From c1ca1f1b78843ef73014b68848fba2ac0076ac3f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 2 Nov 2018 12:55:07 -0700
Subject: [PATCH] Remove DH prime check on selftest/fips builds.

---
 src/ssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 6bcd80b44..b72324d07 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1477,7 +1477,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     if (ssl->options.side == WOLFSSL_CLIENT_END)
         return SIDE_ERROR;
 
-    #ifndef WOLFSSL_OLD_PRIME_CHECK
+    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+        !defined(HAVE_SELFTEST)
     {
         DhKey checkKey;
         int error, freeKey = 0;
@@ -1563,7 +1564,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
     if (pSz > ctx->maxDhKeySz)
         return DH_KEY_SIZE_E;
 
-    #ifndef WOLFSSL_OLD_PRIME_CHECK
+    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
+        !defined(HAVE_SELFTEST)
     {
         DhKey checkKey;
         WC_RNG rng;