From a033c9a2e8b1c9e5719a27ad3cadc66a866ef2c1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 20 Apr 2020 14:05:23 +0100
Subject: [PATCH] Fix some build failures with no-dh

Add some missing OPENSSL_NO_DH guards.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11582)
---
 crypto/ffc/ffc_backend.c                                    | 6 ++++++
 crypto/ffc/ffc_params.c                                     | 5 +++++
 .../implementations/serializers/serializer_ffc_params.c     | 5 +++++
 3 files changed, 16 insertions(+)

diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index d3661b1706..d9b3e2e8af 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -31,7 +31,13 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
     if (prm != NULL) {
         if (prm->data_type != OSSL_PARAM_UTF8_STRING)
             goto err;
+#ifndef OPENSSL_NO_DH
+        /*
+         * In a no-dh build we just go straight to err because we have no
+         * support for this.
+         */
         if (!ffc_set_group_pqg(ffc, prm->data))
+#endif
             goto err;
     }
 
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 89550bedec..63a8bb73b4 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -215,6 +215,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
                                               ffc->seed, ffc->seedlen))
         return 0;
     if (ffc->nid != NID_undef) {
+#ifndef OPENSSL_NO_DH
         const char *name = ffc_named_group_from_uid(ffc->nid);
 
         if (name == NULL
@@ -222,6 +223,10 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
                                                  OSSL_PKEY_PARAM_FFC_GROUP,
                                                  name))
             return 0;
+#else
+        /* How could this be? We should not have a nid in a no-dh build. */
+        return 0;
+#endif
     }
     return 1;
 }
diff --git a/providers/implementations/serializers/serializer_ffc_params.c b/providers/implementations/serializers/serializer_ffc_params.c
index 20cf4b3d24..98c9886ce9 100644
--- a/providers/implementations/serializers/serializer_ffc_params.c
+++ b/providers/implementations/serializers/serializer_ffc_params.c
@@ -15,6 +15,7 @@
 int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc)
 {
     if (ffc->nid != NID_undef) {
+#ifndef OPENSSL_NO_DH
         const char *name = ffc_named_group_from_uid(ffc->nid);
 
         if (name == NULL)
@@ -22,6 +23,10 @@ int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc)
         if (ossl_prov_bio_printf(out, "GROUP: %s\n", name) <= 0)
             goto err;
         return 1;
+#else
+        /* How could this be? We should not have a nid in a no-dh build. */
+        goto err;
+#endif
     }
 
     if (!ossl_prov_print_labeled_bignum(out, "P:   ", ffc->p))
-- 
2.25.1