kdf: fix unaligned memory access in balloon_xor_block

* cipher/kdf.c (balloon_xor_block): Use 'buf_xor' helper function; Change
pointer parameters to 'void *' type.
(balloon_final): Don't cast last_block to 'u64 *' for balloon_xor_block
call.
--

Seen on s390x UBSAN:
/home/testbuild/libgcrypt/cipher/kdf.c:1130:12: runtime error: load of misaligned address 0x00400181370c for type 'u64', which requires 8 byte alignment
0x00400181370c: note: pointer points here
  01 01 01 01 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
              ^
    #0 0x4001a3f3d3  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x1f83d3)
    #1 0x40019cf049  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x188049)
    #2 0x400000acbf  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0xacbf)
    #3 0x4000008931  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x8931)
    #4 0x400271a031  (/lib/libc.so.6+0x2b031)
    #5 0x400271a10d  (/lib/libc.so.6+0x2b10d)
    #6 0x4000009bcf  (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x9bcf)

GnuPG-bug-id: 5817
Signed-off-by: Jussi Kivilinna <[email protected]>

cipher/kdf.c

@@ -1122,12 +1122,9 @@ balloon_open (gcry_kdf_hd_t *hd, int subalgo,
 
 
 static void
-balloon_xor_block (balloon_ctx_t b, u64 *dst, const u64 *src)
+balloon_xor_block (balloon_ctx_t b, void *dst, const void *src)
 {
-  int i;
-
-  for (i = 0; i < b->blklen/8; i++)
-    dst[i] ^= src[i];
+  buf_xor (dst, dst, src, b->blklen);
 }
 
 #define BALLOON_COMPRESS_BLOCKS 5
@@ -1355,7 +1352,7 @@ balloon_final (balloon_ctx_t b, size_t resultlen, void *result)
         return t->ec;
 
       last_block = t->block + (b->blklen * (t->b->n_blocks - 1));
-      balloon_xor_block (b, result, (u64 *)last_block);
+      balloon_xor_block (b, result, last_block);
     }
 
   return 0;