From b7f453703140730944cc6fbb523399f4ea95771f Mon Sep 17 00:00:00 2001
From: dengert <dengert@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Fri, 3 Dec 2010 15:15:29 +0000
Subject: [PATCH] Test for OPENSSL_NO_EC as some systems build OPENSSL without
 EC.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4906 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/tools/piv-tool.c    | 8 ++++++++
 src/tools/pkcs11-tool.c | 8 ++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/tools/piv-tool.c b/src/tools/piv-tool.c
index 9023a7bb..b3fd056c 100644
--- a/src/tools/piv-tool.c
+++ b/src/tools/piv-tool.c
@@ -30,6 +30,9 @@
 #include <errno.h>
 #include <ctype.h>
 #include <sys/stat.h>
+
+/* Module only built if OPENSSL is enabled */
+#include <openssl/opensslconf.h>
 #include <openssl/rsa.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
@@ -322,6 +325,7 @@ static int gen_key(const char * key_info)
 		EVP_PKEY_assign_RSA(evpkey, newkey);
 
 	} else { /* EC key */
+#ifndef OPENSSL_NO_EC
 		int i;
 		BIGNUM *x;
 		BIGNUM *y;
@@ -346,6 +350,10 @@ static int gen_key(const char * key_info)
 			EC_KEY_print_fp(stdout, eckey, 0);
 
 		EVP_PKEY_assign_EC_KEY(evpkey, eckey);
+#else
+		fprintf(stderr, "This build of OpenSSL does not support EC keys"\n);
+		r = 1; 
+#endif /* OPENSSL_NO_EC */
 
 	}
 	if (bp)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index dd23e8c7..3bf9a690 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -21,10 +21,14 @@
 #include "config.h"
 
 #ifdef ENABLE_OPENSSL
+#include <openssl/opensslconf.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
 #include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#endif
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #endif
@@ -1240,7 +1244,7 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 		util_fatal("failed to open %s: %m", opt_output);
 	}
 
-#if ENABLE_OPENSSL
+#if defined(ENABLE_OPENSSL) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_EDSA)
 /*
  * PKCS11 implies the ECDSA sig is 2nLen,
  * OpenSSL expects sequence of {integer, integer}
@@ -1265,7 +1269,7 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 		ECDSA_SIG_free(ecsig);
 
 	} else 
-#endif
+#endif /* ENABLE_OPENSSL  && !OPENSSL_NO_EC && !OPENSSL_NO_ECDSA */
 	r = write(fd, buffer, sig_len);
 	if (r < 0)
 		util_fatal("Failed to write to %s: %m", opt_output);