diff --git a/configure.ac b/configure.ac
index 958e1a6..ba7e8dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,7 +58,15 @@ if test "$hardenbuild" -eq 1; then
 	LDFLAGS="$LDFLAGS $TESTFLAGS"
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
 	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+		[
+			LDFLAGS="$OLDLDFLAGS"
+			TESTFLAGS="-pie"
+			LDFLAGS="$LDFLAGS $TESTFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+				[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+				)
+		]
 	    )
 	# readonly elf relocation sections (relro)
 	OLDLDFLAGS="$LDFLAGS"
diff --git a/dss.c b/dss.c
index 91412ae..00899cf 100644
--- a/dss.c
+++ b/dss.c
@@ -61,16 +61,14 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 		goto out;
 	}
 
-	if (mp_count_bits(key->p) < DSS_P_BITS) {
+	if (mp_count_bits(key->p) != DSS_P_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS p");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}
 
-	if (mp_count_bits(key->q) < DSS_Q_BITS) {
+	if (mp_count_bits(key->q) != DSS_Q_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS q");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}