From 6597d62b8b95046370212bfd3c0767c970798085 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 13 Jun 2019 10:21:46 +0100
Subject: Fix no-dh

The recent TLSv1.3 FFDHE support missed a few OPENSSL_NO_DH guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9153)
---
 ssl/s3_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ssl')

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a75a15802a..358142e935 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4795,7 +4795,7 @@ EVP_PKEY *ssl_generate_param_group(uint16_t id)
         goto err;
     if (EVP_PKEY_paramgen_init(pctx) <= 0)
         goto err;
-# ifndef OPENSSl_NO_DH
+# ifndef OPENSSL_NO_DH
     if (ginf->flags & TLS_GROUP_FFDHE) {
         if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
             goto err;
@@ -4844,8 +4844,10 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
         goto err;
     }
 
+#ifndef OPENSSL_NO_DH
     if (SSL_IS_TLS13(s) &&  EVP_PKEY_id(privkey) == EVP_PKEY_DH)
         EVP_PKEY_CTX_set_dh_pad(pctx, 1);
+#endif
 
     pms = OPENSSL_malloc(pmslen);
     if (pms == NULL) {
-- 
cgit v1.2.3