common: Improve checking for compliance with CO_DE_VS.
authorJustus Winter <justus@g10code.com>
Thu, 1 Jun 2017 09:56:42 +0000 (11:56 +0200)
committerJustus Winter <justus@g10code.com>
Thu, 1 Jun 2017 10:26:17 +0000 (12:26 +0200)
* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
sizes are compliant.

Signed-off-by: Justus Winter <justus@g10code.com>
common/compliance.c

index 73c7ad7..c0b6984 100644 (file)
@@ -86,7 +86,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
           break;
 
         case is_rsa:
-          result = (keylength >= 2048);
+          result = (keylength == 2048
+                    || keylength == 3072
+                    || keylength == 4096);
           break;
 
         case is_ecc: