gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check. * g10/options.h (struct opt): Remove field no_sig_create_check. * g10/sign.c (do_sign): Always check unless it is RSA and we are using Libgcrypt 1.7. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2015-08-31 22:07:24 +0000
committer: Werner Koch <[email protected]> 2015-09-01 05:37:12 +0000
commit: f9c83d84e7d33df76898975f5ac852efa9c4882a (patch)
tree: 5245f4744fff3edbbcbc8494db9a780a973f5de0 /g10/sign.c
parent: common: Assume an utf-8 locale on iconv errors. (diff)
download: gnupg-f9c83d84e7d33df76898975f5ac852efa9c4882a.tar.gz
gnupg-f9c83d84e7d33df76898975f5ac852efa9c4882a.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/g10/sign.c b/g10/sign.c
index afc117e7d..7a8d6978e 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -294,8 +294,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
 
   /* Check that the signature verification worked and nothing is
    * fooling us e.g. by a bug in the signature create code or by
-   * deliberately introduced faults.  */
-  if (!err && !opt.no_sig_create_check)
+   * deliberately introduced faults.  Because Libgcrypt 1.7 does this
+   * for RSA internally there is no need to do it here again.  */
+  if (!err
+#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
+        && !is_RSA (pksk->pubkey_algo)
+#endif /* Libgcrypt >= 1.7 */
+      )
     {
       PKT_public_key *pk = xmalloc_clear (sizeof *pk);
author	Werner Koch <[email protected]>	2015-08-31 22:07:24 +0000
committer	Werner Koch <[email protected]>	2015-09-01 05:37:12 +0000
commit	f9c83d84e7d33df76898975f5ac852efa9c4882a (patch)
tree	5245f4744fff3edbbcbc8494db9a780a973f5de0 /g10/sign.c
parent	common: Assume an utf-8 locale on iconv errors. (diff)
download	gnupg-f9c83d84e7d33df76898975f5ac852efa9c4882a.tar.gz gnupg-f9c83d84e7d33df76898975f5ac852efa9c4882a.zip