Commit 44e8241c authored Nov 03, 2025 by Eric Biggers

lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN



On big endian arm kernels, the arm optimized Curve25519 code produces
incorrect outputs and fails the Curve25519 test.  This has been true
ever since this code was added.

It seems that hardly anyone (or even no one?) actually uses big endian
arm kernels.  But as long as they're ostensibly supported, we should
disable this code on them so that it's not accidentally used.

Note: for future-proofing, use !CPU_BIG_ENDIAN instead of
CPU_LITTLE_ENDIAN.  Both of these are arch-specific options that could
get removed in the future if big endian support gets dropped.

Fixes: d8f1308a ("crypto: arm/curve25519 - wire up NEON implementation")
Cc: stable@vger.kernel.org
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251104054906.716914-1-ebiggers@kernel.org


Signed-off-by: Eric Biggers <ebiggers@kernel.org>

parent 2b81082a

lib/crypto/Kconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -64,7 +64,7 @@ config CRYPTO_LIB_CURVE25519
		config CRYPTO_LIB_CURVE25519_ARCH
		bool
		depends on CRYPTO_LIB_CURVE25519 && !UML && !KMSAN
		default y if ARM && KERNEL_MODE_NEON
		default y if ARM && KERNEL_MODE_NEON && !CPU_BIG_ENDIAN
		default y if PPC64 && CPU_LITTLE_ENDIAN
		default y if X86_64