make no-dh work

Reviewed-by: Richard Levitte <levitte@openssl.org>

5 files changed, 18 insertions, 6 deletions

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 0c1dfc57d7..f4559fa70f 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1381,13 +1381,14 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx,
         }
         break;
 #endif
-
+#ifndef OPENSSL_NO_DH
     case SSL_SECOP_OTHER_DH:
         {
             DH *dh = other;
             BIO_printf(sdb->out, "%d", BN_num_bits(dh->p));
             break;
         }
+#endif
     case SSL_SECOP_OTHER_CERT:
         {
             if (cert_md) {
diff --git a/apps/s_server.c b/apps/s_server.c
index 9e4a18636d..8e15f5b63d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -973,7 +973,10 @@ int s_server_main(int argc, char *argv[])
     X509 *s_cert = NULL, *s_dcert = NULL;
     X509_VERIFY_PARAM *vpm = NULL;
     char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
-    char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
+#ifndef OPENSSL_NO_DH
+    char *dhfile = NULL;
+#endif
+    char *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
     char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
     char *crl_file = NULL, *prog;
 #ifndef OPENSSL_NO_PSK
@@ -986,7 +989,10 @@ int s_server_main(int argc, char *argv[])
     int (*server_cb) (char *hostname, int s, int stype,
                       unsigned char *context);
     int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
-    int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0, ret = 1;
+#ifndef OPENSSL_NO_DH
+    int no_dhe = 0;
+#endif
+    int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1;
     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
     int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
     int rev = 0, naccept = -1, sdebug = 0, socket_type = SOCK_STREAM;
@@ -1119,7 +1125,9 @@ int s_server_main(int argc, char *argv[])
             s_chain_file = opt_arg();
             break;
         case OPT_DHPARAM:
+#ifndef OPENSSL_NO_DH
             dhfile = opt_arg();
+#endif
             break;
         case OPT_DCERTFORM:
             if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format))
@@ -1272,7 +1280,9 @@ int s_server_main(int argc, char *argv[])
             no_tmp_rsa = 1;
             break;
         case OPT_NO_DHE:
+#ifndef OPENSSL_NO_DH
             no_dhe = 1;
+#endif
             break;
         case OPT_NO_ECDHE:
             no_ecdhe = 1;
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 3a7282f740..34f9fb0af8 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -56,11 +56,11 @@
  *
  */
 
-#include <openssl/dh.h>
 #include "bn_lcl.h"
 #include "e_os.h"
 
 #ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
 /* DH parameters from RFC5114 */
 
 # if BN_BITS2 == 64
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 72a8c1a453..ae730e5354 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -61,7 +61,6 @@
 #include <stdlib.h>
 #include "internal/cryptlib.h"
 #include <openssl/cmac.h>
-#include <openssl/dh.h>
 #include <openssl/dsa.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 079a4b2e55..5445311e66 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -13,7 +13,7 @@ setup("test_cms");
 
 my $smdir    = top_dir("test", "smime-certs");
 my $smcont   = top_file("test", "smcont.txt");
-my ($no_ec, $no_ec2m, $no_zlib) = disabled qw/ec ec2m zlib/;
+my ($no_dh, $no_ec, $no_ec2m, $no_zlib) = disabled qw/dh ec ec2m zlib/;
 
 plan tests => 4;
 
@@ -470,5 +470,7 @@ sub check_availability {
 	if ($no_ec && $tnam =~ /ECDH/);
     return "$tnam: skipped, EC2M disabled\n"
 	if ($no_ec2m && $tnam =~ /K-283/);
+    return "$tnam: skipped, DH disabled\n"
+	if ($no_dh && $tnam =~ /X9\.42/);
     return "";
 }