From 9b47b083ca9d866249ada9f02dbd57c87b13806e Mon Sep 17 00:00:00 2001
From: Manoj Ampalam <manojamp@microsoft.com>
Date: Thu, 8 Nov 2018 22:41:59 -0800
Subject: Fix error message w/out nistp521.

Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
---
 ssh-keygen.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ssh-keygen.c')

diff --git a/ssh-keygen.c b/ssh-keygen.c
index e9f405847..416d25be0 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -243,7 +243,11 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
 	case KEY_ECDSA:
 		if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
 			fatal("Invalid ECDSA key length: valid lengths are "
+#ifdef OPENSSL_HAS_NISTP521
 			    "256, 384 or 521 bits");
+#else
+			    "256 or 384 bits");
+#endif
 	}
 #endif
 }
-- 
cgit v1.2.3