- if (gtype != TLS_CURVE_CUSTOM
- && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- goto err;
+# ifndef OPENSSL_NO_DH
+ if (gtype == TLS_GROUP_FFDHE) {
+ if ((pkey = EVP_PKEY_new()) == NULL
+ || (dh = DH_new_by_nid(ginf->nid)) == NULL
+ || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+ ERR_R_EVP_LIB);
+ DH_free(dh);
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ goto err;
+ }
+ if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+ ERR_R_EVP_LIB);
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ goto err;
+ }