On Tue, 4 Nov 2025 at 06:51, Eric Biggers ebiggers@kernel.org wrote:
On big endian arm kernels, the arm optimized Curve25519 code produces incorrect outputs and fails the Curve25519 test. This has been true ever since this code was added.
It seems that hardly anyone (or even no one?) actually uses big endian arm kernels. But as long as they're ostensibly supported, we should disable this code on them so that it's not accidentally used.
Note: for future-proofing, use !CPU_BIG_ENDIAN instead of CPU_LITTLE_ENDIAN. Both of these are arch-specific options that could get removed in the future if big endian support gets dropped.
Fixes: d8f1308a025f ("crypto: arm/curve25519 - wire up NEON implementation") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@kernel.org
This patch is targeting libcrypto-fixes
lib/crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Ard Biesheuvel ardb@kernel.org
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 8886055e938f..16859c6226dd 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -62,11 +62,11 @@ config CRYPTO_LIB_CURVE25519 of the functions from <crypto/curve25519.h>.
config CRYPTO_LIB_CURVE25519_ARCH bool depends on CRYPTO_LIB_CURVE25519 && !UML && !KMSAN
default y if ARM && KERNEL_MODE_NEON
default y if ARM && KERNEL_MODE_NEON && !CPU_BIG_ENDIAN default y if PPC64 && CPU_LITTLE_ENDIAN default y if X86_64config CRYPTO_LIB_CURVE25519_GENERIC bool
base-commit: 1af424b15401d2be789c4dc2279889514e7c5c94
2.51.2