gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check. * g10/options.h (struct opt): Remove field no_sig_create_check. * g10/sign.c (do_sign): Always check unless it is RSA and we are using Libgcrypt 1.7. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-09-01 00:07:24 +02:00 · 2015-09-01 00:07:24 +02:00 · f9c83d84e7
commit f9c83d84e7
parent 99c9bf7def
4 changed files with 7 additions and 15 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -337,7 +337,6 @@ enum cmd_and_opt_values
    oFixedListMode,
    oLegacyListMode,
    oNoSigCache,
-    oNoSigCreateCheck,
    oAutoCheckTrustDB,
    oNoAutoCheckTrustDB,
    oPreservePermissions,
@ -727,7 +726,6 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
  ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
  ARGPARSE_s_n (oNoSigCache,         "no-sig-cache", "@"),
-  ARGPARSE_s_n (oNoSigCreateCheck,   "no-sig-create-check", "@"),
  ARGPARSE_s_n (oMergeOnly,	  "merge-only", "@" ),
  ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
  ARGPARSE_s_n (oTryAllSecrets,  "try-all-secrets", "@"),
@ -2990,7 +2988,6 @@ main (int argc, char **argv)
            }
            break;
          case oNoSigCache: opt.no_sig_cache = 1; break;
-          case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
 	  case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
 	  case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
 	  case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
--- a/g10/options.h
+++ b/g10/options.h
@ -191,7 +191,6 @@ struct
  int try_all_secrets;
  int no_expensive_trust_checks;
  int no_sig_cache;
-  int no_sig_create_check;
  int no_auto_check_trustdb;
  int preserve_permissions;
  int no_homedir_creation;
--- a/g10/sign.c
+++ b/g10/sign.c
@ -294,8 +294,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,

  /* Check that the signature verification worked and nothing is
   * fooling us e.g. by a bug in the signature create code or by
-   * deliberately introduced faults.  */
-  if (!err && !opt.no_sig_create_check)
+   * deliberately introduced faults.  Because Libgcrypt 1.7 does this
+   * for RSA internally there is no need to do it here again.  */
+  if (!err
+#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
+        && !is_RSA (pksk->pubkey_algo)
+#endif /* Libgcrypt >= 1.7 */
+      )
    {
      PKT_public_key *pk = xmalloc_clear (sizeof *pk);