Fix no-dh

The recent TLSv1.3 FFDHE support missed a few OPENSSL_NO_DH guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9153)

1 files changed, 3 insertions, 1 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a75a15802a..358142e935 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4795,7 +4795,7 @@ EVP_PKEY *ssl_generate_param_group(uint16_t id)
         goto err;
     if (EVP_PKEY_paramgen_init(pctx) <= 0)
         goto err;
-# ifndef OPENSSl_NO_DH
+# ifndef OPENSSL_NO_DH
     if (ginf->flags & TLS_GROUP_FFDHE) {
         if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
             goto err;
@@ -4844,8 +4844,10 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
         goto err;
     }
 
+#ifndef OPENSSL_NO_DH
     if (SSL_IS_TLS13(s) &&  EVP_PKEY_id(privkey) == EVP_PKEY_DH)
         EVP_PKEY_CTX_set_dh_pad(pctx, 1);
+#endif
 
     pms = OPENSSL_malloc(pmslen);
     if (pms == NULL) {