Fix building w/out ECC.

Ifdef out ECC specific code so that that it'll build against an OpenSSL
configured w/out ECC.  With & ok djm@

kexecdh.c

@@ -208,4 +208,30 @@ kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
 	kex->ec_client_key = NULL;
 	return r;
 }
+
+#else
+
+#include "sshkey.h"
+#include "kex.h"
+#include "ssherr.h"
+
+int
+kex_ecdh_keypair(struct kex *kex)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
 #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */

ssh-pkcs11-helper.c

@@ -206,6 +206,7 @@ process_sign(void)
 					slen = ret;
 					ok = 0;
 				}
+#ifdef OPENSSL_HAS_ECC
 			} else if (key->type == KEY_ECDSA) {
 				u_int xslen = ECDSA_size(key->ecdsa);
 
@@ -219,6 +220,7 @@ process_sign(void)
 					error("%s: ECDSA_sign"
 					    " returns %d", __func__, ret);
 				slen = xslen;
+#endif /* OPENSSL_HAS_ECC */
 			} else
 				error("%s: don't know how to sign with key "
 				    "type %d", __func__, (int)key->type);

ssh-pkcs11.c

@@ -916,7 +916,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
 	X509			*x509 = NULL;
 	EVP_PKEY		*evp;
 	RSA			*rsa = NULL;
+#ifdef OPENSSL_HAS_ECC
 	EC_KEY			*ec = NULL;
+#endif
 	struct sshkey		*key = NULL;
 	int			 i;
 #ifdef HAVE_EC_KEY_METHOD_NEW
@@ -1043,7 +1045,9 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
 		free(cert_attr[i].pValue);
 	X509_free(x509);
 	RSA_free(rsa);
+#ifdef OPENSSL_HAS_ECC
 	EC_KEY_free(ec);
+#endif
 
 	return (key);
 }