1 files changed, 40 insertions, 34 deletions

diff --git a/configure.ac b/configure.ac
index 4baaa62a8..bc28d0748 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1909,44 +1909,10 @@ AC_ARG_ENABLE([security-key],
         ]
 )
 
-# PKCS11/U2F depend on OpenSSL and dlopen().
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
 
-enable_pkcs11=yes
-enable_sk=yes
-if test "x$openssl" != "xyes" ; then
-        enable_pkcs11="disabled; missing libcrypto"
-        enable_sk="disabled; missing libcrypto"
-fi
-if test "x$ac_cv_func_dlopen" != "xyes" ; then
-        enable_pkcs11="disabled; missing dlopen(3)"
-        enable_sk="disabled; missing dlopen(3)"
-fi
-if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
-        enable_pkcs11="disabled; missing RTLD_NOW"
-        enable_sk="disabled; missing RTLD_NOW"
-fi
-if test ! -z "$disable_pkcs11" ; then
-        enable_pkcs11="disabled by user"
-fi
-if test ! -z "$disable_sk" ; then
-        enable_sk="disabled by user"
-fi
-
-AC_MSG_CHECKING([whether to enable PKCS11])
-if test "x$enable_pkcs11" = "xyes" ; then
-        AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
-fi
-AC_MSG_RESULT([$enable_pkcs11])
-
-AC_MSG_CHECKING([whether to enable U2F])
-if test "x$enable_sk" = "xyes" ; then
-        AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
-fi
-AC_MSG_RESULT([$enable_sk])
-
 # IRIX has a const char return value for gai_strerror()
 AC_CHECK_FUNCS([gai_strerror], [
         AC_DEFINE([HAVE_GAI_STRERROR])
@@ -3015,6 +2981,9 @@ if test "x$openssl" = "xyes" ; then
             test x$enable_nistp521 = x1; then
                 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
                 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
+                openssl_ecc=yes
+        else
+                openssl_ecc=no
         fi
         if test x$enable_nistp256 = x1; then
                 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@@ -3055,6 +3024,43 @@ else
         AC_CHECK_FUNCS([crypt])
 fi
 
+# PKCS11/U2F depend on OpenSSL and dlopen().
+enable_pkcs11=yes
+enable_sk=yes
+if test "x$openssl" != "xyes" ; then
+        enable_pkcs11="disabled; missing libcrypto"
+        enable_sk="disabled; missing libcrypto"
+fi
+if test "x$openssl_ecc" != "xyes" ; then
+        enable_sk="disabled; OpenSSL has no ECC support"
+fi
+if test "x$ac_cv_func_dlopen" != "xyes" ; then
+        enable_pkcs11="disabled; missing dlopen(3)"
+        enable_sk="disabled; missing dlopen(3)"
+fi
+if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
+        enable_pkcs11="disabled; missing RTLD_NOW"
+        enable_sk="disabled; missing RTLD_NOW"
+fi
+if test ! -z "$disable_pkcs11" ; then
+        enable_pkcs11="disabled by user"
+fi
+if test ! -z "$disable_sk" ; then
+        enable_sk="disabled by user"
+fi
+
+AC_MSG_CHECKING([whether to enable PKCS11])
+if test "x$enable_pkcs11" = "xyes" ; then
+        AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
+fi
+AC_MSG_RESULT([$enable_pkcs11])
+
+AC_MSG_CHECKING([whether to enable U2F])
+if test "x$enable_sk" = "xyes" ; then
+        AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
+fi
+AC_MSG_RESULT([$enable_sk])
+
 AC_CHECK_FUNCS([ \
         arc4random \
         arc4random_buf \