Repair for non-ECC OpenSSL.

Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.

monitor.c

@@ -1853,7 +1853,9 @@ monitor_apply_keystate(struct monitor *pmonitor)
 		kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 		kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 		kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+# ifdef OPENSSL_HAS_ECC
 		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+# endif
 #endif /* WITH_OPENSSL */
 		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 		kex->load_host_public_key=&get_hostkey_public_by_type;

opacket.c

@@ -93,6 +93,7 @@ ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value)
 		fatal("%s: %s", __func__, ssh_err(r));
 }
 
+# ifdef OPENSSL_HAS_ECC
 void
 ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve,
     const EC_POINT *point)
@@ -102,6 +103,7 @@ ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve,
 	if ((r = sshpkt_put_ec(ssh, point, curve)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
 }
+# endif
 #endif /* WITH_OPENSSL */
 
 void
@@ -165,6 +167,7 @@ ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value)
 		fatal("%s: %s", __func__, ssh_err(r));
 }
 
+# ifdef OPENSSL_HAS_ECC
 void
 ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point)
 {
@@ -173,6 +176,7 @@ ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point)
 	if ((r = sshpkt_get_ec(ssh, point, curve)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
 }
+# endif
 #endif /* WITH_OPENSSL */
 
 void *

ssh-keyscan.c

@@ -282,7 +282,9 @@ keygrab_ssh2(con *c)
 	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+# ifdef OPENSSL_HAS_ECC
 	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+# endif
 #endif
 	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);

ssh_api.c

@@ -105,7 +105,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+# ifdef OPENSSL_HAS_ECC
 		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+# endif
 #endif /* WITH_OPENSSL */
 		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 		ssh->kex->load_host_public_key=&_ssh_host_public_key;
@@ -117,7 +119,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+# ifdef OPENSSL_HAS_ECC
 		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+# endif
 #endif /* WITH_OPENSSL */
 		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 		ssh->kex->verify_host_key =&_ssh_verify_host_key;

sshconnect2.c

@@ -213,7 +213,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+# ifdef OPENSSL_HAS_ECC
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+# endif
 #endif
 	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 	kex->client_version_string=client_version_string;

sshd.c

@@ -2570,7 +2570,9 @@ do_ssh2_kex(void)
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+# ifdef OPENSSL_HAS_ECC
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+# endif
 #endif
 	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 	kex->server = 1;