diff --git a/.travis.yml b/.travis.yml
index 33f310a..66cc7d9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -61,6 +61,10 @@ matrix:
           packages:
             - gcc-multilib
             - libgmp-dev:i386
+    # S390x build (big endian system)
+    - compiler: gcc
+      env: HOST=s390x-unknown-linux-gnu
+      arch: s390x
 before_install: mkdir -p `dirname $GUAVA_JAR`
 install: if [ ! -f $GUAVA_JAR ]; then wget $GUAVA_URL -O $GUAVA_JAR; fi
 before_script: ./autogen.sh
diff --git a/configure.ac b/configure.ac
index af5a114..f3ae516 100644
--- a/configure.ac
+++ b/configure.ac
@@ -624,6 +624,9 @@ else
   fi
 fi
 
+dnl Check for endianness
+AC_C_BIGENDIAN
+
 AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
 AC_CONFIG_FILES([Makefile libsecp256k1.pc])
 AC_SUBST(JNI_INCLUDES)
@@ -649,6 +652,7 @@ AM_CONDITIONAL([USE_JNI], [test x"$use_jni" == x"yes"])
 AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
 AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
 AM_CONDITIONAL([ENABLE_MODULE_SURJECTIONPROOF], [test x"$enable_module_surjectionproof" = x"yes"])
+AM_CONDITIONAL([WORDS_BIGENDIAN],[test x$ac_cv_c_bigendian = xyes])
 
 dnl make sure nothing new is exported so that we don't break the cache
 PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"
diff --git a/src/scalar_4x64_impl.h b/src/scalar_4x64_impl.h
index 2673caa..f53588b 100644
--- a/src/scalar_4x64_impl.h
+++ b/src/scalar_4x64_impl.h
@@ -963,11 +963,12 @@ SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r,
   a += b; d = ROTL32(d ^ a, 8); \
   c += d; b = ROTL32(b ^ c, 7);
 
+#define SW32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
 #ifdef WORDS_BIGENDIAN
-#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
+#define LE32(p) SW32(p)
 #define BE32(p) (p)
 #else
-#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
+#define BE32(p) SW32(p)
 #define LE32(p) (p)
 #endif
 
@@ -1026,14 +1027,14 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
         x14 += 0;
         x15 += over_count;
 
-        r1->d[3] = BE32((uint64_t) x0) << 32 | BE32(x1);
-        r1->d[2] = BE32((uint64_t) x2) << 32 | BE32(x3);
-        r1->d[1] = BE32((uint64_t) x4) << 32 | BE32(x5);
-        r1->d[0] = BE32((uint64_t) x6) << 32 | BE32(x7);
-        r2->d[3] = BE32((uint64_t) x8) << 32 | BE32(x9);
-        r2->d[2] = BE32((uint64_t) x10) << 32 | BE32(x11);
-        r2->d[1] = BE32((uint64_t) x12) << 32 | BE32(x13);
-        r2->d[0] = BE32((uint64_t) x14) << 32 | BE32(x15);
+        r1->d[3] = SW32((uint64_t) x0) << 32 | SW32(x1);
+        r1->d[2] = SW32((uint64_t) x2) << 32 | SW32(x3);
+        r1->d[1] = SW32((uint64_t) x4) << 32 | SW32(x5);
+        r1->d[0] = SW32((uint64_t) x6) << 32 | SW32(x7);
+        r2->d[3] = SW32((uint64_t) x8) << 32 | SW32(x9);
+        r2->d[2] = SW32((uint64_t) x10) << 32 | SW32(x11);
+        r2->d[1] = SW32((uint64_t) x12) << 32 | SW32(x13);
+        r2->d[0] = SW32((uint64_t) x14) << 32 | SW32(x15);
 
         over1 = secp256k1_scalar_check_overflow(r1);
         over2 = secp256k1_scalar_check_overflow(r2);
@@ -1045,5 +1046,6 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
 #undef QUARTERROUND
 #undef BE32
 #undef LE32
+#undef SW32
 
 #endif /* SECP256K1_SCALAR_REPR_IMPL_H */
diff --git a/src/scalar_8x32_impl.h b/src/scalar_8x32_impl.h
index 9cf5c54..086de05 100644
--- a/src/scalar_8x32_impl.h
+++ b/src/scalar_8x32_impl.h
@@ -738,11 +738,12 @@ SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r,
   a += b; d = ROTL32(d ^ a, 8); \
   c += d; b = ROTL32(b ^ c, 7);
 
+#define SW32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
 #ifdef WORDS_BIGENDIAN
-#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
+#define LE32(p) SW32(p)
 #define BE32(p) (p)
 #else
-#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
+#define BE32(p) SW32(p)
 #define LE32(p) (p)
 #endif
 
@@ -801,22 +802,22 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
         x14 += 0;
         x15 += over_count;
 
-        r1->d[7] = BE32(x0);
-        r1->d[6] = BE32(x1);
-        r1->d[5] = BE32(x2);
-        r1->d[4] = BE32(x3);
-        r1->d[3] = BE32(x4);
-        r1->d[2] = BE32(x5);
-        r1->d[1] = BE32(x6);
-        r1->d[0] = BE32(x7);
-        r2->d[7] = BE32(x8);
-        r2->d[6] = BE32(x9);
-        r2->d[5] = BE32(x10);
-        r2->d[4] = BE32(x11);
-        r2->d[3] = BE32(x12);
-        r2->d[2] = BE32(x13);
-        r2->d[1] = BE32(x14);
-        r2->d[0] = BE32(x15);
+        r1->d[7] = SW32(x0);
+        r1->d[6] = SW32(x1);
+        r1->d[5] = SW32(x2);
+        r1->d[4] = SW32(x3);
+        r1->d[3] = SW32(x4);
+        r1->d[2] = SW32(x5);
+        r1->d[1] = SW32(x6);
+        r1->d[0] = SW32(x7);
+        r2->d[7] = SW32(x8);
+        r2->d[6] = SW32(x9);
+        r2->d[5] = SW32(x10);
+        r2->d[4] = SW32(x11);
+        r2->d[3] = SW32(x12);
+        r2->d[2] = SW32(x13);
+        r2->d[1] = SW32(x14);
+        r2->d[0] = SW32(x15);
 
         over1 = secp256k1_scalar_check_overflow(r1);
         over2 = secp256k1_scalar_check_overflow(r2);
@@ -828,5 +829,6 @@ static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2
 #undef QUARTERROUND
 #undef BE32
 #undef LE32
+#undef SW32
 
 #endif /* SECP256K1_SCALAR_REPR_IMPL_H */