From 180c66ba70d8f82d796e4536658c6daab6236dd7 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Mon, 16 Feb 2026 15:56:41 +0000 Subject: [PATCH 1/2] Fix curve448 `wc_curve448_check_public` can get into an infinite loop in the big-endian code path. --- wolfcrypt/src/curve448.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c index 74e2cee07d3..22104beb679 100644 --- a/wolfcrypt/src/curve448.c +++ b/wolfcrypt/src/curve448.c @@ -409,12 +409,12 @@ int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian) return ECC_BAD_ARG_E; } if ((i == 27) && (pub[i] == 0xfe)) { - for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i--) { + for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i++) { if (pub[i] != 0xff) { break; } } - if ((i == CURVE448_PUB_KEY_SIZE) && (pub[i] >= 0xfe)) { + if ((i == CURVE448_PUB_KEY_SIZE - 1) && (pub[i] >= 0xfe)) { return ECC_BAD_ARG_E; } } From 451cb456706a31505c8e31c0b4ef6dd45a5e1a6d Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Mon, 16 Feb 2026 16:08:27 +0000 Subject: [PATCH 2/2] Fix Blake2s overlapping writes We are copying from a 32bit buffer, so are overlapping writes. This could cause damage the hash on big-endian platforms. --- wolfcrypt/src/blake2s.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c index b38d12a9331..18bd7fe7ab9 100644 --- a/wolfcrypt/src/blake2s.c +++ b/wolfcrypt/src/blake2s.c @@ -365,7 +365,7 @@ int blake2s_final( blake2s_state *S, byte *out, byte outlen ) } for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ - store64( buffer + sizeof( S->h[i] ) * i, S->h[i] ); + store32( buffer + sizeof( S->h[i] ) * i, S->h[i] ); XMEMCPY( out, buffer, outlen );