diff --git a/configure.ac b/configure.ac
index 0225d70e3..becfa31ab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -253,7 +253,7 @@ AS_CASE([$ENABLED_FIPS],
         FIPS_VERSION="v1"
     ],
     [
-        AC_MSG_ERROR([Invalid value for --enable-fips \"$ENABLED_FIPS\" (allowed: ready, rand, v1, v2, v5)])
+        AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (allowed: ready, rand, v1, v2, v5)])
     ])
 
 AS_CASE([$FIPS_VERSION],
diff --git a/src/ssl.c b/src/ssl.c
index 884c91951..e58936265 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -46857,7 +46857,7 @@ int wolfSSL_CRYPTO_set_mem_functions(
         return WOLFSSL_FAILURE;
 }
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST)
+#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && !defined(NO_DH)
 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
                            void (*callback) (int, int, void *), void *cb_arg)
 {
@@ -46924,7 +46924,7 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat
 
     return WOLFSSL_SUCCESS;
 }
-#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */
+#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST && !NO_DH */
 
 int wolfSSL_ERR_load_ERR_strings(void)
 {
diff --git a/src/tls.c b/src/tls.c
index f7b0fbadd..4e052d5fe 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -4255,7 +4255,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
                     break;
             }
             if (params == NULL)
-                 return BAD_FUNC_ARG;
+                return BAD_FUNC_ARG;
             if (params->p_len >= ssl->options.minDhKeySz &&
                                      params->p_len <= ssl->options.maxDhKeySz) {
                  break;
@@ -6816,11 +6816,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 
     while ((current = list) != NULL) {
         list = current->next;
-        if (current->group >= MIN_FFHDE_GROUP &&
-            current->group <= MAX_FFHDE_GROUP) {
-#ifndef NO_DH
-            wc_FreeDhKey((DhKey*)current->key);
-#endif
+        if ((current->group & NAMED_DH_MASK) == NAMED_DH_MASK) {
         }
         else if (current->group == WOLFSSL_ECC_X25519) {
 #ifdef HAVE_CURVE25519
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index ee838ab34..74b3dca84 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -9475,6 +9475,7 @@ int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz)
 
     if (aes == NULL || iv == NULL || !CheckAesGcmIvSize(ivSz)) {
         ret = BAD_FUNC_ARG;
+    }
 
     if (ret == 0) {
         XMEMCPY((byte*)aes->reg, iv, ivSz);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ec6b4fef6..647c9482e 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -16368,11 +16368,11 @@ static int dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(-8050, done);
 #endif
 
-    pubSz = FFDHE_KEY_SIZE;
-    pubSz2 = FFDHE_KEY_SIZE;
+    pubSz = MAX_DH_KEY_SZ;
+    pubSz2 = MAX_DH_KEY_SZ;
     #ifdef HAVE_PUBLIC_FFDHE
-    privSz = FFDHE_KEY_SIZE;
-    privSz2 = FFDHE_KEY_SIZE;
+    privSz = MAX_DH_PRIV_SZ;
+    privSz2 = MAX_DH_PRIV_SZ;
     #else
     privSz = wc_DhGetNamedKeyMinSize(name);
     privSz2 = privSz;