AES GCM trampoline functions to fix delocator

Author: jakemas

crypto/fipsmodule/aes/mode_wrappers.c

@@ -58,12 +58,33 @@
 // function pointer calculation in AES_ctr128_encrypt. Without it,
 // on AArch64 there is risk of the calculations requiring a PC-relative
 // offset outside of the range (-1MB,1MB) addressable using `ADR`.
+static inline void aes_hw_encrypt_wrapper(const uint8_t *in, uint8_t *out,
+                                          const AES_KEY *key) {
+  aes_hw_encrypt(in, out, key);
+}
+
+static inline void vpaes_encrypt_wrapper(const uint8_t *in, uint8_t *out,
+                                         const AES_KEY *key) {
+  vpaes_encrypt(in, out, key);
+}
+
+static inline void aes_nohw_encrypt_wrapper(const uint8_t *in, uint8_t *out,
+                                            const AES_KEY *key) {
+  aes_nohw_encrypt(in, out, key);
+}
+
 static inline void aes_hw_ctr32_encrypt_blocks_wrapper(const uint8_t *in,
-						       uint8_t *out, size_t len,
-						       const AES_KEY *key,
-						       const uint8_t ivec[16])
-{
-    aes_hw_ctr32_encrypt_blocks(in, out, len, key, ivec);
+                                                       uint8_t *out, size_t len,
+                                                       const AES_KEY *key,
+                                                       const uint8_t ivec[16]) {
+  aes_hw_ctr32_encrypt_blocks(in, out, len, key, ivec);
+}
+
+static inline void aes_nohw_ctr32_encrypt_blocks_wrapper(const uint8_t *in,
+                                                         uint8_t *out, size_t len,
+                                                         const AES_KEY *key,
+                                                         const uint8_t ivec[16]) {
+  aes_nohw_ctr32_encrypt_blocks(in, out, len, key, ivec);
 }
 
 #if defined(VPAES_CTR32)
@@ -73,12 +94,7 @@ static inline void vpaes_ctr32_encrypt_blocks_wrapper(const uint8_t *in,
                                                       const uint8_t ivec[16]) {
   vpaes_ctr32_encrypt_blocks(in, out, len, key, ivec);
 }
-#else // VPAES_CTR32
-static inline void vpaes_encrypt_wrapper(const uint8_t *in, uint8_t *out,
-                                         const AES_KEY *key) {
-  vpaes_encrypt(in, out, key);
-}
-#endif // !VPAES_CTR32
+#endif
 
 void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                         const AES_KEY *key, uint8_t ivec[AES_BLOCK_SIZE],
@@ -98,7 +114,7 @@ void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
 #endif
   } else {
     CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
-                                aes_nohw_ctr32_encrypt_blocks);
+                                aes_nohw_ctr32_encrypt_blocks_wrapper);
   }
 
   FIPS_service_indicator_update_state();

crypto/fipsmodule/cipher/e_aes.c

@@ -304,40 +304,40 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
   if (hwaes_capable()) {
     aes_hw_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
     if (gcm_key != NULL) {
-      CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_hw_encrypt, 1);
+      CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_hw_encrypt_wrapper, 1);
     }
     if (out_block) {
-      *out_block = aes_hw_encrypt;
+      *out_block = aes_hw_encrypt_wrapper;
     }
-    return aes_hw_ctr32_encrypt_blocks;
+    return aes_hw_ctr32_encrypt_blocks_wrapper;
   }
 
   if (vpaes_capable()) {
     vpaes_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
     if (out_block) {
-      *out_block = vpaes_encrypt;
+      *out_block = vpaes_encrypt_wrapper;
     }
     if (gcm_key != NULL) {
-      CRYPTO_gcm128_init_key(gcm_key, aes_key, vpaes_encrypt, 0);
+      CRYPTO_gcm128_init_key(gcm_key, aes_key, vpaes_encrypt_wrapper, 0);
     }
 #if defined(BSAES)
     assert(bsaes_capable());
     return vpaes_ctr32_encrypt_blocks_with_bsaes;
 #elif defined(VPAES_CTR32)
-    return vpaes_ctr32_encrypt_blocks;
+    return vpaes_ctr32_encrypt_blocks_wrapper;
 #else
     return NULL;
 #endif
   }
 
   aes_nohw_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
   if (gcm_key != NULL) {
-    CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt, 0);
+    CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt_wrapper, 0);
   }
   if (out_block) {
-    *out_block = aes_nohw_encrypt;
+    *out_block = aes_nohw_encrypt_wrapper;
   }
-  return aes_nohw_ctr32_encrypt_blocks;
+  return aes_nohw_ctr32_encrypt_blocks_wrapper;
 }
 
 #if defined(OPENSSL_32_BIT)

crypto/fipsmodule/modes/gcm.c

@@ -224,6 +224,29 @@ static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
 
 #endif  // HW_GCM && AARCH64
 
+// Trampolines for GCM function pointers to avoid delocator issues with adr
+// on AArch64. Without these wrappers, the function pointer calculations
+// may require PC-relative offsets outside the addressable range.
+#if defined(GHASH_ASM_ARM)
+static inline void gcm_gmult_v8_wrapper(uint8_t Xi[16], const u128 Htable[16]) {
+  gcm_gmult_v8(Xi, Htable);
+}
+
+static inline void gcm_ghash_v8_wrapper(uint8_t Xi[16], const u128 Htable[16],
+                                        const uint8_t *inp, size_t len) {
+  gcm_ghash_v8(Xi, Htable, inp, len);
+}
+
+static inline void gcm_gmult_neon_wrapper(uint8_t Xi[16], const u128 Htable[16]) {
+  gcm_gmult_neon(Xi, Htable);
+}
+
+static inline void gcm_ghash_neon_wrapper(uint8_t Xi[16], const u128 Htable[16],
+                                          const uint8_t *inp, size_t len) {
+  gcm_ghash_neon(Xi, Htable, inp, len);
+}
+#endif
+
 void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
                        u128 out_table[16], int *out_is_avx,
                        const uint8_t gcm_key[16]) {
@@ -278,15 +301,15 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
 #elif defined(GHASH_ASM_ARM)
   if (gcm_pmull_capable()) {
     gcm_init_v8(out_table, H);
-    *out_mult = gcm_gmult_v8;
-    *out_hash = gcm_ghash_v8;
+    *out_mult = gcm_gmult_v8_wrapper;
+    *out_hash = gcm_ghash_v8_wrapper;
     return;
   }
 
   if (gcm_neon_capable()) {
     gcm_init_neon(out_table, H);
-    *out_mult = gcm_gmult_neon;
-    *out_hash = gcm_ghash_neon;
+    *out_mult = gcm_gmult_neon_wrapper;
+    *out_hash = gcm_ghash_neon_wrapper;
     return;
   }
 #elif defined(GHASH_ASM_PPC64LE)