diff --git a/cipher/rsa.c b/cipher/rsa.c index c4d5161cf..5efab1d6f 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -452,6 +452,9 @@ int rsa_sign( int algo, MPI *resarr, MPI data, MPI *skey ) { RSA_secret_key sk; + RSA_public_key pk; + MPI cres; + int rc; if( algo != 1 && algo != 3 ) return G10ERR_PUBKEY_ALGO; @@ -465,7 +468,15 @@ rsa_sign( int algo, MPI *resarr, MPI data, MPI *skey ) resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.n ) ); secret( resarr[0], data, &sk ); - return 0; + /* Check for a failure in secret(). */ + cres = mpi_alloc ( mpi_nlimb_hint_from_nbits (160) ); + pk.n = sk.n; + pk.e = sk.e; + public (cres, resarr[0], &pk); + rc = mpi_cmp (cres, data)? G10ERR_BAD_SIGN : 0; + mpi_free (cres); + + return rc; } int diff --git a/doc/gpg.texi b/doc/gpg.texi index 2797fffc0..27ae18c76 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1625,12 +1625,7 @@ can be done if someone else has write access to your public keyring. @item --no-sig-create-check @opindex no-sig-create-check -GnuPG normally verifies each signature right after creation to protect -against bugs and hardware malfunctions which could leak out bits from -the secret key. This extra verification needs some time (about 115% -for DSA keys), and so this option can be used to disable it. -However, due to the fact that the signature creation needs manual -interaction, this performance penalty does not matter in most settings. +This options is obsolete. It has no function. @item --auto-check-trustdb @itemx --no-auto-check-trustdb diff --git a/g10/gpg.c b/g10/gpg.c index 544c576db..3f0d3059a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -336,7 +336,6 @@ enum cmd_and_opt_values oNoExpensiveTrustChecks, oFixedListMode, oNoSigCache, - oNoSigCreateCheck, oAutoCheckTrustDB, oNoAutoCheckTrustDB, oPreservePermissions, @@ -673,7 +672,7 @@ static ARGPARSE_OPTS opts[] = { { oAutoKeyRetrieve, "auto-key-retrieve", 0, "@" }, { oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" }, { oNoSigCache, "no-sig-cache", 0, "@" }, - { oNoSigCreateCheck, "no-sig-create-check", 0, "@" }, + { oNoop, "no-sig-create-check", 0, "@" }, { oAutoCheckTrustDB, "auto-check-trustdb", 0, "@"}, { oNoAutoCheckTrustDB, "no-auto-check-trustdb", 0, "@"}, { oMergeOnly, "merge-only", 0, "@" }, @@ -2716,7 +2715,6 @@ main (int argc, char **argv ) disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) ); break; case oNoSigCache: opt.no_sig_cache = 1; break; - case oNoSigCreateCheck: opt.no_sig_create_check = 1; break; case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break; case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break; case oAllowFreeformUID: opt.allow_freeform_uid = 1; break; diff --git a/g10/options.h b/g10/options.h index dad598050..f3543b18a 100644 --- a/g10/options.h +++ b/g10/options.h @@ -194,7 +194,6 @@ struct int try_all_secrets; int no_expensive_trust_checks; int no_sig_cache; - int no_sig_create_check; int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; diff --git a/g10/sign.c b/g10/sign.c index 6587a6070..ed8ac7328 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -291,10 +291,11 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, mpi_free(frame); } - if (!rc && !opt.no_sig_create_check) { - /* check that the signature verification worked and nothing is - * fooling us e.g. by a bug in the signature create - * code or by deliberately introduced faults. */ + if (!rc && is_DSA (sk->pubkey_algo)) { + /* Check that the signature verification worked and nothing is + * fooling us e.g. by a bug in the signature create code or by + * deliberately introduced faults. We don't do this for RSA + * because that is done at a lower layer. */ PKT_public_key *pk = xmalloc_clear (sizeof *pk); if( get_pubkey( pk, sig->keyid ) )