openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves
authorTobias Brunner <tobias@strongswan.org>
Sat, 10 Dec 2016 11:26:31 +0000 (12:26 +0100)
committerTobias Brunner <tobias@strongswan.org>
Sat, 10 Dec 2016 11:27:47 +0000 (12:27 +0100)
src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c

index 11d6e8e..11185e0 100644 (file)
@@ -327,9 +327,12 @@ METHOD(diffie_hellman_t, destroy, void,
 /**
  * ECC Brainpool curves are not available in OpenSSL releases < 1.0.2, but we
  * don't check the version in case somebody backported them.
+ *
+ * BoringSSL defines the constants but not the curves.
  */
 #if (!defined(NID_brainpoolP224r1) || !defined(NID_brainpoolP256r1) || \
-        !defined(NID_brainpoolP384r1) || !defined(NID_brainpoolP512r1))
+        !defined(NID_brainpoolP384r1) || !defined(NID_brainpoolP512r1) || \
+        defined(OPENSSL_IS_BORINGSSL))
 
 /**
  * Parameters for ECC Brainpool curves