diff --git a/src/se050_x25519_sw.c b/src/se050_x25519_sw.c
index fbc1813..f903b68 100644
--- a/src/se050_x25519_sw.c
+++ b/src/se050_x25519_sw.c
@@ -59,9 +59,18 @@ static void fe_tobytes(uint8_t *s, const fe h)
     int32_t carry2=(h2+65536)>>16; h3+=carry2; h2-=carry2<<16;
     int32_t carry4=(h4+65536)>>16; h5+=carry4; h4-=carry4<<16;
     int32_t carry6=(h6+65536)>>16; h7+=carry6; h6-=carry6<<16;
-    store_4(s,h0); store_4(s+4,h1); store_4(s+8,h2); store_4(s+12,h3);
-    store_4(s+16,h4); store_4(s+20,h5); store_4(s+24,h6); store_4(s+28,h7);
-    store_4(s+30,h8); store_4(s+30,h9);
+    store_4(s, h0);
+    store_4(s+4, h1);
+    store_4(s+8, h2);
+    store_4(s+12, h3);
+    store_4(s+16, h4);
+    store_4(s+20, h5);
+    store_4(s+24, h6);
+    /* h7, h8, h9 combined for last 8 bytes (but we only need 4) */
+    s[28] = h7 & 0xff;
+    s[29] = (h7 >> 8) & 0xff;
+    s[30] = (h7 >> 16) & 0xff;
+    s[31] = ((h7 >> 24) | ((h8 & 0x0f) << 4)) & 0xff;
 }
 
 static void fe_add(fe h, const fe f, const fe g)