Context Navigation

← Previous Change
Next Change →

dh.c

Timestamp:

Feb 7, 2019, 8:36:33 AM (5 years ago)

Author:

coas-nagasima

Message:

wolfsslを3.15.7にバージョンアップ

File:

: 1 edited

asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c (modified) (21 diffs)

Legend:

: Unmodified
: Added
: Removed

asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c

-              r352
+              r372
 #ifndef NO_DH
+#if defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+    #ifdef USE_WINDOWS_API
+        #pragma code_seg(".fipsA$m")
+        #pragma const_seg(".fipsB$m")
+    #endif
+#endif
 #include <wolfssl/wolfcrypt/dh.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 …
     #include <wolfcrypt/src/misc.c>
 #endif
+/*
+Possible DH enable options:
+ * NO_RSA:              Overall control of DH                 default: on (not defined)
+ * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not
+                        directly effect this file, but it does speed up DH
+                        removing the testing. It is not recommended to
+                        disable the prime checking.           default: off
+*/
 …
 };
 static const byte dh_ffdhe2048_g[] = { 0x02 };
+#ifdef HAVE_FFDHE_Q
+static const byte dh_ffdhe2048_q[] = {
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
+x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
+xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
+xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
+xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
+xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
+x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
+x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
+x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
+xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
+xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
+xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
+x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
+x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
+xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
+xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
+x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
+x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
+x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
+x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
+xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
+xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
+xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
+x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
+x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
+x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
+xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+#endif /* HAVE_FFDHE_Q */
 const DhParams* wc_Dh_ffdhe2048_Get(void)
+{
     static const DhParams ffdhe2048 = {
+        #ifdef HAVE_FFDHE_Q
+            dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
+        #endif /* HAVE_FFDHE_Q */
         dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
         dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
 …
 };
 static const byte dh_ffdhe3072_g[] = { 0x02 };
+#ifdef HAVE_FFDHE_Q
+static const byte dh_ffdhe3072_q[] = {
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
+x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
+xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
+xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
+xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
+xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
+x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
+x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
+x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
+xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
+xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
+xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
+x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
+x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
+xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
+xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
+x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
+x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
+x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
+x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
+xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
+xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
+xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
+x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
+x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
+x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
+x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
+xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
+x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
+xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
+x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
+x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
+x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
+xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
+xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
+x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
+x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
+x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
+x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
+x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
+xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+#endif /* HAVE_FFDHE_Q */
 const DhParams* wc_Dh_ffdhe3072_Get(void)
+{
     static const DhParams ffdhe3072 = {
+        #ifdef HAVE_FFDHE_Q
+            dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
+        #endif /* HAVE_FFDHE_Q */
         dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
         dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
 …
 };
 static const byte dh_ffdhe4096_g[] = { 0x02 };
+#ifdef HAVE_FFDHE_Q
+static const byte dh_ffdhe4096_q[] = {
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
+x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
+xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
+xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
+xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
+xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
+x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
+x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
+x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
+xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
+xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
+xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
+x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
+x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
+xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
+xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
+x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
+x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
+x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
+x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
+xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
+xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
+xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
+x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
+x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
+x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
+x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
+xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
+x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
+xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
+x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
+x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
+x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
+xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
+xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
+x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
+x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
+x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
+x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
+x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
+xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
+xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
+x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
+x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
+x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
+x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
+x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
+x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
+x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
+x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
+x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
+xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
+xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
+xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+#endif /* HAVE_FFDHE_Q */
 const DhParams* wc_Dh_ffdhe4096_Get(void)
+{
     static const DhParams ffdhe4096 = {
+        #ifdef HAVE_FFDHE_Q
+            dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
+        #endif /* HAVE_FFDHE_Q */
         dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
         dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
 …
 };
 static const byte dh_ffdhe6144_g[] = { 0x02 };
+#ifdef HAVE_FFDHE_Q
+static const byte dh_ffdhe6144_q[] = {
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
+x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
+xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
+xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
+xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
+xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
+x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
+x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
+x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
+xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
+xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
+xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
+x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
+x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
+xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
+xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
+x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
+x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
+x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
+x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
+xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
+xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
+xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
+x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
+x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
+x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
+x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
+xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
+x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
+xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
+x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
+x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
+x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
+xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
+xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
+x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
+x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
+x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
+x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
+x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
+xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
+xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
+x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
+x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
+x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
+x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
+x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
+x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
+x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
+x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
+x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
+xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
+xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
+xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
+x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
+x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
+x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
+x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
+x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
+x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
+x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
+xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
+x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
+xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
+x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
+x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
+x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
+x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
+xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
+x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
+xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
+x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
+x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
+x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
+x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
+x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
+x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
+x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
+x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
+xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
+xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
+x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
+x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
+xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
+xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
+x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
+xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+#endif /* HAVE_FFDHE_Q */
 const DhParams* wc_Dh_ffdhe6144_Get(void)
+{
     static const DhParams ffdhe6144 = {
+        #ifdef HAVE_FFDHE_Q
+            dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
+        #endif /* HAVE_FFDHE_Q */
         dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
         dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
 …
 };
 static const byte dh_ffdhe8192_g[] = { 0x02 };
+#ifdef HAVE_FFDHE_Q
+static const byte dh_ffdhe8192_q[] = {
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
+x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
+xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
+xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
+xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
+xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
+x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
+x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
+x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
+x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
+xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
+xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
+xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
+x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
+x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
+x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
+xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
+xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
+x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
+x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
+x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
+x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
+x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
+xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
+xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
+xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
+x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
+xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
+x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
+x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
+x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
+xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
+x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
+xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
+x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
+x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
+x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
+x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
+xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
+xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
+x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
+xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
+x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
+x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
+x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
+x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
+xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
+xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
+x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
+x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
+x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
+x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
+x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
+x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
+x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
+x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
+x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
+x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
+x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
+xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
+xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
+xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
+x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
+x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
+x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
+x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
+x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
+x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
+x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
+xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
+x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
+xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
+x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
+x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
+x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
+x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
+xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
+x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
+xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
+x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
+x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
+x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
+x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
+x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
+x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
+x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
+x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
+xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
+xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
+x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
+x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
+xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
+xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
+x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
+x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
+x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
+x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
+xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
+x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
+xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
+xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
+xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
+x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
+x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
+x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
+x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
+xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
+x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
+x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
+x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
+x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
+x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
+xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
+xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
+x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
+xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
+x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
+x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
+x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
+x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
+x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
+x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
+xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
+x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
+x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
+x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
+x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+#endif /* HAVE_FFDHE_Q */
 const DhParams* wc_Dh_ffdhe8192_Get(void)
+{
     static const DhParams ffdhe8192 = {
+        #ifdef HAVE_FFDHE_Q
+            dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
+        #endif /* HAVE_FFDHE_Q */
         dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
         dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
 …
     key->heap = heap; /* for XMALLOC/XFREE in future */
     if (mp_init_multi(&key->p, &key->g, NULL, NULL, NULL, NULL) != MP_OKAY)
+    if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
         return MEMORY_E;
 …
 void wc_FreeDhKey(DhKey* key)
+int wc_FreeDhKey(DhKey* key)
+{
     if (key) {
         mp_clear(&key->p);
         mp_clear(&key->g);
+        mp_clear(&key->q);
     #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
 …
     #endif
+    }
+}
+    return 0;
+}
+#ifndef WC_NO_RNG
 /* if defined to not use floating point values do not compile in */
 #ifndef WOLFSSL_DH_CONST
 …
+static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
+{
+#ifndef WOLFSSL_NO_DH186
+/* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
+ * modLen - represents L, the size of p in bits
+ * divLen - represents N, the size of q in bits
+ * return 0 on success, -1 on error */
+static int CheckDhLN(int modLen, int divLen)
+{
+    int ret = -1;
+    switch (modLen) {
+        /* FA */
+        case 1024:
+            if (divLen == 160)
+                ret = 0;
+            break;
+        /* FB, FC */
+        case 2048:
+            if (divLen == 224 || divLen == 256)
+                ret = 0;
+            break;
+        default:
+            break;
+    }
+    return ret;
+}
+/* Create DH private key
+ *
+ * Based on NIST FIPS 186-4,
+ * "B.1.1 Key Pair Generation Using Extra Random Bits"
+ *
+ * dh     - pointer to initialized DhKey structure, needs to have dh->q
+ * rng    - pointer to initialized WC_RNG structure
+ * priv   - output location for generated private key
+ * privSz - IN/OUT, size of priv buffer, size of generated private key
+ *
+ * return 0 on success, negative on error */
+static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
+                                word32* privSz)
+{
+    byte* cBuf;
+    int qSz, pSz, cSz, err;
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* tmpQ = NULL;
+    mp_int* tmpX = NULL;
+#else
+    mp_int tmpQ[1], tmpX[1];
+#endif
+    /* Parameters validated in calling functions. */
+    if (mp_iszero(&key->q) == MP_YES) {
+        WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation");
+        return BAD_FUNC_ARG;
+    }
+    qSz = mp_unsigned_bin_size(&key->q);
+    pSz = mp_unsigned_bin_size(&key->p);
+    /* verify (L,N) pair bit lengths */
+    if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
+        WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
+        return BAD_FUNC_ARG;
+    }
+    /* generate extra 64 bits so that bias from mod function is negligible */
+    cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
+    cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (cBuf == NULL) {
+        return MEMORY_E;
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (tmpQ == NULL) {
+        XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+    tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (tmpX == NULL) {
+        XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+    if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL))
+                   != MP_OKAY) {
+        XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
+#endif
+        return err;
+    }
+    do {
+        /* generate N+64 bits (c) from RBG into tmpX, making sure positive.
+         * Hash_DRBG uses SHA-256 which matches maximum
+         * requested_security_strength of (L,N) */
+        err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
+        if (err == MP_OKAY)
+            err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
+        if (err != MP_OKAY) {
+            mp_clear(tmpX);
+            mp_clear(tmpQ);
+            XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
+            XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
+#endif
+            return err;
+        }
+    } while (mp_cmp_d(tmpX, 1) != MP_GT);
+    ForceZero(cBuf, cSz);
+    XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    /* tmpQ = q - 1 */
+    if (err == MP_OKAY)
+        err = mp_copy(&key->q, tmpQ);
+    if (err == MP_OKAY)
+        err = mp_sub_d(tmpQ, 1, tmpQ);
+    /* x = c mod (q-1), tmpX holds c */
+    if (err == MP_OKAY)
+        err = mp_mod(tmpX, tmpQ, tmpX);
+    /* x = c mod (q-1) + 1 */
+    if (err == MP_OKAY)
+        err = mp_add_d(tmpX, 1, tmpX);
+    /* copy tmpX into priv */
+    if (err == MP_OKAY) {
+        pSz = mp_unsigned_bin_size(tmpX);
+        if (pSz > (int)*privSz) {
+            WOLFSSL_MSG("DH private key output buffer too small");
+            err = BAD_FUNC_ARG;
+        } else {
+            *privSz = pSz;
+            err = mp_to_unsigned_bin(tmpX, priv);
+        }
+    }
+    mp_forcezero(tmpX);
+    mp_clear(tmpX);
+    mp_clear(tmpQ);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
+#endif
+    return err;
+}
+#endif /* WOLFSSL_NO_DH186 */
+#endif /* !WC_NO_RNG */
+static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
+                             word32* privSz)
+{
+#ifndef WC_NO_RNG
     int ret = 0;
+    word32 sz = mp_unsigned_bin_size(&key->p);
+    word32 sz = 0;
+#ifndef WOLFSSL_NO_DH186
+    if (mp_iszero(&key->q) == MP_NO) {
+        /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
+         * Generation Using Extra Random Bits" */
+        ret = GeneratePrivateDh186(key, rng, priv, privSz);
+    } else
+#endif
+    {
+        sz = mp_unsigned_bin_size(&key->p);
     /* Table of predetermined values from the operation
+* DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1
+* DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
+           WOLFSSL_BIT_SIZE + 1
        Sizes in table checked against RFC 3526
      */
 …
         *privSz = sz;
+    }
+    }
     return ret;
+#else
+    (void)key;
+    (void)rng;
+    (void)priv;
+    (void)privSz;
+    return NOT_COMPILED_IN;
+#endif /* WC_NO_RNG */
+}
 …
+{
     int ret = 0;
+    mp_int x;
+    mp_int y;
+#ifndef WOLFSSL_SP_MATH
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* x = NULL;
+    mp_int* y = NULL;
+#else
+    mp_int x[1];
+    mp_int y[1];
+#endif
+#endif
 #ifdef WOLFSSL_HAVE_SP_DH
 …
 #endif
+    if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
+#ifndef WOLFSSL_SP_MATH
+#ifdef WOLFSSL_SMALL_STACK
+    x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (x == NULL)
+        return MEMORY_E;
+    y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (y == NULL) {
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+    if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+    #endif
         return MP_INIT_E;
+    if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
+    }
+    if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
         ret = MP_READ_E;
     if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
+    if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
         ret = MP_EXPTMOD_E;
     if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
+    if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
         ret = MP_TO_E;
     if (ret == 0)
+        *pubSz = mp_unsigned_bin_size(&y);
+    mp_clear(&y);
+    mp_clear(&x);
+        *pubSz = mp_unsigned_bin_size(y);
+    mp_clear(y);
+    mp_clear(x);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+#endif
+#else
+    ret = WC_KEY_SIZE_E;
+#endif
     return ret;
 …
+/* Check DH Public Key for invalid numbers, optionally allowing
+ * the public key to be checked against the large prime (q).
+ * Check per process in SP 800-56Ar3, section 5.6.2.3.1.
+ *
+ * key     DH key group parameters.
+ * pub     Public Key.
+ * pubSz   Public Key size.
+ * prime   Large prime (q), optionally NULL to skip check
+ * primeSz Size of large prime
+ *
+ *  returns 0 on success or error code
+ */
+int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
+                        const byte* prime, word32 primeSz)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* y = NULL;
+    mp_int* p = NULL;
+    mp_int* q = NULL;
+#else
+    mp_int y[1];
+    mp_int p[1];
+    mp_int q[1];
+#endif
+    if (key == NULL || pub == NULL) {
+        return BAD_FUNC_ARG;
+    }
+#ifdef WOLFSSL_SMALL_STACK
+    y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (y == NULL)
+        return MEMORY_E;
+    p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (p == NULL) {
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+    q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (q == NULL) {
+        XFREE(p, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+    if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(q, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(p, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+    #endif
+        return MP_INIT_E;
+    }
+    if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
+        ret = MP_READ_E;
+    }
+    if (ret == 0 && prime != NULL) {
+        if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
+            ret = MP_READ_E;
+    } else if (mp_iszero(&key->q) == MP_NO) {
+        /* use q available in DhKey */
+        if (mp_copy(&key->q, q) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
+    /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
+    /* pub (y) should not be 0 or 1 */
+    if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) {
+        ret = MP_CMP_E;
+    }
+    /* pub (y) shouldn't be greater than or equal to p - 1 */
+    if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) {
+        ret = MP_INIT_E;
+    }
+    if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) {
+        ret = MP_SUB_E;
+    }
+    if (ret == 0 && mp_cmp(y, p) == MP_GT) {
+        ret = MP_CMP_E;
+    }
+    if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) {
+        /* restore key->p into p */
+        if (mp_copy(&key->p, p) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
+    if (ret == 0 && prime != NULL) {
+#ifdef WOLFSSL_HAVE_SP_DH
+#ifndef WOLFSSL_SP_NO_2048
+        if (mp_count_bits(&key->p) == 2048) {
+            ret = sp_ModExp_2048(y, q, p, y);
+            if (ret != 0)
+                ret = MP_EXPTMOD_E;
+        }
+        else
+#endif
+#ifndef WOLFSSL_SP_NO_3072
+        if (mp_count_bits(&key->p) == 3072) {
+            ret = sp_ModExp_3072(y, q, p, y);
+            if (ret != 0)
+                ret = MP_EXPTMOD_E;
+        }
+        else
+#endif
+#endif
+        {
+    /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
+#ifndef WOLFSSL_SP_MATH
+            /* calculate (y^q) mod(p), store back into y */
+            if (ret == 0 && mp_exptmod(y, q, p, y) != MP_OKAY)
+                ret = MP_EXPTMOD_E;
+#else
+            ret = WC_KEY_SIZE_E;
+#endif
+        }
+        /* verify above == 1 */
+        if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ)
+            ret = MP_CMP_E;
+    }
+    mp_clear(y);
+    mp_clear(p);
+    mp_clear(q);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(q, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(p, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+#endif
+    return ret;
+}
 /* Check DH Public Key for invalid numbers
+ *
 …
 int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
+{
+    return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0);
+}
+/* Check DH Private Key for invalid numbers, optionally allowing
+ * the private key to be checked against the large prime (q).
+ * Check per process in SP 800-56Ar3, section 5.6.2.1.2.
+ *
+ * key     DH key group parameters.
+ * priv    Private Key.
+ * privSz  Private Key size.
+ * prime   Large prime (q), optionally NULL to skip check
+ * primeSz Size of large prime
+ *
+ *  returns 0 on success or error code
+ */
+int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
+                         const byte* prime, word32 primeSz)
+{
     int ret = 0;
+    mp_int x;
+    mp_int y;
+    if (key == NULL || pub == NULL) {
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* x = NULL;
+    mp_int* q = NULL;
+#else
+    mp_int x[1];
+    mp_int q[1];
+#endif
+    if (key == NULL || priv == NULL) {
         return BAD_FUNC_ARG;
+    }
+    if (mp_init_multi(&x, &y, NULL, NULL, NULL, NULL) != MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
+    x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (x == NULL)
+        return MEMORY_E;
+    q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (q == NULL) {
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+    if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(q, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+    #endif
         return MP_INIT_E;
+    }
     if (mp_read_unsigned_bin(&x, pub, pubSz) != MP_OKAY) {
+    if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) {
         ret = MP_READ_E;
+    }
+    /* pub should not be 0 or 1 */
+    if (ret == 0 && mp_cmp_d(&x, 2) == MP_LT) {
+    if (ret == 0) {
+        if (prime != NULL) {
+            if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
+                ret = MP_READ_E;
+        }
+        else if (mp_iszero(&key->q) == MP_NO) {
+            /* use q available in DhKey */
+            if (mp_copy(&key->q, q) != MP_OKAY)
+                ret = MP_INIT_E;
+        }
+    }
+    /* priv (x) should not be 0 */
+    if (ret == 0) {
+        if (mp_cmp_d(x, 0) == MP_EQ)
         ret = MP_CMP_E;
+    }
+    /* pub shouldn't be greater than or equal to p - 1 */
+    if (ret == 0 && mp_copy(&key->p, &y) != MP_OKAY) {
+    if (ret == 0) {
+        if (mp_iszero(q) == MP_NO) {
+            /* priv (x) shouldn't be greater than q - 1 */
+            if (ret == 0) {
+                if (mp_copy(&key->q, q) != MP_OKAY)
         ret = MP_INIT_E;
+    }
+    if (ret == 0 && mp_sub_d(&y, 2, &y) != MP_OKAY) {
+            if (ret == 0) {
+                if (mp_sub_d(q, 1, q) != MP_OKAY)
         ret = MP_SUB_E;
+    }
+    if (ret == 0 && mp_cmp(&x, &y) == MP_GT) {
+            if (ret == 0) {
+                if (mp_cmp(x, q) == MP_GT)
+                    ret = DH_CHECK_PRIV_E;
+            }
+        }
+    }
+    mp_clear(x);
+    mp_clear(q);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(q, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+#endif
+    return ret;
+}
+/* Check DH Private Key for invalid numbers
+ *
+ * key    DH key group parameters.
+ * priv   Private Key.
+ * privSz Private Key size.
+ *
+ *  returns 0 on success or error code
+ */
+int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
+{
+    return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
+}
+/* Check DH Keys for pair-wise consistency per process in
+ * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
+ *
+ * key    DH key group parameters.
+ * pub    Public Key.
+ * pubSz  Public Key size.
+ * priv   Private Key.
+ * privSz Private Key size.
+ *
+ *  returns 0 on success or error code
+ */
+int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
+                      const byte* priv, word32 privSz)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* publicKey = NULL;
+    mp_int* privateKey = NULL;
+    mp_int* checkKey = NULL;
+#else
+    mp_int publicKey[1];
+    mp_int privateKey[1];
+    mp_int checkKey[1];
+#endif
+    int ret = 0;
+    if (key == NULL || pub == NULL || priv == NULL)
+        return BAD_FUNC_ARG;
+#ifdef WOLFSSL_SMALL_STACK
+    publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (publicKey == NULL)
+        return MEMORY_E;
+    privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (privateKey == NULL) {
+        XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+    checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (checkKey == NULL) {
+        XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+    if (mp_init_multi(publicKey, privateKey, checkKey,
+                      NULL, NULL, NULL) != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
+    #endif
+        return MP_INIT_E;
+    }
+    /* Load the private and public keys into big integers. */
+    if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
+        mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
+        ret = MP_READ_E;
+    }
+    /* Calculate checkKey = g^privateKey mod p */
+    if (ret == 0) {
+#ifdef WOLFSSL_HAVE_SP_DH
+#ifndef WOLFSSL_SP_NO_2048
+        if (mp_count_bits(&key->p) == 2048) {
+            ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey);
+            if (ret != 0)
+                ret = MP_EXPTMOD_E;
+        }
+        else
+#endif
+#ifndef WOLFSSL_SP_NO_3072
+        if (mp_count_bits(&key->p) == 3072) {
+            ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey);
+            if (ret != 0)
+                ret = MP_EXPTMOD_E;
+        }
+        else
+#endif
+#endif
+        {
+#ifndef WOLFSSL_SP_MATH
+            if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY)
+                ret = MP_EXPTMOD_E;
+#else
+            ret = WC_KEY_SIZE_E;
+#endif
+        }
+    }
+    /* Compare the calculated public key to the supplied check value. */
+    if (ret == 0) {
+        if (mp_cmp(checkKey, publicKey) != MP_EQ)
         ret = MP_CMP_E;
+    }
+    mp_clear(&y);
+    mp_clear(&x);
+    mp_forcezero(privateKey);
+    mp_clear(privateKey);
+    mp_clear(publicKey);
+    mp_clear(checkKey);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
+#endif
     return ret;
 …
+{
     int ret = 0;
+    mp_int x;
+    mp_int y;
+    mp_int z;
+#ifdef WOLFSSL_SMALL_STACK
+    mp_int* y = NULL;
+#ifndef WOLFSSL_SP_MATH
+    mp_int* x = NULL;
+    mp_int* z = NULL;
+#endif
+#else
+    mp_int y[1];
+#ifndef WOLFSSL_SP_MATH
+    mp_int x[1];
+    mp_int z[1];
+#endif
+#endif
+#ifdef WOLFSSL_VALIDATE_FFC_IMPORT
+    if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
+        WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
+        return DH_CHECK_PRIV_E;
+    }
     if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
 …
         return DH_CHECK_PUB_E;
+    }
+#endif
+#ifdef WOLFSSL_SMALL_STACK
+    y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (y == NULL)
+        return MEMORY_E;
+#ifndef WOLFSSL_SP_MATH
+    x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (x == NULL) {
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+    z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
+    if (z == NULL) {
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+#endif
+#endif
 #ifdef WOLFSSL_HAVE_SP_DH
 #ifndef WOLFSSL_SP_NO_2048
     if (mp_count_bits(&key->p) == 2048) {
         if (mp_init(&y) != MP_OKAY)
+        if (mp_init(y) != MP_OKAY)
             return MP_INIT_E;
         if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
+        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
             ret = MP_READ_E;
         if (ret == 0)
+            ret = sp_DhExp_2048(&y, priv, privSz, &key->p, agree, agreeSz);
+        mp_clear(&y);
+            ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
+        mp_clear(y);
+    #ifdef WOLFSSL_SMALL_STACK
+    #ifndef WOLFSSL_SP_MATH
+        XFREE(z, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+    #endif
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+    #endif
         return ret;
+    }
 …
 #ifndef WOLFSSL_SP_NO_3072
     if (mp_count_bits(&key->p) == 3072) {
         if (mp_init(&y) != MP_OKAY)
+        if (mp_init(y) != MP_OKAY)
             return MP_INIT_E;
         if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
+        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
             ret = MP_READ_E;
         if (ret == 0)
+            ret = sp_DhExp_3072(&y, priv, privSz, &key->p, agree, agreeSz);
+        mp_clear(&y);
+            ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
+        mp_clear(y);
+    #ifdef WOLFSSL_SMALL_STACK
+    #ifndef WOLFSSL_SP_MATH
+        XFREE(z, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+    #endif
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+    #endif
         return ret;
+    }
 …
 #endif
+    if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
+#ifndef WOLFSSL_SP_MATH
+    if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(z, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+        XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+    #endif
         return MP_INIT_E;
+    if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
+    }
+    if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
         ret = MP_READ_E;
     if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
+    if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
         ret = MP_READ_E;
     if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
+    if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
         ret = MP_EXPTMOD_E;
+    if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
+    /* make sure z is not one (SP800-56A, 5.7.1.1) */
+    if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
+        ret = MP_VAL;
+    if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
         ret = MP_TO_E;
     if (ret == 0)
+        *agreeSz = mp_unsigned_bin_size(&z);
+    mp_clear(&z);
+    mp_clear(&y);
+    mp_forcezero(&x);
+        *agreeSz = mp_unsigned_bin_size(z);
+    mp_clear(z);
+    mp_clear(y);
+    mp_forcezero(x);
+#endif
+#ifdef WOLFSSL_SMALL_STACK
+#ifndef WOLFSSL_SP_MATH
+    XFREE(z, key->heap, DYNAMIC_TYPE_DH);
+    XFREE(x, key->heap, DYNAMIC_TYPE_DH);
+#endif
+    XFREE(y, key->heap, DYNAMIC_TYPE_DH);
+#endif
     return ret;
 …
+static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
+                   word32 gSz, const byte* q, word32 qSz, int trusted,
+                   WC_RNG* rng)
+{
+    int ret = 0;
+    mp_int* keyP = NULL;
+    mp_int* keyG = NULL;
+    mp_int* keyQ = NULL;
+    if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+    /* may have leading 0 */
+    if (p[0] == 0) {
+        pSz--; p++;
+    }
+    if (g[0] == 0) {
+        gSz--; g++;
+    }
+        if (q != NULL) {
+            if (q[0] == 0) {
+                qSz--; q++;
+            }
+        }
+    if (mp_init(&key->p) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
+    if (ret == 0) {
+        if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY)
+            ret = ASN_DH_KEY_E;
+        else
+            keyP = &key->p;
+    }
+#ifndef WOLFSSL_SP_MATH
+    if (ret == 0 && !trusted) {
+        int isPrime = 0;
+        if (rng != NULL)
+            ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
+        else
+            ret = mp_prime_is_prime(keyP, 8, &isPrime);
+        if (ret == 0 && isPrime == 0)
+            ret = DH_CHECK_PUB_E;
+    }
+#else
+    (void)trusted;
+    (void)rng;
+#endif
+    if (ret == 0 && mp_init(&key->g) != MP_OKAY)
+        ret = MP_INIT_E;
+    if (ret == 0) {
+        if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY)
+            ret = ASN_DH_KEY_E;
+        else
+            keyG = &key->g;
+    }
+    if (ret == 0 && q != NULL) {
+        if (mp_init(&key->q) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
+    if (ret == 0 && q != NULL) {
+        if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
+            ret = MP_INIT_E;
+        else
+            keyQ = &key->q;
+}
+    if (ret != 0 && key != NULL) {
+        if (keyQ)
+            mp_clear(keyQ);
+        if (keyG)
+            mp_clear(keyG);
+        if (keyP)
+            mp_clear(keyP);
+    }
+    return ret;
+}
+int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
+                   word32 gSz, const byte* q, word32 qSz, int trusted,
+                   WC_RNG* rng)
+{
+    return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng);
+}
+int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g,
+                   word32 gSz, const byte* q, word32 qSz)
+{
+    return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
+}
 /* not in asn anymore since no actual asn types used */
 int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                 word32 gSz)
+{
+    if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
+        return BAD_FUNC_ARG;
+    }
+    /* may have leading 0 */
+    if (p[0] == 0) {
+        pSz--; p++;
+    }
+    if (g[0] == 0) {
+        gSz--; g++;
+    }
+    if (mp_init(&key->p) != MP_OKAY)
+        return MP_INIT_E;
+    if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
+        mp_clear(&key->p);
+        return ASN_DH_KEY_E;
+    }
+    if (mp_init(&key->g) != MP_OKAY) {
+        mp_clear(&key->p);
+        return MP_INIT_E;
+    }
+    if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
+        mp_clear(&key->g);
+        mp_clear(&key->p);
+        return ASN_DH_KEY_E;
+    }
+    return 0;
+}
+    return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
+}
+#ifdef WOLFSSL_KEY_GEN
+/* modulus_size in bits */
+int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
+{
+    mp_int  tmp, tmp2;
+    int     groupSz = 0, bufSz = 0,
+            primeCheckCount = 0,
+            primeCheck = MP_NO,
+            ret = 0;
+    unsigned char *buf = NULL;
+    if (rng == NULL || dh == NULL)
+        ret = BAD_FUNC_ARG;
+    /* set group size in bytes from modulus size
+     * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
+     */
+    if (ret == 0) {
+        switch (modSz) {
+            case 1024:
+                groupSz = 20;
+                break;
+            case 2048:
+            case 3072:
+                groupSz = 32;
+                break;
+            default:
+                ret = BAD_FUNC_ARG;
+                break;
+        }
+    }
+    if (ret == 0) {
+        /* modulus size in bytes */
+        modSz /= WOLFSSL_BIT_SIZE;
+        bufSz = modSz - groupSz;
+        /* allocate ram */
+        buf = (unsigned char *)XMALLOC(bufSz,
+                                       dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (buf == NULL)
+            ret = MEMORY_E;
+    }
+    /* make a random string that will be multplied against q */
+    if (ret == 0)
+        ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
+    if (ret == 0) {
+        /* force magnitude */
+        buf[0] |= 0xC0;
+        /* force even */
+        buf[bufSz - 1] &= ~1;
+        if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
+                != MP_OKAY) {
+            ret = MP_INIT_E;
+        }
+    }
+    if (ret == 0) {
+        if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
+            ret = MP_READ_E;
+    }
+    /* make our prime q */
+    if (ret == 0) {
+        if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY)
+            ret = PRIME_GEN_E;
+    }
+    /* p = random * q */
+    if (ret == 0) {
+        if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
+            ret = MP_MUL_E;
+    }
+    /* p = random * q + 1, so q is a prime divisor of p-1 */
+    if (ret == 0) {
+        if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY)
+            ret = MP_ADD_E;
+    }
+    /* tmp = 2q  */
+    if (ret == 0) {
+        if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
+            ret = MP_ADD_E;
+    }
+    /* loop until p is prime */
+    if (ret == 0) {
+        do {
+            if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
+                ret = PRIME_GEN_E;
+            if (primeCheck != MP_YES) {
+                /* p += 2q */
+                if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
+                    ret = MP_ADD_E;
+                else
+                    primeCheckCount++;
+            }
+        } while (ret == 0 && primeCheck == MP_NO);
+    }
+    /* tmp2 += (2*loop_check_prime)
+     * to have p = (q * tmp2) + 1 prime
+     */
+    if (primeCheckCount) {
+        if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
+            ret = MP_ADD_E;
+    }
+    /* find a value g for which g^tmp2 != 1 */
+    if (mp_set(&dh->g, 1) != MP_OKAY)
+        ret = MP_ZERO_E;
+    if (ret == 0) {
+        do {
+            if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
+                ret = MP_ADD_E;
+            else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
+                ret = MP_EXPTMOD_E;
+        } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
+    }
+    /* at this point tmp generates a group of order q mod p */
+    mp_exch(&tmp, &dh->g);
+    /* clear the parameters if there was an error */
+    if (ret != 0) {
+        mp_clear(&dh->q);
+        mp_clear(&dh->p);
+        mp_clear(&dh->g);
+    }
+    ForceZero(buf, bufSz);
+    XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    mp_clear(&tmp);
+    mp_clear(&tmp2);
+    return ret;
+}
+/* Export raw DH parameters from DhKey structure
+ *
+ * dh   - pointer to initialized DhKey structure
+ * p    - output location for DH (p) parameter
+ * pSz  - [IN/OUT] size of output buffer for p, size of p
+ * q    - output location for DH (q) parameter
+ * qSz  - [IN/OUT] size of output buffer for q, size of q
+ * g    - output location for DH (g) parameter
+ * gSz  - [IN/OUT] size of output buffer for g, size of g
+ *
+ * If p, q, and g pointers are all passed in as NULL, the function
+ * will set pSz, qSz, and gSz to the required output buffer sizes for p,
+ * q, and g. In this case, the function will return LENGTH_ONLY_E.
+ *
+ * returns 0 on success, negative upon failure
+ */
+int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
+                         byte* q, word32* qSz, byte* g, word32* gSz)
+{
+    int ret = 0;
+    word32 pLen = 0, qLen = 0, gLen = 0;
+    if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
+        ret = BAD_FUNC_ARG;
+    /* get required output buffer sizes */
+    if (ret == 0) {
+        pLen = mp_unsigned_bin_size(&dh->p);
+        qLen = mp_unsigned_bin_size(&dh->q);
+        gLen = mp_unsigned_bin_size(&dh->g);
+        /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */
+        if (p == NULL && q == NULL && g == NULL) {
+            *pSz = pLen;
+            *qSz = qLen;
+            *gSz = gLen;
+            ret = LENGTH_ONLY_E;
+        }
+    }
+    if (ret == 0) {
+        if (p == NULL || q == NULL || g == NULL)
+            ret = BAD_FUNC_ARG;
+    }
+    /* export p */
+    if (ret == 0) {
+        if (*pSz < pLen) {
+            WOLFSSL_MSG("Output buffer for DH p parameter too small, "
+                        "required size placed into pSz");
+            *pSz = pLen;
+            ret = BUFFER_E;
+        }
+    }
+    if (ret == 0) {
+        *pSz = pLen;
+        if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY)
+            ret = MP_TO_E;
+    }
+    /* export q */
+    if (ret == 0) {
+        if (*qSz < qLen) {
+            WOLFSSL_MSG("Output buffer for DH q parameter too small, "
+                        "required size placed into qSz");
+            *qSz = qLen;
+            ret = BUFFER_E;
+        }
+    }
+    if (ret == 0) {
+        *qSz = qLen;
+        if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY)
+            ret = MP_TO_E;
+    }
+    /* export g */
+    if (ret == 0) {
+        if (*gSz < gLen) {
+            WOLFSSL_MSG("Output buffer for DH g parameter too small, "
+                        "required size placed into gSz");
+            *gSz = gLen;
+            ret = BUFFER_E;
+        }
+    }
+    if (ret == 0) {
+        *gSz = gLen;
+        if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY)
+            ret = MP_TO_E;
+    }
+    return ret;
+}
+#endif /* WOLFSSL_KEY_GEN */
 #endif /* NO_DH */

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 372 for asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c

Legend:

asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/dh.c

Download in other formats: