Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687
CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)

(cherry picked from commit b26894ec6945656113fd9556527765aba08e4355)

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 21ab12bdf07e9b357656390ec720739ed7c5fddf..3318df4f7ada82942a00c4f85f999a2f6ba83857 100755 (executable)
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
        cmp     $num,#32
        b.le    .Lscalar_impl
 #ifndef        __KERNEL__
+#ifndef        __AARCH64EB__
        adrp    x17,OPENSSL_armv8_rsa_neonized
        ldr     w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
        cbnz    w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
        tst     $num,#7