From 7f9edfd23a9b9cd0827cc381e8fbd8cd0c9e5035 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 18 Nov 2014 15:56:50 +0000 Subject: [PATCH] Add OPENSSL_NO_ECDH guards MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper --- crypto/ec/ec_pmeth.c | 6 ++++++ ssl/s3_lib.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 66ee397d86..b62b532cf8 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, return ret; } +#ifndef OPENSSL_NO_ECDH static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { int ret; @@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) *keylen = ret; return 1; } +#endif static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { @@ -333,7 +335,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = 0,0, 0, +#ifndef OPENSSL_NO_ECDH pkey_ec_derive, +#else + 0, +#endif pkey_ec_ctrl, pkey_ec_ctrl_str diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3f1745336b..73852fbc3b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4000,6 +4000,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } ok = ok && ec_ok; } +#ifndef OPENSSL_NO_ECDH if ( /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ (alg_k & SSL_kEECDH) @@ -4047,6 +4048,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } ok = ok && ec_ok; } +#endif /* OPENSSL_NO_ECDH */ #endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ -- 2.25.1