From 36eda9fb75d223e8907ad7fdfec67ded88dd3e40 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Mon, 15 Dec 2025 16:30:43 -0700
Subject: [PATCH] Check Curve25519 public key after generating one to avoid
 generating invalid keys.

Thanks to Kr0emer for the report.
---
 wolfcrypt/src/curve25519.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index cbd15ee09..d18c0210c 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -433,6 +433,11 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
 #endif
+        if (ret == 0) {
+            ret = wc_curve25519_check_public(key->p.point,
+                                       (word32)sizeof(key->p.point),
+                                      EC25519_LITTLE_ENDIAN);
+        }
         key->pubSet = (ret == 0);
     }
 #endif