From: Nikolay Nikolaev <nicknickolaev@gmail.com>
Date: Tue, 24 Dec 2024 11:26:09 +0000 (+0200)
Subject: Workaround for RSA on AArch64 Big Endian
X-Git-Tag: openssl-3.1.8~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4429159f980677a7ab41f826d18804f8985a4f2;p=thirdparty%2Fopenssl.git

Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687

CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)

(cherry picked from commit b26894ec6945656113fd9556527765aba08e4355)
---

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 93cd45cd374..197b060ae7d 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
 	cmp	$num,#32
 	b.le	.Lscalar_impl
 #ifndef	__KERNEL__
+#ifndef	__AARCH64EB__
 	adrp	x17,OPENSSL_armv8_rsa_neonized
 	ldr	w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
 	cbnz	w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
 	tst	$num,#7