From 4f87a8980f0c2044d0418e9e48ad22044c429fb3 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 2 Apr 2025 09:12:48 +1000 Subject: [PATCH] ML-KEM/Kyber: fix for big-endian Don't pull apart the nibbles when big-endian in reject uniform C code. --- wolfcrypt/src/wc_mlkem_poly.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c index 39f6b9439..8fd242015 100644 --- a/wolfcrypt/src/wc_mlkem_poly.c +++ b/wolfcrypt/src/wc_mlkem_poly.c @@ -3166,7 +3166,8 @@ static unsigned int mlkem_rej_uniform_c(sword16* p, unsigned int len, unsigned int i; unsigned int j; -#if defined(WOLFSSL_MLKEM_SMALL) || !defined(WC_64BIT_CPU) +#if defined(WOLFSSL_MLKEM_SMALL) || !defined(WC_64BIT_CPU) || \ + defined(BIG_ENDIAN_ORDER) /* Keep sampling until maximum number of integers reached or buffer used up. * Step 4. */ for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {