From 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 17 May 2019 10:54:51 +1000
Subject: Fix building w/out ECC.

Ifdef out ECC specific code so that that it'll build against an OpenSSL
configured w/out ECC.  With & ok djm@
---
 kexecdh.c           | 26 ++++++++++++++++++++++++++
 ssh-pkcs11-helper.c |  2 ++
 ssh-pkcs11.c        |  4 ++++
 3 files changed, 32 insertions(+)

diff --git a/kexecdh.c b/kexecdh.c
index 0aeab2e9..9a3bb81b 100644
--- a/kexecdh.c
+++ b/kexecdh.c
@@ -208,4 +208,30 @@ kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
 	kex->ec_client_key = NULL;
 	return r;
 }
+
+#else
+
+#include "sshkey.h"
+#include "kex.h"
+#include "ssherr.h"
+
+int
+kex_ecdh_keypair(struct kex *kex)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
 #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 807ceb66..cb873e20 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -206,6 +206,7 @@ process_sign(void)
 					slen = ret;
 					ok = 0;
 				}
+#ifdef OPENSSL_HAS_ECC
 			} else if (key->type == KEY_ECDSA) {
 				u_int xslen = ECDSA_size(key->ecdsa);
 
@@ -219,6 +220,7 @@ process_sign(void)
 					error("%s: ECDSA_sign"
 					    " returns %d", __func__, ret);
 				slen = xslen;
+#endif /* OPENSSL_HAS_ECC */
 			} else
 				error("%s: don't know how to sign with key "
 				    "type %d", __func__, (int)key->type);
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 24bbc587..d9413bc4 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -916,7 +916,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
 	X509			*x509 = NULL;
 	EVP_PKEY		*evp;
 	RSA			*rsa = NULL;
+#ifdef OPENSSL_HAS_ECC
 	EC_KEY			*ec = NULL;
+#endif
 	struct sshkey		*key = NULL;
 	int			 i;
 #ifdef HAVE_EC_KEY_METHOD_NEW
@@ -1043,7 +1045,9 @@ fail:
 		free(cert_attr[i].pValue);
 	X509_free(x509);
 	RSA_free(rsa);
+#ifdef OPENSSL_HAS_ECC
 	EC_KEY_free(ec);
+#endif
 
 	return (key);
 }
-- 
cgit v1.2.3