From 7cc42d446e6554aab2747e5cf95acf394f90cf32 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 3 Jul 2024 11:20:51 -0400 Subject: [PATCH] Update the true minimum ECC key size default The discrepancy shows up when trying to compile with FIPS --- configure.ac | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 9b2d8c8d4a..247d84f296 100644 --- a/configure.ac +++ b/configure.ac @@ -3979,9 +3979,16 @@ fi # ECC Minimum Key Size AC_ARG_WITH([eccminsz], - [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])], + [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits non-FIPS / 192 bits with FIPS)])], [ ENABLED_ECCMINSZ=$withval ], - [ ENABLED_ECCMINSZ=224 ] + [ + if test "x$ENABLED_FIPS" = "xno" + then + ENABLED_ECCMINSZ=224 + else + ENABLED_ECCMINSZ=192 + fi + ] ) AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ"