From 3b70f62423041e614332b90d782576ee6868a030 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Thu, 1 Jun 2017 11:56:42 +0200
Subject: [PATCH] common: Improve checking for compliance with CO_DE_VS.

* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
sizes are compliant.

Signed-off-by: Justus Winter <justus@g10code.com>
---
 common/compliance.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/common/compliance.c b/common/compliance.c
index 73c7ad724..c0b69843b 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -86,7 +86,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
           break;
 
         case is_rsa:
-          result = (keylength >= 2048);
+          result = (keylength == 2048
+                    || keylength == 3072
+                    || keylength == 4096);
           break;
 
         case is_ecc: