Fix for DH so software math is used if prime is under 768 bits.

wolfcrypt/src/dh.c

@@ -654,6 +654,12 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
     int ret;
 
 #if defined(HAVE_INTEL_QA)
+    word32 sz;
+
+    /* verify prime is at least 768-bits */
+    /* QAT HW must have prime at least 768-bits */
+    sz = mp_unsigned_bin_size(&key->p);
+    if (sz >= (768/8)) {
         mp_int x;
 
         ret = mp_init(&x);
@@ -674,12 +680,13 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
                 &x.raw, pub, pubSz);
         mp_clear(&x);
 
-#else
+        return ret;
+    }
 
-    #if defined(HAVE_CAVIUM)
+#elif defined(HAVE_CAVIUM)
     /* TODO: Not implemented - use software for now */
 
-    #else /* WOLFSSL_ASYNC_CRYPT_TEST */
+#else /* WOLFSSL_ASYNC_CRYPT_TEST */
     WC_ASYNC_TEST* testDev = &key->asyncDev.test;
     if (testDev->type == ASYNC_TEST_NONE) {
         testDev->type = ASYNC_TEST_DH_GEN;
@@ -691,13 +698,10 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
         testDev->dhGen.pubSz = pubSz;
         return WC_PENDING_E;
     }
-    #endif
+#endif
 
-    ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
-
-#endif /* HAVE_INTEL_QA */
-
-    return ret;
+    /* otherwise use software DH */
+    return wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
 }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */