Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687
CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)

(cherry picked from commit b26894ec6945656113fd9556527765aba08e4355)

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 93cd45cd3743d374e4b463fcaa1226112701aee5..197b060ae7ddfc5cc6ec7c3ed69b5c96a974b1cb 100755 (executable)
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
        cmp     $num,#32
        b.le    .Lscalar_impl
 #ifndef        __KERNEL__
+#ifndef        __AARCH64EB__
        adrp    x17,OPENSSL_armv8_rsa_neonized
        ldr     w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
        cbnz    w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
        tst     $num,#7