From ea15cf00bd5086aafbf3808fa68bd54a73a6783e Mon Sep 17 00:00:00 2001
From: Nikolay Nikolaev <nicknickolaev@gmail.com>
Date: Tue, 24 Dec 2024 13:26:09 +0200
Subject: [PATCH] Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687

CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)

(cherry picked from commit b26894ec6945656113fd9556527765aba08e4355)
---
 crypto/bn/asm/armv8-mont.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 21ab12bdf07..3318df4f7ad 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
 	cmp	$num,#32
 	b.le	.Lscalar_impl
 #ifndef	__KERNEL__
+#ifndef	__AARCH64EB__
 	adrp	x17,OPENSSL_armv8_rsa_neonized
 	ldr	w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
 	cbnz	w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
 	tst	$num,#7
-- 
2.47.2