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&gcm->PC[x][I[x]][y]));
+           LTC_FAST_TYPE_XOR2(T + y, &gcm->PC[x][I[x]][y]);
        }
 #else
        for (y = 0; y < 16; y++) {

diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c
@@ -79,8 +79,8 @@ int gcm_process(gcm_state *gcm,
          for (x = 0; x < (ptlen & ~15); x += 16) {
              /* ctr encrypt */
              for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-                 *(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));
-                 *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));
+                 LTC_FAST_TYPE_XOR3(&ct[x + y], &pt[x+y], &gcm->buf[y]);
+                 LTC_FAST_TYPE_XOR2(&gcm->X[y], &ct[x+y]);
              }
              /* GMAC it */
              gcm->pttotlen += 128;
@@ -97,8 +97,8 @@ int gcm_process(gcm_state *gcm,
          for (x = 0; x < (ptlen & ~15); x += 16) {
              /* ctr encrypt */
              for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-                 *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));
-                 *(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));
+                 LTC_FAST_TYPE_XOR2(&gcm->X[y], &ct[x+y]);
+                 LTC_FAST_TYPE_XOR3(&pt[x + y], &ct[x+y], &gcm->buf[y]);
              }
              /* GMAC it */
              gcm->pttotlen += 128;

diff --git a/src/encauth/siv/siv.c b/src/encauth/siv/siv.c
@@ -161,7 +161,7 @@ static LTC_INLINE int s_siv_S2V_T(siv_omac_ctx_t *ctx,
    } else {
       s_siv_dbl(D);
       XMEMSET(&T, 0, sizeof(T));
-      XMEMCPY(&T, in, inlen);
+      if (inlen != 0) XMEMCPY(&T, in, inlen);
       T.u.byte[inlen] = 0x80;
       s_siv_xor_buf(D, &T);
 

diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h
@@ -267,12 +267,34 @@ typedef unsigned long ltc_mp_digit;
 #endif
 
 #ifdef LTC_FAST
-   #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x))
    #ifdef ENDIAN_64BITWORD
    typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE;
    #else
    typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE;
    #endif
+   #define LTC_FAST_TYPE_XOR3(dst, src1, src2) \
+      do { \
+         LTC_FAST_TYPE fast_src1, fast_src2, fast_dst; \
+         XMEMCPY(&fast_src1, (src1), sizeof(LTC_FAST_TYPE)); \
+         XMEMCPY(&fast_src2, (src2), sizeof(LTC_FAST_TYPE)); \
+         fast_dst = fast_src1 ^ fast_src2; \
+         XMEMCPY((dst), &fast_dst, sizeof(LTC_FAST_TYPE)); \
+      }while (0)
+   #define LTC_FAST_TYPE_XOR2(dst, src) LTC_FAST_TYPE_XOR3((dst), (dst), (src))
+   #define LTC_FAST_TYPE_MASK(dst, src, mask) \
+      do { \
+         LTC_FAST_TYPE fast_src, fast_mask, fast_dst; \
+         XMEMCPY(&fast_src, (src), sizeof(LTC_FAST_TYPE)); \
+         fast_mask = ((LTC_FAST_TYPE)(mask)); \
+         fast_dst = fast_src & fast_mask; \
+         XMEMCPY((dst), &fast_dst, sizeof(LTC_FAST_TYPE)); \
+      }while (0)
+   #define LTC_FAST_TYPE_ASSIGN(dst, src) \
+      do { \
+         LTC_FAST_TYPE fast_tmp; \
+         XMEMCPY(&fast_tmp, (src), sizeof(LTC_FAST_TYPE)); \
+         XMEMCPY((dst), &fast_tmp, sizeof(LTC_FAST_TYPE)); \
+      }while (0)
 #endif
 
 #if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))

diff --git a/src/mac/f9/f9_process.c b/src/mac/f9/f9_process.c
@@ -36,11 +36,11 @@ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen)
    if (f9->buflen == 0) {
        while (inlen >= (unsigned long)f9->blocksize) {
            for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&(f9->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x])));
+              LTC_FAST_TYPE_XOR2(&(f9->IV[x]), &(in[x]));
            }
            ecb_encrypt_block(f9->IV, f9->IV, &f9->key);
            for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&(f9->ACC[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(f9->IV[x])));
+              LTC_FAST_TYPE_XOR2(&(f9->ACC[x]), &(f9->IV[x]));
            }
            in    += f9->blocksize;
            inlen -= f9->blocksize;

diff --git a/src/mac/omac/omac_process.c b/src/mac/omac/omac_process.c
@@ -34,7 +34,7 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen)
    if (omac->buflen == 0 && inlen > (unsigned long)omac->blklen) {
       for (x = 0; x < (inlen - omac->blklen); x += omac->blklen) {
           for (n = 0; n < (unsigned long)omac->blklen; n += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&omac->prev[n])) ^= *(LTC_FAST_TYPE_PTR_CAST(&in[n]));
+              LTC_FAST_TYPE_XOR2(&omac->prev[n], &in[n]);
           }
           in += omac->blklen;
           if ((err = ecb_encrypt_block(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) {

diff --git a/src/mac/pelican/pelican.c b/src/mac/pelican/pelican.c
@@ -108,7 +108,7 @@ int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned lon
       while (inlen & ~15) {
          int x;
          for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-            *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pelmac->state + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)in + x));
+            LTC_FAST_TYPE_XOR2((unsigned char *)pelmac->state + x, (unsigned char *)in + x);
          }
          s_four_rounds(pelmac);
          in    += 16;

diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c
@@ -37,13 +37,13 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen)
       for (x = 0; x < (inlen - 16); x += 16) {
           pmac_shift_xor(pmac);
           for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&Z[y])) = *(LTC_FAST_TYPE_PTR_CAST(&in[y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&pmac->Li[y]));
+              LTC_FAST_TYPE_XOR3(&Z[y], &in[y], &pmac->Li[y]);
           }
           if ((err = ecb_encrypt_block(Z, Z, &pmac->key)) != CRYPT_OK) {
              return err;
           }
           for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&pmac->checksum[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&Z[y]));
+              LTC_FAST_TYPE_XOR2(&pmac->checksum[y], &Z[y]);
           }
           in += 16;
       }

diff --git a/src/mac/pmac/pmac_shift_xor.c b/src/mac/pmac/pmac_shift_xor.c
@@ -19,8 +19,7 @@ void pmac_shift_xor(pmac_state *pmac)
    y = pmac_ntz(pmac->block_index++);
 #ifdef LTC_FAST
    for (x = 0; x < pmac->block_len; x += sizeof(LTC_FAST_TYPE)) {
-       *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Li + x)) ^=
-       *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Ls[y] + x));
+       LTC_FAST_TYPE_XOR2((unsigned char *)pmac->Li + x, (unsigned char *)pmac->Ls[y] + x);
    }
 #else
    for (x = 0; x < pmac->block_len; x++) {

diff --git a/src/mac/xcbc/xcbc_process.c b/src/mac/xcbc/xcbc_process.c
@@ -32,7 +32,7 @@ int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen)
    if (xcbc->buflen == 0) {
        while (inlen > (unsigned long)xcbc->blocksize) {
            for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(&(xcbc->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x])));
+              LTC_FAST_TYPE_XOR2(&(xcbc->IV[x]), &(in[x]));
            }
            ecb_encrypt_block(xcbc->IV, xcbc->IV, &xcbc->key);
            in    += xcbc->blocksize;

diff --git a/src/misc/compare_testvector.c b/src/misc/compare_testvector.c
@@ -59,6 +59,8 @@ int ltc_compare_testvector(const void* is, const unsigned long is_len, const voi
    int res = 0;
    if(is_len != should_len) {
       res = is_len > should_len ? -1 : 1;
+   } else if (is_len == 0 && (!is || !should)) {
+      res = 0;
    } else {
       res = XMEMCMP(is, should, is_len);
    }

diff --git a/src/misc/copy_or_zeromem.c b/src/misc/copy_or_zeromem.c
@@ -34,7 +34,7 @@ void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned lon
    if (len & ~15) {
       for (; y < (len & ~15); y += 16) {
         for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
-          *(LTC_FAST_TYPE_PTR_CAST(&dest[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&src[y+z])) & fastMask;
+          LTC_FAST_TYPE_MASK(&dest[y+z], &src[y+z], fastMask);
         }
       }
    }

diff --git a/src/modes/cbc/cbc_decrypt.c b/src/modes/cbc/cbc_decrypt.c
@@ -62,9 +62,9 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
       /* xor IV against plaintext */
 #if defined(LTC_FAST)
       for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) {
-         tmpy = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)tmp + x));
-         *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x));
-         *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) = tmpy;
+         LTC_FAST_TYPE_XOR3(&tmpy, (unsigned char *)cbc->IV + x, (unsigned char *)tmp + x);
+         LTC_FAST_TYPE_ASSIGN((unsigned char *)cbc->IV + x, (unsigned char *)ct + x);
+         LTC_FAST_TYPE_ASSIGN((unsigned char *)pt + x, &tmpy);
       }
 #else
       for (x = 0; x < cbc->ecb.blocklen; x++) {

diff --git a/src/modes/cbc/cbc_encrypt.c b/src/modes/cbc/cbc_encrypt.c
@@ -51,7 +51,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
       /* xor IV against plaintext */
 #if defined(LTC_FAST)
       for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) {
-         *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x));
+         LTC_FAST_TYPE_XOR2((unsigned char *)cbc->IV + x, (unsigned char *)pt + x);
       }
 #else
       for (x = 0; x < cbc->ecb.blocklen; x++) {
@@ -67,7 +67,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
       /* store IV [ciphertext] for a future block */
 #if defined(LTC_FAST)
       for (x = 0; x < cbc->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) {
-         *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x));
+         LTC_FAST_TYPE_ASSIGN((unsigned char *)cbc->IV + x, (unsigned char *)ct + x);
       }
 #else
       for (x = 0; x < cbc->ecb.blocklen; x++) {

diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c
@@ -53,8 +53,7 @@ static int s_ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned lo
 #ifdef LTC_FAST
       if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->ecb.blocklen)) {
          for (x = 0; x < ctr->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) {
-            *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) ^
-                                                           *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ctr->pad + x));
+            LTC_FAST_TYPE_XOR3((unsigned char *)ct + x, (unsigned char *)pt + x, (unsigned char *)ctr->pad + x);
          }
        pt         += ctr->ecb.blocklen;
        ct         += ctr->ecb.blocklen;

diff --git a/src/modes/f8/f8_encrypt.c b/src/modes/f8/f8_encrypt.c
@@ -56,8 +56,10 @@ int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, sy
          STORE32H(f8->blockcnt, (buf+(f8->ecb.blocklen-4)));
          ++(f8->blockcnt);
          for (x = 0; x < f8->ecb.blocklen; x += sizeof(LTC_FAST_TYPE)) {
-             *(LTC_FAST_TYPE_PTR_CAST(&ct[x])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x]));
-             *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&f8->MIV[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&buf[x]));
+             LTC_FAST_TYPE tmp;
+             LTC_FAST_TYPE_XOR3(&ct[x], &pt[x], &f8->IV[x]);
+             LTC_FAST_TYPE_XOR3(&tmp, &f8->MIV[x], &buf[x]);
+             LTC_FAST_TYPE_XOR2(&f8->IV[x], &tmp);
          }
          if ((err = ecb_encrypt_block(f8->IV, f8->IV, &f8->ecb)) != CRYPT_OK) {
             return err;

diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c
@@ -52,7 +52,9 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i
       for (; x < 16; x++) {
 #ifdef LTC_FAST
           for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-              *(LTC_FAST_TYPE_PTR_CAST(lrw->pad + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][lrw->IV[x]][y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][(lrw->IV[x]-1)&255][y]));
+              LTC_FAST_TYPE tmp;
+              LTC_FAST_TYPE_XOR3(&tmp, &lrw->PC[x][lrw->IV[x]][y], &lrw->PC[x][(lrw->IV[x]-1)&255][y]);
+              LTC_FAST_TYPE_XOR2(lrw->pad + y, &tmp);
           }
 #else
           for (y = 0; y < 16; y++) {
@@ -67,7 +69,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i
       /* xor prod */
 #ifdef LTC_FAST
       for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-           *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(pt + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x));
+           LTC_FAST_TYPE_XOR3(ct + x, pt + x, prod + x);
       }
 #else
       for (x = 0; x < 16; x++) {
@@ -89,7 +91,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i
       /* xor prod */
 #ifdef LTC_FAST
       for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-           *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(ct + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x));
+           LTC_FAST_TYPE_XOR3(ct + x, ct + x, prod + x);
       }
 #else
       for (x = 0; x < 16; x++) {

diff --git a/src/modes/lrw/lrw_setiv.c b/src/modes/lrw/lrw_setiv.c
@@ -48,7 +48,7 @@ int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw)
    for (x = 1; x < 16; x++) {
 #ifdef LTC_FAST
        for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-           *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][IV[x]][y]));
+           LTC_FAST_TYPE_XOR2(T + y, &lrw->PC[x][IV[x]][y]);
        }
 #else
        for (y = 0; y < 16; y++) {

diff --git a/src/modes/xts/xts_decrypt.c b/src/modes/xts/xts_decrypt.c
@@ -16,7 +16,7 @@ static int s_tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned ch
    /* tweak encrypt block i */
 #ifdef LTC_FAST
    for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-      *(LTC_FAST_TYPE_PTR_CAST(&P[x])) = *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
+      LTC_FAST_TYPE_XOR3(&P[x], &C[x], &T[x]);
    }
 #else
    for (x = 0; x < 16; x++) {
@@ -28,7 +28,7 @@ static int s_tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned ch
 
 #ifdef LTC_FAST
    for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-      *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
+      LTC_FAST_TYPE_XOR2(&P[x], &T[x]);
    }
 #else
    for (x = 0; x < 16; x++) {

diff --git a/src/modes/xts/xts_encrypt.c b/src/modes/xts/xts_encrypt.c
@@ -16,7 +16,7 @@ static int s_tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char
    /* tweak encrypt block i */
 #ifdef LTC_FAST
    for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-      *(LTC_FAST_TYPE_PTR_CAST(&C[x])) = *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
+      LTC_FAST_TYPE_XOR3(&C[x], &P[x], &T[x]);
    }
 #else
    for (x = 0; x < 16; x++) {
@@ -30,7 +30,7 @@ static int s_tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char
 
 #ifdef LTC_FAST
    for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
-      *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
+      LTC_FAST_TYPE_XOR2(&C[x], &T[x]);
    }
 #else
    for (x = 0; x < 16; x++) {

diff --git a/src/pk/ec25519/tweetnacl.c b/src/pk/ec25519/tweetnacl.c
@@ -53,7 +53,7 @@ sv car25519(gf o)
     o[i]+=(1LL<<16);
     c=o[i]>>16;
     o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);
-    o[i]-=c<<16;
+    o[i]-=((i64)(((u64)(c))<<16));
   }
 }
 
@@ -366,7 +366,7 @@ sv modL(u8 *r,i64 x[64])
     for (j = i - 32;j < i - 12;++j) {
       x[j] += carry - 16 * x[i] * L[j - (i - 32)];
       carry = (x[j] + 128) >> 8;
-      x[j] -= carry << 8;
+      x[j] -= ((i64)(((u64)(carry)) << 8));
     }
     x[j] += carry;
     x[i] = 0;

diff --git a/src/pk/ec448/ec448_common.c b/src/pk/ec448/ec448_common.c
@@ -96,13 +96,13 @@ static void s_gf448_carry(gf448 o)
    for (i = 0; i < 15; ++i) {
       c = o[i] >> 28;
       o[i+1] += c;
-      o[i] -= c << 28;
+      o[i] -= ((long64)(((ulong64)(c)) << 28));
    }
    /* limb 15 overflow: 2^(28*16) = 2^448 == 2^224 + 1 */
    c = o[15] >> 28;
    o[0]  += c;     /* + c * 1 */
    o[8]  += c;     /* + c * 2^224 */
-   o[15] -= c << 28;
+   o[15] -= ((long64)(((ulong64)(c)) << 28));
    /* one more pass to settle the extra from limb 0 and 8 */
    for (i = 0; i < 15; ++i) {
       c = o[i] >> 28;
@@ -254,7 +254,7 @@ static void s_gf448_mul(gf448 o, const gf448 a, const gf448 b)
    for (i = 0; i < 30; ++i) {
       c = t[i] >> 28;
       t[i+1] += c;
-      t[i] -= c << 28;
+      t[i] -= ((long64)(((ulong64)(c)) << 28));
    }
    t[14] += 2 * t[30];
    t[6]  += t[30];

diff --git a/tests/store_test.c b/tests/store_test.c
@@ -63,7 +63,7 @@ int store_test(void)
 
      /* now XOR it word for word */
      for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) {
-        *(LTC_FAST_TYPE_PTR_CAST(&buf[5*y+z+x])) = *(LTC_FAST_TYPE_PTR_CAST(&buf[z+x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&buf[z+y+x+zz]));
+        LTC_FAST_TYPE_XOR3(&buf[5*y+z+x], &buf[z+x], &buf[z+y+x+zz]);
      }
 
      if (memcmp(&buf[4*y+z], &buf[5*y+z], y)) {