From a77f9fe3e6929c666f1b207016766c4ad43af558 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 9 Jun 2017 13:02:19 -0700
Subject: [PATCH] Fix for DH so software math is used if prime is under 768
 bits.

---
 wolfcrypt/src/dh.c | 82 ++++++++++++++++++++++++----------------------
 1 file changed, 43 insertions(+), 39 deletions(-)

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index f6e2caf21..a0da997b2 100755
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -654,50 +654,54 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
     int ret;
 
 #if defined(HAVE_INTEL_QA)
-    mp_int x;
+    word32 sz;
+
+    /* verify prime is at least 768-bits */
+    /* QAT HW must have prime at least 768-bits */
+    sz = mp_unsigned_bin_size(&key->p);
+    if (sz >= (768/8)) {
+        mp_int x;
+
+        ret = mp_init(&x);
+        if (ret != MP_OKAY)
+            return ret;
+
+        ret = GeneratePrivateDh(key, rng, priv, privSz);
+        if (ret == 0)
+            ret = mp_read_unsigned_bin(&x, priv, *privSz);
+        if (ret == MP_OKAY)
+            ret = wc_mp_to_bigint(&x, &x.raw);
+        if (ret == MP_OKAY)
+            ret = wc_mp_to_bigint(&key->p, &key->p.raw);
+        if (ret == MP_OKAY)
+            ret = wc_mp_to_bigint(&key->g, &key->g.raw);
+        if (ret == MP_OKAY)
+            ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
+                &x.raw, pub, pubSz);
+        mp_clear(&x);
 
-    ret = mp_init(&x);
-    if (ret != MP_OKAY)
         return ret;
+    }
 
-    ret = GeneratePrivateDh(key, rng, priv, privSz);
-    if (ret == 0)
-        ret = mp_read_unsigned_bin(&x, priv, *privSz);
-    if (ret == MP_OKAY)
-        ret = wc_mp_to_bigint(&x, &x.raw);
-    if (ret == MP_OKAY)
-        ret = wc_mp_to_bigint(&key->p, &key->p.raw);
-    if (ret == MP_OKAY)
-        ret = wc_mp_to_bigint(&key->g, &key->g.raw);
-    if (ret == MP_OKAY)
-        ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
-            &x.raw, pub, pubSz);
-    mp_clear(&x);
+#elif defined(HAVE_CAVIUM)
+    /* TODO: Not implemented - use software for now */
 
-#else
+#else /* WOLFSSL_ASYNC_CRYPT_TEST */
+    WC_ASYNC_TEST* testDev = &key->asyncDev.test;
+    if (testDev->type == ASYNC_TEST_NONE) {
+        testDev->type = ASYNC_TEST_DH_GEN;
+        testDev->dhGen.key = key;
+        testDev->dhGen.rng = rng;
+        testDev->dhGen.priv = priv;
+        testDev->dhGen.privSz = privSz;
+        testDev->dhGen.pub = pub;
+        testDev->dhGen.pubSz = pubSz;
+        return WC_PENDING_E;
+    }
+#endif
 
-    #if defined(HAVE_CAVIUM)
-        /* TODO: Not implemented - use software for now */
-
-    #else /* WOLFSSL_ASYNC_CRYPT_TEST */
-        WC_ASYNC_TEST* testDev = &key->asyncDev.test;
-        if (testDev->type == ASYNC_TEST_NONE) {
-            testDev->type = ASYNC_TEST_DH_GEN;
-            testDev->dhGen.key = key;
-            testDev->dhGen.rng = rng;
-            testDev->dhGen.priv = priv;
-            testDev->dhGen.privSz = privSz;
-            testDev->dhGen.pub = pub;
-            testDev->dhGen.pubSz = pubSz;
-            return WC_PENDING_E;
-        }
-    #endif
-
-    ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
-
-#endif /* HAVE_INTEL_QA */
-
-    return ret;
+    /* otherwise use software DH */
+    return wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
 }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */