diff --git a/src/ssl.c b/src/ssl.c
index 59ad9bae6..15f860651 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -29795,7 +29795,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
         privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
         pubSz  = wolfSSL_BN_bn2bin(otherPub, pub);
         if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS){
-                WOLFSSL_MSG("Bad DH set internal");
+            WOLFSSL_MSG("Bad DH set internal");
         }
         if (privSz <= 0 || pubSz <= 0)
             WOLFSSL_MSG("Bad BN2bin set");
@@ -29811,6 +29811,8 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
     XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
 #endif
 
+    WOLFSSL_LEAVE("wolfSSL_DH_compute_key", ret);
+
     return ret;
 }
 
diff --git a/tests/api.c b/tests/api.c
index 75cad80bd..024cda3f3 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -27726,7 +27726,7 @@ static void test_wolfSSL_X509_sign(void)
     byte sn[16];
     int snSz = sizeof(sn);
 
-    printf(testingFmt, "wolfSSL_X509_sign\n");
+    printf(testingFmt, "wolfSSL_X509_sign");
 
     /* Set X509_NAME fields */
     AssertNotNull(name = X509_NAME_new());
@@ -32751,6 +32751,7 @@ static void test_wolfSSL_OCSP_get0_info()
 static void test_wolfSSL_EVP_PKEY_derive(void)
 {
 #ifdef OPENSSL_ALL
+    printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
     EVP_PKEY_CTX *ctx;
     unsigned char *skey;
@@ -32800,6 +32801,7 @@ static void test_wolfSSL_EVP_PKEY_derive(void)
     XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
 #endif /* HAVE_ECC */
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+    printf(resultFmt, "passed");
 #endif /* OPENSSL_ALL */
 }
 
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index b4bb58971..f79c0829e 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1385,8 +1385,9 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
             if (*keylen < (size_t)len) {
                 return WOLFSSL_FAILURE;
             }
+            /* computed DH agreement can be less than DH size if leading zeros */
             if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key,
-                                       ctx->pkey->dh) != len) {
+                                       ctx->pkey->dh) <= 0) {
                 return WOLFSSL_FAILURE;
             }
         }