gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check. * g10/options.h (struct opt): Remove field no_sig_create_check. * g10/sign.c (do_sign): Always check unless it is RSA and we are using Libgcrypt 1.7. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2015-09-01 00:07:24 +02:00 · 2015-09-01 00:07:24 +02:00 · f9c83d84e7
commit f9c83d84e7
parent 99c9bf7def
4 changed files with 7 additions and 15 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1629,15 +1629,6 @@ modifications, you can use this option to disable the caching. It
 probably does not make sense to disable it because all kind of damage
 can be done if someone else has write access to your public keyring.

-@item --no-sig-create-check
-@opindex no-sig-create-check
-GnuPG normally verifies each signature right after creation to protect
-against bugs and hardware malfunctions which could leak out bits from
-the secret key. This extra verification needs some time (about 115%
-for DSA keys), and so this option can be used to disable it.
-However, due to the fact that the signature creation needs manual
-interaction, this performance penalty does not matter in most settings.
-
@item --auto-check-trustdb
@itemx --no-auto-check-trustdb
@opindex auto-check-trustdb
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -337,7 +337,6 @@ enum cmd_and_opt_values
    oFixedListMode,
    oLegacyListMode,
    oNoSigCache,
-    oNoSigCreateCheck,
    oAutoCheckTrustDB,
    oNoAutoCheckTrustDB,
    oPreservePermissions,
@ -727,7 +726,6 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
  ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
  ARGPARSE_s_n (oNoSigCache,         "no-sig-cache", "@"),
-  ARGPARSE_s_n (oNoSigCreateCheck,   "no-sig-create-check", "@"),
  ARGPARSE_s_n (oMergeOnly,	  "merge-only", "@" ),
  ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
  ARGPARSE_s_n (oTryAllSecrets,  "try-all-secrets", "@"),
@ -2990,7 +2988,6 @@ main (int argc, char **argv)
            }
            break;
          case oNoSigCache: opt.no_sig_cache = 1; break;
-          case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
 	  case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
 	  case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
 	  case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
--- a/g10/options.h
+++ b/g10/options.h
@ -191,7 +191,6 @@ struct
  int try_all_secrets;
  int no_expensive_trust_checks;
  int no_sig_cache;
-  int no_sig_create_check;
  int no_auto_check_trustdb;
  int preserve_permissions;
  int no_homedir_creation;
--- a/g10/sign.c
+++ b/g10/sign.c
@ -294,8 +294,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,

  /* Check that the signature verification worked and nothing is
   * fooling us e.g. by a bug in the signature create code or by
-   * deliberately introduced faults.  */
-  if (!err && !opt.no_sig_create_check)
+   * deliberately introduced faults.  Because Libgcrypt 1.7 does this
+   * for RSA internally there is no need to do it here again.  */
+  if (!err
+#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
+        && !is_RSA (pksk->pubkey_algo)
+#endif /* Libgcrypt >= 1.7 */
+      )
    {
      PKT_public_key *pk = xmalloc_clear (sizeof *pk);