int
get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
const char *info_sec_param, int warn)
{
int bits;
if (info_bits != 0) {
static int warned = 0;
if (warned == 0 && warn != 0) {
warned = 1;
fprintf(stderr,
"** Note: Please use the --sec-param instead of --bits\n");
}
bits = info_bits;
} else {
if (info_sec_param) {
bits =
gnutls_sec_param_to_pk_bits(key_type,
str_to_sec_param
(info_sec_param));
} else
bits =
gnutls_sec_param_to_pk_bits(key_type,
GNUTLS_SEC_PARAM_NORMAL);
}
return bits;
}
int
get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
const char *info_sec_param, int warn)
{
int bits;
if (info_bits != 0) {
static int warned = 0;
if (warned == 0 && warn != 0 && GNUTLS_BITS_ARE_CURVE(info_bits)==0) {
warned = 1;
fprintf(stderr,
"** Note: You may use '--sec-param %s' instead of '--bits %d'\n",
bits_to_sp(key_type, info_bits), info_bits);
}
bits = info_bits;
} else {
if (info_sec_param == 0) {
/* For ECDSA keys use 256 bits or better, as they are widely supported */
info_sec_param = "HIGH";
}
bits =
gnutls_sec_param_to_pk_bits(key_type,
str_to_sec_param
(info_sec_param));
}
return bits;
}