4 files changed, 17 insertions, 65 deletions

diff --git a/g10/cipher.c b/g10/cipher.c
index 2dc77bff6..f10ce486b 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "options.h"
 #include "main.h"
+#include "../common/i18n.h"
 #include "../common/status.h"
 
 
@@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
     }
   else
     {
-      log_info ("WARNING: "
-                "encrypting without integrity protection is dangerous\n");
+      log_info (_("WARNING: "
+                  "encrypting without integrity protection is dangerous\n"));
+      log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
     }
 
   write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c68d6d5d1..543f1a737 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -109,57 +109,20 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
 }
 
 
-/* We try very hard to use a MDC */
+/* Shall we use the MDC?  Yes - unless rfc-2440 compatibility is
+ * requested. */
 int
 use_mdc (pk_list_t pk_list,int algo)
 {
-  /* RFC-2440 don't has MDC */
-  if (RFC2440)
-    return 0;
+  (void)pk_list;
+  (void)algo;
 
-  /* --force-mdc overrides --disable-mdc */
-  if(opt.force_mdc)
-    return 1;
-
-  if(opt.disable_mdc)
+  /* RFC-2440 don't has MDC - this is the only way to create a legacy
+   * non-MDC encryption packet.  */
+  if (RFC2440)
     return 0;
 
-  /* Do the keys really support MDC? */
-
-  if(select_mdc_from_pklist(pk_list))
-    return 1;
-
-  /* The keys don't support MDC, so now we do a bit of a hack - if any
-     of the AESes or TWOFISH are in the prefs, we assume that the user
-     can handle a MDC.  This is valid for PGP 7, which can handle MDCs
-     though it will not generate them.  2440bis allows this, by the
-     way. */
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
-    return 1;
-
-  /* Last try.  Use MDC for the modern ciphers. */
-
-  if (openpgp_cipher_get_algo_blklen (algo) != 8)
-    return 1;
-
-  if (opt.verbose)
-    warn_missing_mdc_from_pklist (pk_list);
-
-  return 0; /* No MDC */
+  return 1; /* In all other cases we use the MDC */
 }
 
 
diff --git a/g10/gpg.c b/g10/gpg.c
index aeb62aa44..2c181c2cf 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -297,10 +297,6 @@ enum cmd_and_opt_values
     oShowPhotos,
     oNoShowPhotos,
     oPhotoViewer,
-    oForceMDC,
-    oNoForceMDC,
-    oDisableMDC,
-    oNoDisableMDC,
     oS2KMode,
     oS2KDigest,
     oS2KCipher,
@@ -598,11 +594,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oQuiet,	  "quiet",   "@"),
   ARGPARSE_s_n (oNoTTY,   "no-tty",  "@"),
 
-  ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
-  ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
-  ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
-  ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
-
   ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
 
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@@ -910,6 +901,11 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
   ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
   ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
+  ARGPARSE_s_n (oNoop, "force-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+
 
   ARGPARSE_end ()
 };
@@ -2158,7 +2154,6 @@ set_compliance_option (enum cmd_and_opt_values option)
     case oDE_VS:
       set_compliance_option (oOpenPGP);
       opt.compliance = CO_DE_VS;
-      opt.force_mdc = 1;
       /* Fixme: Change other options.  */
       break;
 
@@ -2959,11 +2954,6 @@ main (int argc, char **argv)
 	    break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
 
-	  case oForceMDC: opt.force_mdc = 1; break;
-	  case oNoForceMDC: opt.force_mdc = 0; break;
-	  case oDisableMDC: opt.disable_mdc = 1; break;
-	  case oNoDisableMDC: opt.disable_mdc = 0; break;
-
           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
 
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
@@ -3734,7 +3724,6 @@ main (int argc, char **argv)
       {
         /* That does not anymore work because we have no more support
            for v3 signatures.  */
-	opt.disable_mdc=1;
 	opt.escape_from=1;
 	opt.ask_sig_expire=0;
       }
diff --git a/g10/options.h b/g10/options.h
index 177ba959f..6c672653a 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -91,8 +91,6 @@ struct
   int no_armor;
   int list_packets; /* Option --list-packets active.  */
   int def_cipher_algo;
-  int force_mdc;
-  int disable_mdc;
   int def_digest_algo;
   int cert_digest_algo;
   int compress_algo;