From 2e3e3d278ec4984d352c65e2df8270ecf658d5b4 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Nov 2014 15:56:50 +0000
Subject: Add OPENSSL_NO_ECDH guards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 7f9edfd23a9b9cd0827cc381e8fbd8cd0c9e5035)
---
 crypto/ec/ec_pmeth.c | 6 ++++++
 ssl/s3_lib.c         | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index ba4b519570..03ac81e5cc 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
 	return ret;
 	}
 
+#ifndef OPENSSL_NO_ECDH
 static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	{
 	int ret;
@@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	*keylen = ret;
 	return 1;
 	}
+#endif
 
 static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 	{
@@ -332,7 +334,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
 	0,0,
 
 	0,
+#ifndef OPENSSL_NO_ECDH
 	pkey_ec_derive,
+#else
+	0,
+#endif
 
 	pkey_ec_ctrl,
 	pkey_ec_ctrl_str
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b874dd473f..c561e7bd1f 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3058,6 +3058,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 				}
 			ok = ok && ec_ok;
 			}
+#ifndef OPENSSL_NO_ECDH
 		if (
 			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
 			(alg_k & SSL_kEECDH)
@@ -3105,6 +3106,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 				}
 			ok = ok && ec_ok;
 			}
+#endif /* OPENSSL_NO_ECDH */
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */
 
-- 
cgit v1.2.3