1 files changed, 10 insertions, 0 deletions

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index b49034952..2b65010ce 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -409,6 +409,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
         return (0);
 }
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
 /* openssl callback doing the actual signing operation */
 static ECDSA_SIG *
 ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
@@ -512,6 +513,7 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
 
         return (0);
 }
+#endif /* HAVE_EC_KEY_METHOD_NEW */
 
 /* remove trailing spaces */
 static void
@@ -582,6 +584,7 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
         return (0);
 }
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
 static struct sshkey *
 pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
     CK_OBJECT_HANDLE *obj)
@@ -704,6 +707,7 @@ fail:
 
         return (key);
 }
+#endif /* HAVE_EC_KEY_METHOD_NEW */
 
 static struct sshkey *
 pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
@@ -808,7 +812,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
         EC_KEY                  *ec = NULL;
         struct sshkey           *key = NULL;
         int                      i;
+#ifdef HAVE_EC_KEY_METHOD_NEW
         int                      nid;
+#endif
         const u_char             *cp;
 
         memset(&cert_attr, 0, sizeof(cert_attr));
@@ -890,6 +896,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
                 key->type = KEY_RSA;
                 key->flags |= SSHKEY_FLAG_EXT;
                 rsa = NULL;     /* now owned by key */
+#ifdef HAVE_EC_KEY_METHOD_NEW
         } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
                 if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
                         error("invalid x509; no ec key");
@@ -920,6 +927,7 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
                 key->type = KEY_ECDSA;
                 key->flags |= SSHKEY_FLAG_EXT;
                 ec = NULL;      /* now owned by key */
+#endif /* HAVE_EC_KEY_METHOD_NEW */
         } else
                 error("unknown certificate key type");
 
@@ -1103,9 +1111,11 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
                 case CKK_RSA:
                         key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
                         break;
+#ifdef HAVE_EC_KEY_METHOD_NEW
                 case CKK_ECDSA:
                         key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
                         break;
+#endif /* HAVE_EC_KEY_METHOD_NEW */
                 default:
                         /* XXX print key type? */
                         error("skipping unsupported key type");