diff --git a/ChangeLog b/ChangeLog
index 0d7accd270a61dc6added52b16b9c71501e8b66d..b476c8de1b5212209cd0d512bd70a9b9ba84bd59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2014-01-13  Niels Möller  <nisse@lysator.liu.se>
+
+	* nettle-types.h (union nettle_block16): New type, replacing union
+	gcm_block.
+	* gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
+	* gcm.c: Replaced all use of gcm_block by nettle_block16.
+
 2014-01-04  Niels Möller  <nisse@lysator.liu.se>
 
 	* config.guess: Updated to 2014-01-01 version, from
diff --git a/gcm.c b/gcm.c
index c9ea30bc1a696849b33daa8dd1c4782854afe4e0..43edf66114dafcafc6815ecb07527a21482d540b 100644
--- a/gcm.c
+++ b/gcm.c
@@ -50,7 +50,8 @@
 #define GHASH_POLYNOMIAL 0xE1UL
 
 static void
-gcm_gf_add (union gcm_block *r, const union gcm_block *x, const union gcm_block *y)
+gcm_gf_add (union nettle_block16 *r,
+	    const union nettle_block16 *x, const union nettle_block16 *y)
 {
   r->w[0] = x->w[0] ^ y->w[0];
   r->w[1] = x->w[1] ^ y->w[1];
@@ -63,7 +64,7 @@ gcm_gf_add (union gcm_block *r, const union gcm_block *x, const union gcm_block
    shifted out is one, the defining polynomial is added to cancel it
    out. r == x is allowed. */
 static void
-gcm_gf_shift (union gcm_block *r, const union gcm_block *x)
+gcm_gf_shift (union nettle_block16 *r, const union nettle_block16 *x)
 {
   long mask;
 
@@ -111,10 +112,10 @@ gcm_gf_shift (union gcm_block *r, const union gcm_block *x)
    specification. y may be shorter than a full block, missing bytes
    are assumed zero. */
 static void
-gcm_gf_mul (union gcm_block *x, const union gcm_block *y)
+gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *y)
 {
-  union gcm_block V;
-  union gcm_block Z;
+  union nettle_block16 V;
+  union nettle_block16 Z;
   unsigned i;
 
   memcpy(V.b, x, sizeof(V));
@@ -150,7 +151,7 @@ shift_table[0x10] = {
 };
 
 static void
-gcm_gf_shift_4(union gcm_block *x)
+gcm_gf_shift_4(union nettle_block16 *x)
 {
   unsigned long *w = x->w;
   unsigned long reduce;
@@ -195,9 +196,9 @@ gcm_gf_shift_4(union gcm_block *x)
 }
 
 static void
-gcm_gf_mul (union gcm_block *x, const union gcm_block *table)
+gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table)
 {
-  union gcm_block Z;
+  union nettle_block16 Z;
   unsigned i;
 
   memset(Z.b, 0, sizeof(Z));
@@ -218,7 +219,7 @@ gcm_gf_mul (union gcm_block *x, const union gcm_block *table)
 
 #define gcm_hash _nettle_gcm_hash8
 void
-_nettle_gcm_hash8 (const struct gcm_key *key, union gcm_block *x,
+_nettle_gcm_hash8 (const struct gcm_key *key, union nettle_block16 *x,
 		   size_t length, const uint8_t *data);
 #  else /* !HAVE_NATIVE_gcm_hash8 */
 static const uint16_t
@@ -258,7 +259,7 @@ shift_table[0x100] = {
 };
 
 static void
-gcm_gf_shift_8(union gcm_block *x)
+gcm_gf_shift_8(union nettle_block16 *x)
 {
   unsigned long *w = x->w;
   unsigned long reduce;
@@ -296,9 +297,9 @@ gcm_gf_shift_8(union gcm_block *x)
 }
 
 static void
-gcm_gf_mul (union gcm_block *x, const union gcm_block *table)
+gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table)
 {
-  union gcm_block Z;
+  union nettle_block16 Z;
   unsigned i;
 
   memcpy(Z.b, table[x->b[GCM_BLOCK_SIZE-1]].b, GCM_BLOCK_SIZE);
@@ -356,7 +357,7 @@ gcm_set_key(struct gcm_key *key,
 
 #ifndef gcm_hash
 static void
-gcm_hash(const struct gcm_key *key, union gcm_block *x,
+gcm_hash(const struct gcm_key *key, union nettle_block16 *x,
 	 size_t length, const uint8_t *data)
 {
   for (; length >= GCM_BLOCK_SIZE;
@@ -374,7 +375,7 @@ gcm_hash(const struct gcm_key *key, union gcm_block *x,
 #endif /* !gcm_hash */
 
 static void
-gcm_hash_sizes(const struct gcm_key *key, union gcm_block *x,
+gcm_hash_sizes(const struct gcm_key *key, union nettle_block16 *x,
 	       uint64_t auth_size, uint64_t data_size)
 {
   uint8_t buffer[GCM_BLOCK_SIZE];
diff --git a/gcm.h b/gcm.h
index f50c7363edafeba192c7169dcaa2835beb060f87..39b9e48a3a7d4f5effc3ad0160b3d450ed0c9a2d 100644
--- a/gcm.h
+++ b/gcm.h
@@ -60,27 +60,20 @@ extern "C" {
 
 #define GCM_TABLE_BITS 8
 
-/* To make sure that we have proper alignment. */
-union gcm_block
-{
-  uint8_t b[GCM_BLOCK_SIZE];
-  unsigned long w[GCM_BLOCK_SIZE / sizeof(unsigned long)];
-};
-
 /* Hashing subkey */
 struct gcm_key
 {
-  union gcm_block h[1 << GCM_TABLE_BITS];
+  union nettle_block16 h[1 << GCM_TABLE_BITS];
 };
   
 /* Per-message state, depending on the iv */
 struct gcm_ctx {
   /* Original counter block */
-  union gcm_block iv;
+  union nettle_block16 iv;
   /* Updated for each block. */
-  union gcm_block ctr;
+  union nettle_block16 ctr;
   /* Hashing state */
-  union gcm_block x;
+  union nettle_block16 x;
   uint64_t auth_size;
   uint64_t data_size;
 };
diff --git a/nettle-types.h b/nettle-types.h
index 1989d188fc6bcad28f91f013691aaad28dc8292a..148ac4dfccaa14ca5808b7e0ac86d88061bf76e0 100644
--- a/nettle-types.h
+++ b/nettle-types.h
@@ -34,6 +34,13 @@
 extern "C" {
 #endif
 
+/* An aligned 16-byte block. */
+union nettle_block16
+{
+  uint8_t b[16];
+  unsigned long w[16 / sizeof(unsigned long)];
+};
+
 /* Randomness. Used by key generation and dsa signature creation. */
 typedef void nettle_random_func(void *ctx,
 				size_t length, uint8_t *dst);