* packet.h, build-packet.c (build_sig_subpkt), export.c

(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.

1 files changed, 14 insertions, 21 deletions

diff --git a/g10/encode.c b/g10/encode.c
index a7396c98c..8a0766674 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -165,7 +165,7 @@ encode_simple( const char *filename, int mode, int compat )
     compress_filter_context_t zfx;
     text_filter_context_t tfx;
     progress_filter_context_t pfx;
-    int do_compress = opt.compress && !opt.rfc1991;
+    int do_compress = opt.compress && !RFC1991;
 
     memset( &cfx, 0, sizeof cfx);
     memset( &afx, 0, sizeof afx);
@@ -188,13 +188,13 @@ encode_simple( const char *filename, int mode, int compat )
     /* Due the the fact that we use don't use an IV to encrypt the
        session key we can't use the new mode with RFC1991 because
        it has no S2K salt. RFC1991 always uses simple S2K. */
-    if ( opt.rfc1991 && !compat )
+    if ( RFC1991 && !compat )
         compat = 1;
     
     cfx.dek = NULL;
     if( mode ) {
 	s2k = m_alloc_clear( sizeof *s2k );
-	s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
+	s2k->mode = RFC1991? 0:opt.s2k_mode;
 	s2k->hash_algo = opt.s2k_digest_algo;
 	cfx.dek = passphrase_to_dek( NULL, 0,
 				     default_cipher_algo(), s2k, 2,
@@ -247,7 +247,7 @@ encode_simple( const char *filename, int mode, int compat )
 	    write_comment( out, opt.comment_string );
     }
   #endif
-    if( s2k && !opt.rfc1991 ) {
+    if( s2k && !RFC1991 ) {
 	PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc + seskeylen + 1 );
 	enc->version = 4;
 	enc->cipher_algo = cfx.dek->algo;
@@ -312,7 +312,7 @@ encode_simple( const char *filename, int mode, int compat )
 	pt->timestamp = make_timestamp();
 	pt->mode = opt.textmode? 't' : 'b';
 	pt->len = filesize;
-	pt->new_ctb = !pt->len && !opt.rfc1991;
+	pt->new_ctb = !pt->len && !RFC1991;
 	pt->buf = inp;
 	pkt.pkttype = PKT_PLAINTEXT;
 	pkt.pkt.plaintext = pt;
@@ -391,7 +391,7 @@ encode_crypt( const char *filename, STRLIST remusr )
     text_filter_context_t tfx;
     progress_filter_context_t pfx;
     PK_LIST pk_list,work_list;
-    int do_compress = opt.compress && !opt.rfc1991;
+    int do_compress = opt.compress && !RFC1991;
 
 
     memset( &cfx, 0, sizeof cfx);
@@ -403,15 +403,14 @@ encode_crypt( const char *filename, STRLIST remusr )
     if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;
 
-    if(opt.pgp2) {
+    if(PGP2) {
       for(work_list=pk_list; work_list; work_list=work_list->next)
 	if(!(is_RSA(work_list->pk->pubkey_algo) &&
 	     nbits_from_pk(work_list->pk)<=2048))
 	  {
 	    log_info(_("you can only encrypt to RSA keys of 2048 bits or "
 		       "less in --pgp2 mode\n"));
-	    log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	    opt.pgp2=0;
+	    compliance_failure();
 	    break;
 	  }
     }
@@ -459,11 +458,10 @@ encode_crypt( const char *filename, STRLIST remusr )
 	if( cfx.dek->algo == -1 ) {
 	    cfx.dek->algo = CIPHER_ALGO_3DES;
 
-	    if( opt.pgp2 ) {
+	    if( PGP2 ) {
 	      log_info(_("unable to use the IDEA cipher for all of the keys "
 			 "you are encrypting to.\n"));
-	      log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	      opt.pgp2=0;
+	      compliance_failure();
 	    }
 	}
     }
@@ -545,7 +543,7 @@ encode_crypt( const char *filename, STRLIST remusr )
 	pt->timestamp = make_timestamp();
 	pt->mode = opt.textmode ? 't' : 'b';
 	pt->len = filesize;
-	pt->new_ctb = !pt->len && !opt.rfc1991;
+	pt->new_ctb = !pt->len && !RFC1991;
 	pt->buf = inp;
 	pkt.pkttype = PKT_PLAINTEXT;
 	pkt.pkt.plaintext = pt;
@@ -715,16 +713,11 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 	keyid_from_pk( pk, enc->keyid );
 	enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
 
-	if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
+	if(opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
 	  {
 	    log_info(_("you may not use %s while in %s mode\n"),
-		     "--throw-keyid",
-		     opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
-
-	    log_info(_("this message may not be usable by %s\n"),
-		     opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
-
-	    opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
+		     "--throw-keyid",compliance_option_string());
+	    compliance_failure();
 	  }
 
 	/* Okay, what's going on: We have the session key somewhere in