Skip to content

FIPS: Default to 2048 bit min DH crypto#10820

Open
lealem47 wants to merge 4 commits into
wolfSSL:masterfrom
lealem47:dh_min_sz
Open

FIPS: Default to 2048 bit min DH crypto#10820
lealem47 wants to merge 4 commits into
wolfSSL:masterfrom
lealem47:dh_min_sz

Conversation

@lealem47

@lealem47 lealem47 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Description

Adding DH_MIN_SIZE macro to control DH bit security in the wolfssl build. Overridable via macro for legacy callers, and updating tests to accommodate.

Testing

./configure --enable-all && make check

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@lealem47 lealem47 self-assigned this Jun 30, 2026
Copilot AI review requested due to automatic review settings June 30, 2026 17:02

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a configurable minimum Diffie-Hellman prime size (defaulting to 2048 bits) and enforces it across the wolfCrypt DH implementation, while updating TLS-layer defaults and adjusting tests to accommodate the stronger default.

Changes:

  • Add DH_MIN_SIZE (default 2048) as the minimum allowed DH prime size, with legacy override support.
  • Default TLS-layer WOLFSSL_MIN_DHKEY_BITS to DH_MIN_SIZE and add a build-time consistency check.
  • Enforce DH_MIN_SIZE at runtime in DH key generation/agreement, and update tests to use 2048-bit DH params.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
wolfssl/wolfcrypt/settings.h Introduces DH_MIN_SIZE default and legacy mapping; base for new minimum DH policy.
wolfssl/internal.h Updates TLS minimum DH size defaulting and adds a consistency #error check.
wolfcrypt/src/dh.c Adds runtime enforcement of minimum DH prime size in DH operations.
tests/api/test_dh.c Adjusts subgroup-check test compilation based on DH_MIN_SIZE.
tests/api.c Updates DH-related API tests to load/use 2048-bit DH parameters from PEM.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread wolfcrypt/src/dh.c Outdated
Comment thread tests/api/test_dh.c
Comment on lines 86 to 88
#if !defined(NO_DH) && !defined(WOLFSSL_SP_MATH) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
(!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) && DH_MIN_SIZE <= 512
DhKey key;
Comment thread wolfssl/wolfcrypt/settings.h
@lealem47 lealem47 changed the title Default to 2048 bit DH crypto with DH_MIN_SZ macro Default to 2048 bit DH crypto with DH_MIN_SIZE macro Jun 30, 2026
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

MemBrowse Memory Report

gcc-arm-cortex-m0plus

  • FLASH: .text +88 B (+0.1%, 63,583 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m3

  • FLASH: .text +120 B (+0.1%, 121,533 B / 262,144 B, total: 46% used)

gcc-arm-cortex-m4

  • FLASH: .text +192 B (+0.1%, 199,244 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-baremetal

  • FLASH: .text +128 B (+0.2%, 66,187 B / 262,144 B, total: 25% used)

gcc-arm-cortex-m4-crypto-only

  • FLASH: .text +128 B (+0.1%, 173,802 B / 262,144 B, total: 66% used)

gcc-arm-cortex-m4-dtls13

  • FLASH: .text +128 B (+0.1%, 179,928 B / 1,048,576 B, total: 17% used)

gcc-arm-cortex-m4-min-ecc

  • FLASH: .text +128 B (+0.2%, 61,165 B / 262,144 B, total: 23% used)

gcc-arm-cortex-m4-openssl-compat

  • FLASH: .text +128 B (+0.0%, 768,324 B / 1,048,576 B, total: 73% used)

gcc-arm-cortex-m4-pkcs7

  • FLASH: .text +128 B (+0.1%, 211,565 B / 262,144 B, total: 81% used)

gcc-arm-cortex-m4-pq

  • FLASH: .text +64 B (+0.0%, 278,064 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m4-rsa-only

  • FLASH: .text +192 B (+0.1%, 323,664 B / 1,048,576 B, total: 31% used)

gcc-arm-cortex-m4-sp-math

  • FLASH: .text +128 B (+0.2%, 61,165 B / 262,144 B, total: 23% used)

gcc-arm-cortex-m4-tls12

  • FLASH: .text +128 B (+0.1%, 122,317 B / 262,144 B, total: 47% used)

gcc-arm-cortex-m4-tls13

  • FLASH: .text +128 B (+0.1%, 234,878 B / 262,144 B, total: 90% used)

gcc-arm-cortex-m7

  • FLASH: .text +192 B (+0.1%, 199,244 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m7-pq

  • FLASH: .text +128 B (+0.0%, 278,640 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m7-tls13

  • FLASH: .text +128 B (+0.1%, 234,878 B / 262,144 B, total: 90% used)

stm32-sim-stm32h753

@lealem47 lealem47 changed the title Default to 2048 bit DH crypto with DH_MIN_SIZE macro FIPS: Default to 2048 bit min DH crypto Jun 30, 2026
@lealem47

lealem47 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Jenkins Retest this please.

@lealem47 lealem47 assigned wolfSSL-Bot and lealem47 and unassigned lealem47 Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants