ENABLE_BRAINPOOL not working with CRYPTO_BACKEND=openssl

[juippis]

Description

For whatever reason if I try to compile ENABLE_BRAINPOOL with CRYPTO_BACKEND=openssl the build errors out with:

...
-- Looking for OpenSSL feature SECP384R1
-- Looking for OpenSSL feature SECP384R1 - found
-- Looking for OpenSSL feature SECP521R1
-- Looking for OpenSSL feature SECP521R1 - found
-- Looking for OpenSSL feature SECP256K1
-- Looking for OpenSSL feature SECP256K1 - found
-- Looking for OpenSSL feature RSAENCRYPTION
-- Looking for OpenSSL feature RSAENCRYPTION - found
-- Looking for OpenSSL feature DSAENCRYPTION
-- Looking for OpenSSL feature DSAENCRYPTION - found
-- Looking for OpenSSL feature DHKEYAGREEMENT
-- Looking for OpenSSL feature DHKEYAGREEMENT - found
-- Looking for OpenSSL feature ID-ECPUBLICKEY
-- Looking for OpenSSL feature ID-ECPUBLICKEY - found
-- Looking for OpenSSL feature X25519
-- Looking for OpenSSL feature X25519 - found
-- Looking for OpenSSL feature ED25519
-- Looking for OpenSSL feature ED25519 - found
CMake Error at src/lib/CMakeLists.txt:100 (message):
  ENABLE_BRAINPOOL requires openssl feature which is missing:
  BRAINPOOLP256R1.  Aborting.
Call Stack (most recent call first):
  src/lib/CMakeLists.txt:183 (resolve_feature_state)

But if I check openssl ecparam -list_curves | grep -i brainpool I get:

  brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
  brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
  brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
  brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
  brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
  brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
  brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
  brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
  brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
  brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
  brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
  brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
  brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
  brainpoolP512t1: RFC 5639 curve over a 512 bit prime field

So it should be available?

Steps to Reproduce

1. -DCRYPTO_BACKEND=openssl -DENABLE_BRAINPOOL=on
2. build

Expected Behavior

My understanding is that brainpool should be supported and the proper support is enabled in my system.

Actual Behavior

Build failed.

[ni4]

@juippis Thanks for reporting! It doesn't work correctly indeed, something messed up in CMakeLists. Looks like it was introduced via the PR #1875 . We'll fix it and release v0.16.2 ASAP, as we have another CMake issue as well.