1. Add flag to DH keys when using safe parameters.

2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.

configure.ac

@@ -3347,7 +3347,7 @@ fi
 # FIPS
 AS_CASE([$FIPS_VERSION],
     ["v4"], [ # FIPS 140-3
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=4 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=4 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING"
         ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no"
         # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
@@ -3372,7 +3372,9 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
         AS_IF([test "x$ENABLED_AESGCM" = "xno"],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
-        AM_CPPFLAGS="$AM_CPPFLAGS -DUSE_CERT_BUFFERS_3072 -DUSE_CERT_BUFFERS_4096"
+        AM_CFLAGS="$AM_CFLAGS -DUSE_CERT_BUFFERS_3072 -DUSE_CERT_BUFFERS_4096"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384"
     ],
     ["v3"],[ # FIPS Ready
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=3 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"

wolfcrypt/src/dh.c

@@ -944,6 +944,9 @@ int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
 #else
     (void)devId;
 #endif
+
+    key->trustedGroup = 0;
+
 #ifdef WOLFSSL_KCAPI_DH
     key->handle = NULL;
 #endif
@@ -1073,7 +1076,9 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
     pSz = mp_unsigned_bin_size(&key->p);
 
     /* verify (L,N) pair bit lengths */
-    if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
+    /* Trusted primes don't need to be checked. */
+    if (!key->trustedGroup &&
+            CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
         WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
         return BAD_FUNC_ARG;
     }
@@ -2311,6 +2316,8 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
     if (ret == 0 && q != NULL) {
         if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
             ret = MP_INIT_E;
+        else
+            key->trustedGroup = trusted;
     }
 
     if (ret != 0 && key != NULL) {
@@ -2346,7 +2353,6 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
     return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
 }
 
-
 #ifdef WOLFSSL_KEY_GEN
 
 /* modulus_size in bits */

wolfssl/wolfcrypt/dh.h

@@ -72,6 +72,7 @@ struct DhKey {
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
+    int trustedGroup;
 #ifdef WOLFSSL_KCAPI_DH
     struct kcapi_handle* handle;
 #endif