2 files changed, 10 insertions, 7 deletions

diff --git a/src/crypto/gcm.c b/src/crypto/gcm.c
index c21aad1..a32890d 100644
--- a/src/crypto/gcm.c
+++ b/src/crypto/gcm.c
@@ -469,13 +469,15 @@ int gcm_setkey ( struct gcm_context *context, const void *key, size_t keylen,
  * @v ivlen		Initialisation vector length
  */
 void gcm_setiv ( struct gcm_context *context, const void *iv, size_t ivlen ) {
-	union gcm_block *check = ( ( void * ) context );
 
-	/* Sanity checks */
-	build_assert ( &context->hash == check );
-	build_assert ( &context->len == check + 1 );
-	build_assert ( &context->ctr == check + 2 );
-	build_assert ( &context->key == check + 3 );
+	/* Sanity check: ensure that memset()s will clear expected state */
+	build_assert ( &context->hash < &context->ctr );
+	build_assert ( &context->len < &context->ctr );
+	build_assert ( &context->ctr < &context->key );
+	build_assert ( ( ( void * ) &context->raw_cipher ) >
+		       ( ( void * ) &context->key ) );
+	build_assert ( ( ( void * ) context->raw_ctx ) >
+		       ( ( void * ) &context->key ) );
 
 	/* Reset non-key state */
 	memset ( context, 0, offsetof ( typeof ( *context ), key ) );
diff --git a/src/include/ipxe/gcm.h b/src/include/ipxe/gcm.h
index 9653a0a..4864445 100644
--- a/src/include/ipxe/gcm.h
+++ b/src/include/ipxe/gcm.h
@@ -89,7 +89,8 @@ static int _gcm_name ## _setkey ( void *ctx, const void *key,		\
 				  size_t keylen ) {			\
 	struct _gcm_name ## _context *context = ctx;			\
 	build_assert ( _blocksize == sizeof ( context->gcm.key ) );	\
-	build_assert ( ( ( void * ) &context->gcm ) == ctx );		\
+	build_assert ( ( ( void * ) &context->gcm ) ==			\
+		       ( ( void * ) context ) );			\
 	build_assert ( ( ( void * ) &context->raw ) ==			\
 		       ( ( void * ) context->gcm.raw_ctx ) );		\
 	return gcm_setkey ( &context->gcm, key, keylen, &_raw_cipher );	\