From 4d65e4cc1ec3b57b5696402d5f3c814d288b1c30 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 20 Mar 2018 15:31:20 -0600
Subject: [PATCH] add WOLFSSL_NO_DH186 macro to optionally compile out DH186
 function

---
 wolfcrypt/src/dh.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 928dd4266..2ca3dae1a 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -568,6 +568,7 @@ void wc_FreeDhKey(DhKey* key)
 #endif
 
 
+#ifndef WOLFSSL_NO_DH186
 /* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
  * modLen - represents L, the size of p in bits
  * divLen - represents N, the size of q in bits
@@ -698,6 +699,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
 
     return err;
 }
+#endif /* WOLFSSL_NO_DH186 */
 
 
 static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
@@ -706,13 +708,16 @@ static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
     int ret = 0;
     word32 sz = 0;
 
+#ifndef WOLFSSL_NO_DH186
     if (mp_iszero(&key->q) == MP_NO) {
 
         /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
          * Generation Using Extra Random Bits" */
         ret = GeneratePrivateDh186(key, rng, priv, privSz);
 
-    } else {
+    } else
+#endif
+    {
 
         sz = mp_unsigned_bin_size(&key->p);