Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687
CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 912a7cf2f98bdba2517024665b67bacbf24630f7..ea47e4c89d19738dd6f9e30631e08df7b827ffcf 100755 (executable)
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
        cmp     $num,#32
        b.le    .Lscalar_impl
 #ifndef        __KERNEL__
+#ifndef        __AARCH64EB__
        adrp    x17,OPENSSL_armv8_rsa_neonized
        ldr     w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
        cbnz    w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
        tst     $num,#7