diff options
| -rw-r--r-- | sm/certcheck.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/sm/certcheck.c b/sm/certcheck.c index 3604ac788..cf9495a58 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -77,12 +77,15 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC) { - unsigned int qbits; + unsigned int qbits0, qbits; if ( pkalgo == GCRY_PK_ECC ) - qbits = gcry_pk_get_nbits (pkey); + { + qbits0 = gcry_pk_get_nbits (pkey); + qbits = qbits0 == 521? 512 : qbits; + } else - qbits = get_dsa_qbits (pkey); + qbits0 = qbits = get_dsa_qbits (pkey); if ( (qbits%8) ) { @@ -99,7 +102,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, if (qbits < 160) { log_error (_("%s key uses an unsafe (%u bit) hash\n"), - gcry_pk_algo_name (pkalgo), qbits); + gcry_pk_algo_name (pkalgo), qbits0); return gpg_error (GPG_ERR_INTERNAL); } @@ -110,7 +113,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, { log_error (_("a %u bit hash is not valid for a %u bit %s key\n"), (unsigned int)nframe*8, - gcry_pk_get_nbits (pkey), + qbits0, gcry_pk_algo_name (pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ if (nframe < 20 || pkalgo == GCRY_PK_DSA ) |