From b26894ec6945656113fd9556527765aba08e4355 Mon Sep 17 00:00:00 2001
From: Nikolay Nikolaev <nicknickolaev@gmail.com>
Date: Tue, 24 Dec 2024 13:26:09 +0200
Subject: [PATCH] Workaround for RSA on AArch64 Big Endian

10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.

Fixes: #22687

CLA: trivial

Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)
---
 crypto/bn/asm/armv8-mont.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 912a7cf2f98..ea47e4c89d1 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -85,10 +85,12 @@ bn_mul_mont:
 	cmp	$num,#32
 	b.le	.Lscalar_impl
 #ifndef	__KERNEL__
+#ifndef	__AARCH64EB__
 	adrp	x17,OPENSSL_armv8_rsa_neonized
 	ldr	w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
 	cbnz	w17, bn_mul8x_mont_neon
 #endif
+#endif
 
 .Lscalar_impl:
 	tst	$num,#7
-- 
2.47.2