20250106-_DhSetKey-FFDHE-short-circuit

[douzzer]

wolfcrypt/src/dh.c: in _DhSetKey(), add short-circuit comparisons to RFC 7919 known-good moduli, preempting overhead from mp_prime_is_prime().

wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().

see ZD#18507

tested with wolfssl-multi-test.sh ... check-source-text fips-140-2-optest fips-140-3-dev-all plus enable-all builds with CPPFLAGS=-DHAVE_PUBLIC_FFDHE.

[SparkiDev]

There is a trusted parameter that can be used if the prime is known to be good.
Otherwise, yeah we can do these checks as they are quick compared to the overall time of checking a prime.

[douzzer]

Right, the optimization is for use cases like in ZD#18507 where DH params are read from a file, and may be a standard prime, but can't be counted on to be.

[douzzer]

retest this please (Windows worker node glitch)