From f82bcabb19bad25f752e6e0703d8a802d4096878 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealem@wolfssl.com>
Date: Tue, 29 Apr 2025 17:03:41 -0600
Subject: [PATCH] Pulling in wc_DhGeneratePublic API

---
 wolfcrypt/src/dh.c     | 36 ++++++++++++++++++++++++++++++++++--
 wolfssl/wolfcrypt/dh.h |  4 ++++
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index c1860e24c..829415be6 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1348,6 +1348,38 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
     return ret;
 }
 
+#if defined(WOLFSSL_DH_GEN_PUB)
+/**
+ * Given a DhKey with set params and a priv key, generate the corresponding
+ * public key. If fips, does pub key validation.
+ * */
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
+    byte* pub, word32* pubSz)
+{
+    int ret = 0;
+
+    if (key == NULL || priv == NULL || privSz == 0 ||
+        pub == NULL || pubSz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    SAVE_VECTOR_REGISTERS(return _svr_ret;);
+
+    ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
+
+    #if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
+    if (ret == 0)
+        ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
+    if (ret == 0)
+        ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
+    #endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
+
+    RESTORE_VECTOR_REGISTERS();
+
+    return ret;
+}
+#endif /* WOLFSSL_DH_GEN_PUB */
+
 static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
     byte* priv, word32* privSz, byte* pub, word32* pubSz)
 {
@@ -2340,8 +2372,8 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
 #endif /* WOLFSSL_DH_EXTRA */
 
 static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
-                   word32 gSz, const byte* q, word32 qSz, int trusted,
-                   WC_RNG* rng)
+                     word32 gSz, const byte* q, word32 qSz, int trusted,
+                     WC_RNG* rng)
 {
     int ret = 0;
     mp_int* keyP = NULL;
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index 3adaba980..894b7f337 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -112,6 +112,10 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
 WOLFSSL_API int wc_InitDhKey(DhKey* key);
 WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
 WOLFSSL_API int wc_FreeDhKey(DhKey* key);
+#if defined(WOLFSSL_DH_GEN_PUB)
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
+                                    byte* pub, word32* pubSz);
+#endif /* WOLFSSL_DH_GEN_PUB */
 
 WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);