mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-24 15:17:02 +01:00
gpg: Obsolete --no-sig-create-check.
* g10/gpg.c (opts): Make --no-sig-create-check a NOP. * g10/options.h (struct opt): Remove field "no_sig_create_check". * g10/sign.c (do_sign): Do not run the create check for Libgcrypt 1.7. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
80521c3ff9
commit
60b0403f3c
@ -1719,12 +1719,7 @@ can be done if someone else has write access to your public keyring.
|
|||||||
|
|
||||||
@item --no-sig-create-check
|
@item --no-sig-create-check
|
||||||
@opindex no-sig-create-check
|
@opindex no-sig-create-check
|
||||||
GnuPG normally verifies each signature right after creation to protect
|
This option is obsolete. It has no function.
|
||||||
against bugs and hardware malfunctions which could leak out bits from
|
|
||||||
the secret key. This extra verification needs some time (about 115%
|
|
||||||
for DSA keys), and so this option can be used to disable it.
|
|
||||||
However, due to the fact that the signature creation needs manual
|
|
||||||
interaction, this performance penalty does not matter in most settings.
|
|
||||||
|
|
||||||
@item --auto-check-trustdb
|
@item --auto-check-trustdb
|
||||||
@itemx --no-auto-check-trustdb
|
@itemx --no-auto-check-trustdb
|
||||||
|
@ -331,7 +331,6 @@ enum cmd_and_opt_values
|
|||||||
oNoExpensiveTrustChecks,
|
oNoExpensiveTrustChecks,
|
||||||
oFixedListMode,
|
oFixedListMode,
|
||||||
oNoSigCache,
|
oNoSigCache,
|
||||||
oNoSigCreateCheck,
|
|
||||||
oAutoCheckTrustDB,
|
oAutoCheckTrustDB,
|
||||||
oNoAutoCheckTrustDB,
|
oNoAutoCheckTrustDB,
|
||||||
oPreservePermissions,
|
oPreservePermissions,
|
||||||
@ -697,7 +696,6 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
|
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
|
||||||
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
|
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
|
||||||
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
|
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
|
||||||
ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
|
|
||||||
ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
|
ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
|
||||||
ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
|
ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
|
||||||
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
|
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
|
||||||
@ -776,6 +774,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
/* Dummy options. */
|
/* Dummy options. */
|
||||||
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
|
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
|
||||||
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
|
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "no-sig-create-check", "@"),
|
||||||
|
|
||||||
ARGPARSE_end ()
|
ARGPARSE_end ()
|
||||||
};
|
};
|
||||||
@ -2816,7 +2815,6 @@ main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case oNoSigCache: opt.no_sig_cache = 1; break;
|
case oNoSigCache: opt.no_sig_cache = 1; break;
|
||||||
case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
|
|
||||||
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
|
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
|
||||||
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
|
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
|
||||||
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
|
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
|
||||||
|
@ -194,7 +194,6 @@ struct
|
|||||||
int try_all_secrets;
|
int try_all_secrets;
|
||||||
int no_expensive_trust_checks;
|
int no_expensive_trust_checks;
|
||||||
int no_sig_cache;
|
int no_sig_cache;
|
||||||
int no_sig_create_check;
|
|
||||||
int no_auto_check_trustdb;
|
int no_auto_check_trustdb;
|
||||||
int preserve_permissions;
|
int preserve_permissions;
|
||||||
int no_homedir_creation;
|
int no_homedir_creation;
|
||||||
|
13
g10/sign.c
13
g10/sign.c
@ -291,10 +291,16 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
gcry_mpi_release (frame);
|
gcry_mpi_release (frame);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!rc && !opt.no_sig_create_check) {
|
if (!rc
|
||||||
|
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
|
||||||
|
&& is_DSA (sk->pubkey_algo)
|
||||||
|
#endif /* Libgcrypt >= 1.7 */
|
||||||
|
)
|
||||||
|
{
|
||||||
/* Check that the signature verification worked and nothing is
|
/* Check that the signature verification worked and nothing is
|
||||||
* fooling us e.g. by a bug in the signature create
|
* fooling us e.g. by a bug in the signature creation code or by
|
||||||
* code or by deliberately introduced faults. */
|
* deliberately introduced faults. Libgcrypt 1.7 includes
|
||||||
|
* this check for RSA and thus we don't need it in that case. */
|
||||||
PKT_public_key *pk = xmalloc_clear (sizeof *pk);
|
PKT_public_key *pk = xmalloc_clear (sizeof *pk);
|
||||||
|
|
||||||
if( get_pubkey( pk, sig->keyid ) )
|
if( get_pubkey( pk, sig->keyid ) )
|
||||||
@ -312,6 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
g10_errstr (rc));
|
g10_errstr (rc));
|
||||||
free_public_key (pk);
|
free_public_key (pk);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( rc )
|
if( rc )
|
||||||
log_error(_("signing failed: %s\n"), g10_errstr(rc) );
|
log_error(_("signing failed: %s\n"), g10_errstr(rc) );
|
||||||
else {
|
else {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user