Obsolete option --no-sig-create-check.

* cipher/rsa.c (rsa_sign): Verify after sign. * g10/gpg.c (opts): Make --no-sig-create-check a NOP. * g10/options.h (opt): Remove field "no_sig_create_check". * g10/sign.c (do_sign): Do check only for DSA. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-08-31 23:55:16 +02:00 · 2015-08-31 23:55:16 +02:00 · ae61f01523
commit ae61f01523
parent ae38cbbca4
5 changed files with 19 additions and 15 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -336,7 +336,6 @@ enum cmd_and_opt_values
    oNoExpensiveTrustChecks,
    oFixedListMode,
    oNoSigCache,
-    oNoSigCreateCheck,
    oAutoCheckTrustDB,
    oNoAutoCheckTrustDB,
    oPreservePermissions,
@ -673,7 +672,7 @@ static ARGPARSE_OPTS opts[] = {
    { oAutoKeyRetrieve, "auto-key-retrieve", 0, "@" },
    { oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
    { oNoSigCache,         "no-sig-cache", 0, "@" },
-    { oNoSigCreateCheck,   "no-sig-create-check", 0, "@" },
+    { oNoop,               "no-sig-create-check", 0, "@" },
    { oAutoCheckTrustDB, "auto-check-trustdb", 0, "@"},
    { oNoAutoCheckTrustDB, "no-auto-check-trustdb", 0, "@"},
    { oMergeOnly,	  "merge-only", 0, "@" },
@ -2716,7 +2715,6 @@ main (int argc, char **argv )
 		disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) );
 		break;
          case oNoSigCache: opt.no_sig_cache = 1; break;
-          case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
 	  case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
 	  case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
 	  case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
--- a/g10/options.h
+++ b/g10/options.h
@ -194,7 +194,6 @@ struct
  int try_all_secrets;
  int no_expensive_trust_checks;
  int no_sig_cache;
-  int no_sig_create_check;
  int no_auto_check_trustdb;
  int preserve_permissions;
  int no_homedir_creation;
--- a/g10/sign.c
+++ b/g10/sign.c
@ -291,10 +291,11 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
        mpi_free(frame);
      }

-    if (!rc && !opt.no_sig_create_check) {
-        /* check that the signature verification worked and nothing is
-         * fooling us e.g. by a bug in the signature create
-         * code or by deliberately introduced faults. */
+    if (!rc && is_DSA (sk->pubkey_algo)) {
+        /* Check that the signature verification worked and nothing is
+         * fooling us e.g. by a bug in the signature create code or by
+         * deliberately introduced faults.  We don't do this for RSA
+         * because that is done at a lower layer.  */
        PKT_public_key *pk = xmalloc_clear (sizeof *pk);

        if( get_pubkey( pk, sig->keyid ) )