diff --git a/ChangeLog b/ChangeLog
index cb6a1093ec75ff2367fdf8a6c2dffaa4e338b8c8..7602777c13dd52f7ce3d8c2a8461e23e419452ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2014-01-27  Niels Möller  <nisse@lysator.liu.se>
 
+	* eax.h (struct eax_key, struct eax_ctx): Use union
+	nettle_block16, for alignment.
+	* eax.c: Updated everything to use nettle_block16.
+	(block16_xor): New function.
+
 	* examples/nettle-benchmark.c (time_eax): New function.
 	(main): Use it.
 
diff --git a/eax.c b/eax.c
index 77a6cc38379b75635b950b1081ef42ec2955e015..970ebbd3a13c8f579abdfc73d2d37fac123ff1bd 100644
--- a/eax.c
+++ b/eax.c
@@ -36,41 +36,53 @@
 #include "memxor.h"
 
 static void
-omac_init (uint8_t *state, unsigned t)
+omac_init (union nettle_block16 *state, unsigned t)
 {
-  memset (state, 0, EAX_BLOCK_SIZE - 1);
-  state[EAX_BLOCK_SIZE - 1] = t;
+  memset (state->b, 0, EAX_BLOCK_SIZE - 1);
+  state->b[EAX_BLOCK_SIZE - 1] = t;
 }
 
+/* Almost the same as gcm_gf_add */
 static void
-omac_update (uint8_t *state, const struct eax_key *key,
+block16_xor (union nettle_block16 *dst, const union nettle_block16 *src)
+{
+  dst->w[0] ^= src->w[0];
+  dst->w[1] ^= src->w[1];
+#if SIZEOF_LONG == 4
+  dst->w[2] = src->w[2];
+  dst->w[3] = src->w[3];
+#endif
+}
+
+static void
+omac_update (union nettle_block16 *state, const struct eax_key *key,
 	     void *cipher, nettle_crypt_func *f,
 	     size_t length, const uint8_t *data)
 {
   for (; length >= EAX_BLOCK_SIZE;
        length -= EAX_BLOCK_SIZE, data += EAX_BLOCK_SIZE)
     {
-      f (cipher, EAX_BLOCK_SIZE, state, state);
-      memxor (state, data, EAX_BLOCK_SIZE);
+      f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
+      memxor (state->b, data, EAX_BLOCK_SIZE);
     }
   if (length > 0)
     {
       /* Allowed only for the last call */
-      f (cipher, EAX_BLOCK_SIZE, state, state);
-      memxor (state, data, length);
-      state[length] ^= 0x80;
+      f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
+      memxor (state->b, data, length);
+      state->b[length] ^= 0x80;
       /* XOR with (P ^ B), since the digest processing
        * unconditionally XORs with B */
-      memxor (state, key->pad_partial, EAX_BLOCK_SIZE);
+      block16_xor (state, &key->pad_partial);
     }
 }
 
 static void
-omac_final (uint8_t *state, const struct eax_key *key,
+omac_final (union nettle_block16 *state, const struct eax_key *key,
 	    void *cipher, nettle_crypt_func *f)
 {
-  memxor (state, key->pad_block, EAX_BLOCK_SIZE);
-  f (cipher, EAX_BLOCK_SIZE, state, state);
+  block16_xor (state, &key->pad_block);
+  f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
 }
 
 /* Allows r == a */
@@ -90,11 +102,11 @@ gf2_double (uint8_t *r, const uint8_t *a)
 void
 eax_set_key (struct eax_key *key, void *cipher, nettle_crypt_func *f)
 {
-  static const uint8_t zero_block[EAX_BLOCK_SIZE];
-  f (cipher, EAX_BLOCK_SIZE, key->pad_block, zero_block);
-  gf2_double (key->pad_block, key->pad_block);
-  gf2_double (key->pad_partial, key->pad_block);
-  memxor (key->pad_partial, key->pad_block, EAX_BLOCK_SIZE);
+  static const union nettle_block16 zero_block;
+  f (cipher, EAX_BLOCK_SIZE, key->pad_block.b, zero_block.b);
+  gf2_double (key->pad_block.b, key->pad_block.b);
+  gf2_double (key->pad_partial.b, key->pad_block.b);
+  block16_xor (&key->pad_partial, &key->pad_block);
 }
 
 void
@@ -102,13 +114,13 @@ eax_set_nonce (struct eax_ctx *eax, const struct eax_key *key,
 	       void *cipher, nettle_crypt_func *f,
 	       size_t nonce_length, const uint8_t *nonce)
 {
-  omac_init (eax->omac_nonce, 0);
-  omac_update (eax->omac_nonce, key, cipher, f, nonce_length, nonce);
-  omac_final (eax->omac_nonce, key, cipher, f);
-  memcpy (eax->ctr, eax->omac_nonce, EAX_BLOCK_SIZE);
+  omac_init (&eax->omac_nonce, 0);
+  omac_update (&eax->omac_nonce, key, cipher, f, nonce_length, nonce);
+  omac_final (&eax->omac_nonce, key, cipher, f);
+  memcpy (eax->ctr.b, eax->omac_nonce.b, EAX_BLOCK_SIZE);
 
-  omac_init (eax->omac_data, 1);
-  omac_init (eax->omac_message, 2);
+  omac_init (&eax->omac_data, 1);
+  omac_init (&eax->omac_message, 2);
 }
 
 void
@@ -116,7 +128,7 @@ eax_update (struct eax_ctx *eax, const struct eax_key *key,
 	    void *cipher, nettle_crypt_func *f,
 	    size_t data_length, const uint8_t *data)
 {
-  omac_update (eax->omac_data, key, cipher, f, data_length, data);
+  omac_update (&eax->omac_data, key, cipher, f, data_length, data);
 }
 
 void
@@ -124,8 +136,8 @@ eax_encrypt (struct eax_ctx *eax, const struct eax_key *key,
 	     void *cipher, nettle_crypt_func *f,
 	     size_t length, uint8_t *dst, const uint8_t *src)
 {
-  ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr, length, dst, src);
-  omac_update (eax->omac_message, key, cipher, f, length, dst);
+  ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr.b, length, dst, src);
+  omac_update (&eax->omac_message, key, cipher, f, length, dst);
 }
 
 void
@@ -133,8 +145,8 @@ eax_decrypt (struct eax_ctx *eax, const struct eax_key *key,
 	     void *cipher, nettle_crypt_func *f,
 	     size_t length, uint8_t *dst, const uint8_t *src)
 {
-  omac_update (eax->omac_message, key, cipher, f, length, src);
-  ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr, length, dst, src);
+  omac_update (&eax->omac_message, key, cipher, f, length, src);
+  ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr.b, length, dst, src);
 }
 
 void
@@ -144,9 +156,9 @@ eax_digest (struct eax_ctx *eax, const struct eax_key *key,
 {
   assert (length > 0);
   assert (length <= EAX_BLOCK_SIZE);
-  omac_final (eax->omac_data, key, cipher, f);
-  omac_final (eax->omac_message, key, cipher, f);
+  omac_final (&eax->omac_data, key, cipher, f);
+  omac_final (&eax->omac_message, key, cipher, f);
 
-  memxor (eax->omac_nonce, eax->omac_data, length);
-  memxor3 (digest, eax->omac_nonce, eax->omac_message, length);
+  block16_xor (&eax->omac_nonce, &eax->omac_data);
+  memxor3 (digest, eax->omac_nonce.b, eax->omac_message.b, length);
 }
diff --git a/eax.h b/eax.h
index 58bb412d9e5472f3745786adbcbb7227a4bbddf5..27268c641e51670e4e788d5fb8f7ff3ab4f85a62 100644
--- a/eax.h
+++ b/eax.h
@@ -57,16 +57,16 @@ extern "C" {
 /* Values independent of message and nonce */
 struct eax_key
 {
-  uint8_t pad_block[EAX_BLOCK_SIZE];
-  uint8_t pad_partial[EAX_BLOCK_SIZE];
+  union nettle_block16 pad_block;
+  union nettle_block16 pad_partial;
 };
 
 struct eax_ctx
 {
-  uint8_t omac_nonce[EAX_BLOCK_SIZE];
-  uint8_t omac_data[EAX_BLOCK_SIZE];
-  uint8_t omac_message[EAX_BLOCK_SIZE];
-  uint8_t ctr[EAX_BLOCK_SIZE];
+  union nettle_block16 omac_nonce;
+  union nettle_block16 omac_data;
+  union nettle_block16 omac_message;
+  union nettle_block16 ctr;
 };
 
 void