From 6d1416d0068f74d519c00c34985934a40d0d32bd Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 14 May 2024 14:17:16 -0400
Subject: [PATCH 1/5] addressing PR comments

---
 wolfcrypt/src/kdf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index 9fc56762b0..30046f5330 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -571,7 +571,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
         (void)heap;
         /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen +
          * labellen + infolen */
-        len = (size_t)4 + protocolLen + labelLen + infoLen;
+        len = 4U + protocolLen + labelLen + infoLen;
 
         data = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (data == NULL)

From 35ef7f4093144f2abd06dce776718fe797fda5fa Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 May 2024 15:16:24 -0400
Subject: [PATCH 2/5] There is no default defined. Expected to be unset

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 353110418b..b566d04ff7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8308,7 +8308,7 @@ fi
 AC_ARG_WITH([max-ecc-bits],
     [AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
     [WITH_MAX_ECC_BITS=$withval],
-    [WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"])
+    )
 
 if test -n "$WITH_MAX_ECC_BITS"; then
    if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then

From b83d8f0cf609fb52b786b258e68e768358be6dd8 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 May 2024 15:19:13 -0400
Subject: [PATCH 3/5] Make sure MAX_ECC_BITS >= MIN_ECC_BITS

---
 configure.ac | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/configure.ac b/configure.ac
index b566d04ff7..f6edabdb8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10011,3 +10011,10 @@ if test "$MINGW_LIB_WARNING" = "yes"
 then
     AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
 fi
+
+if test -n "$WITH_MAX_ECC_BITS"; then
+    if test "$WITH_MAX_ECC_BITS" -lt "$ENABLED_ECCMINSZ"; then
+        AC_MSG_ERROR([--with-max-ecc-bits argument ($WITH_MAX_ECC_BITS) must be greater than --with-eccminsz argument ($ENABLED_ECCMINSZ)])
+    fi
+fi
+

From 0eb11ff4661ecbc9b39d8682d8682ab91f9bdc5e Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 May 2024 15:19:42 -0400
Subject: [PATCH 4/5] Standard way to set defaults

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index f6edabdb8b..699b1ccab1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3755,13 +3755,13 @@ then
 fi
 
 # ECC Minimum Key Size
-ENABLED_ECCMINSZ=224
 AC_ARG_WITH([eccminsz],
     [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])],
     [
         ENABLED_ECCMINSZ=$withval
         AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval"
-    ]
+    ],
+    [ ENABLED_ECCMINSZ=224 ]
 )
 
 # Compressed Key

From 412447ac416ce76ba2a9bebbea8917258ed4c81e Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 May 2024 16:54:55 -0400
Subject: [PATCH 5/5] Enable OPTION_CHECKING by default

This should halt `./configure` when an option is passed that is not recognized.
---
 configure.ac | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configure.ac b/configure.ac
index 699b1ccab1..ead308df4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -100,6 +100,9 @@ else
     REPRODUCIBLE_BUILD_DEFAULT=no
 fi
 
+# Fail when an option is passed that is not recognized
+m4_divert_once([DEFAULTS], [enable_option_checking=fatal])
+
 # Allow experimental settings
 AC_ARG_ENABLE([experimental],
     [AS_HELP_STRING([--enable-experimental],[Allow experimental settings in the configuration (default: disabled)])],