Add OPENSSL_NO_ECDH guards

Reviewed-by: Emilia Käsper <emilia@openssl.org>

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 66ee397d86c4137af00ba1c5966137f1fa4be367..b62b532cf869971fa1f35673fef970043dfbc963 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
        return ret;
        }
 
+#ifndef OPENSSL_NO_ECDH
 static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
        {
        int ret;
@@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
        *keylen = ret;
        return 1;
        }
+#endif
 
 static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        {
@@ -333,7 +335,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
        0,0,
 
        0,
+#ifndef OPENSSL_NO_ECDH
        pkey_ec_derive,
+#else
+       0,
+#endif
 
        pkey_ec_ctrl,
        pkey_ec_ctrl_str

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3f1745336b22ea2b4d1a72ca0e61fc6db6d7a6f0..73852fbc3be241e739708b533b96087e133e6197 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4000,6 +4000,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                                }
                        ok = ok && ec_ok;
                        }
+#ifndef OPENSSL_NO_ECDH
                if (
                        /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
                        (alg_k & SSL_kEECDH)
@@ -4047,6 +4048,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                                }
                        ok = ok && ec_ok;
                        }
+#endif /* OPENSSL_NO_ECDH */
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */