Add a generic IDEA warning for when the IDEA plugin is not present. This

pops up when the user uses "--cipher-algo idea", when setpref is used to
set a "S1" preference, and when a secret key protected with IDEA is used.

Tweak the --pgp2 mode to use this generic warning.

g10/ChangeLog

@@ -1,3 +1,17 @@
+2001-12-17  David Shaw  <dshaw@jabberwocky.com>
+
+	* encode.c (encode_crypt), sign.c (sign_file, clearsign_file):
+	disable pgp2 mode after the message is no longer pgp2 compatible.
+
+	* g10.c (main): Tweak the PGP2.x IDEA warning to use the generic
+	warning, and not merely fail if the IDEA plugin isn't there.
+
+	* g10.c (main, idea_cipher_warn), keygen.c (set_one_pref),
+	seckey-cert.c (do_check): Add a generic IDEA warning for when the
+	IDEA plugin is not present.  This pops up when the user uses
+	"--cipher-algo idea", when setpref is used to set a "S1"
+	preference, and when a secret key protected with IDEA is used.
+
 2001-12-15  Werner Koch  <wk@gnupg.org>
 
 	* keyserver.c (keyserver_spawn): Assert that we have dropped privs.

g10/encode.c

@@ -268,9 +268,10 @@ encode_crypt( const char *filename, STRLIST remusr )
 	if(!(is_RSA(work_list->pk->pubkey_algo) &&
 	     nbits_from_pk(work_list->pk)<=2048))
 	  {
-	    log_info(_("You can only encrypt to RSA keys of 2048 bits or "
+	    log_info(_("you can only encrypt to RSA keys of 2048 bits or "
 		       "less in --pgp2 mode\n"));
-	    log_info(_("This message will not be usable by PGP 2.x\n"));
+	    log_info(_("this message will not be usable by PGP 2.x\n"));
+	    opt.pgp2=0;
 	    break;
 	  }
     }

g10/g10.c

@@ -1219,11 +1219,66 @@ main( int argc, char **argv )
     set_debug();
     g10_opt_homedir = opt.homedir;
 
+    /* Do this after the switch(), so it can override settings. */
+    if(opt.pgp2)
+      {
+	int unusable=0;
+
+	/* Everything else should work without IDEA (except using a
+	   secret key encrypted with IDEA and setting an IDEA
+	   preference, but those have their own error messages). */
+
+	if(cmd==aSignEncr)
+	  {
+	    log_info(_("you can't sign and encrypt at the "
+		       "same time while in --pgp2 mode\n"));
+	    unusable=1;
+	  }
+
+	if(cmd==aEncr || cmd==aSym)
+	  {
+	    /* We don't have to fail here, since the regular cipher
+               algo check will make us fail later. */
+	    if(check_cipher_algo(CIPHER_ALGO_IDEA))
+	      {
+		log_info(_("encrypting a message in --pgp2 mode requires "
+			   "the IDEA cipher\n"));
+		idea_cipher_warn();
+		unusable=1;
+	      }
+	    else
+	      {
+		m_free(def_cipher_string);
+		def_cipher_string = m_strdup("idea");
+	      }
+	  }
+
+	if(unusable)
+	  {
+	    log_info(_("this message will not be usable by PGP 2.x\n"));
+	    opt.pgp2=0;
+	  }
+	else
+	  {
+	    opt.rfc1991 = 1;
+	    opt.rfc2440 = 0;
+	    opt.force_v4_certs = 0;
+	    opt.no_comment = 1;
+	    opt.escape_from = 1;
+	    opt.force_v3_sigs = 1;
+	    opt.pgp2_workarounds = 1;
+	    m_free(def_digest_string);
+	    def_digest_string = m_strdup("md5");
+	    opt.def_compress_algo = 1;
+	  }
+      }
 
     /* must do this after dropping setuid, because string_to...
      * may try to load an module */
     if( def_cipher_string ) {
 	opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
+	if(opt.def_cipher_algo==0 && strcasecmp(def_cipher_string,"idea")==0)
+	  idea_cipher_warn();
 	m_free(def_cipher_string); def_cipher_string = NULL;
 	if( check_cipher_algo(opt.def_cipher_algo) )
 	    log_error(_("selected cipher algorithm is invalid\n"));
@@ -1273,29 +1328,6 @@ main( int argc, char **argv )
     if (preference_list && keygen_set_std_prefs (preference_list))
         log_error(_("invalid preferences\n"));
 
-    /* Do this after the switch(), so it can override these
-       settings. */
-    if(opt.pgp2)
-      {
-	opt.rfc1991 = 1;
-	opt.rfc2440 = 0;
-	opt.force_v4_certs = 0;
-	opt.no_comment = 1;
-	opt.escape_from = 1;
-	opt.force_v3_sigs = 1;
-	opt.pgp2_workarounds = 1;
-	opt.def_cipher_algo = CIPHER_ALGO_IDEA;
-	if( (cmd==aEncr || cmd==aSym || cmd==aSignEncr)
-            && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
-	  log_info(_("Encrypting a message to a PGP 2.x user requires "
-		     "the IDEA cipher module.\n"));
-	  log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
-		      " for more information.\n"));
-	}
-	opt.def_digest_algo = DIGEST_ALGO_MD5;
-	opt.def_compress_algo = 1;
-      }
-
     if( log_get_errorcount(0) )
 	g10_exit(2);
 
@@ -1415,9 +1447,10 @@ main( int argc, char **argv )
 
       case aEncr: /* encrypt the given file */
 	if( argc == 0 && opt.pgp2 ) {
-	  log_info(_("You must use files (and not a pipe) when "
+	  log_info(_("you must use files (and not a pipe) when "
 		     "encrypting with --pgp2 enabled.\n"));
-	  log_info(_("This message will not be usable by PGP 2.x\n"));
+	  log_info(_("this message will not be usable by PGP 2.x\n"));
+	  opt.pgp2=0;
 	}
 
 	if( argc > 1 )
@@ -1448,10 +1481,6 @@ main( int argc, char **argv )
       case aSignEncr: /* sign and encrypt the given file */
 	if( argc > 1 )
 	    wrong_args(_("--sign --encrypt [filename]"));
-        if(opt.pgp2) {
-	  log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n"));
-	  log_info(_("This message will not be usable by PGP 2.x\n"));
-	}
 	if( argc ) {
 	    sl = m_alloc_clear( sizeof *sl + strlen(fname));
 	    strcpy(sl->d, fname);
@@ -2111,6 +2140,15 @@ check_policy_url( const char *s )
     return 0;
 }
 
+/* Special warning for the IDEA cipher */
+void
+idea_cipher_warn(void)
+{
+  log_info("the IDEA cipher plugin is not present\n");
+  log_info("please see http://www.gnupg.org/why-not-idea.html "
+	   "for more information\n");
+}
+
 const char *
 get_temp_dir(void)
 {

g10/keygen.c

@@ -177,6 +177,8 @@ set_one_pref (ulong val, int type, int (*cf)(int), byte *buf, int *nbuf)
 
     if (cf (val)) {
         log_info (_("preference %c%lu is not valid\n"), type, val);
+	if(type=='S' && val==CIPHER_ALGO_IDEA)
+	  idea_cipher_warn();
         return -1;
     }
     for (i=0; i < *nbuf; i++ ) {

g10/main.h

@@ -48,6 +48,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note( int algo );
 void print_cipher_algo_note( int algo );
 void print_digest_algo_note( int algo );
+void idea_cipher_warn(void);
 const char *get_temp_dir(void);
 
 /*-- armor.c --*/

g10/seckey-cert.c

@@ -56,8 +56,9 @@ do_check( PKT_secret_key *sk )
 	if( sk->protect.algo == CIPHER_ALGO_NONE )
 	    BUG();
 	if( check_cipher_algo( sk->protect.algo ) ) {
-	    log_info(_("protection algorithm %d is not supported\n"),
-			sk->protect.algo );
+	    log_info(_("protection algorithm %d%s is not supported\n"),
+			sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
+	    idea_cipher_warn();
 	    return G10ERR_CIPHER_ALGO;
 	}
 	keyid_from_sk( sk, keyid );

g10/sign.c

@@ -561,9 +561,10 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 
     if(!old_style && opt.pgp2)
       {
-	log_info(_("You can only sign with PGP 2.x style keys "
-		    "while in --pgp2 mode\n"));
-	log_info(_("This message will not be usable by PGP 2.x\n"));
+	log_info(_("you can only sign with PGP 2.x style keys "
+		   "while in --pgp2 mode\n"));
+	log_info(_("this message will not be usable by PGP 2.x\n"));
+	opt.pgp2=0;
       }
 
     if( encryptflag ) {
@@ -738,9 +739,10 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 
     if(!old_style && opt.pgp2)
       {
-	log_info(_("You can only clearsign with PGP 2.x style keys "
+	log_info(_("you can only clearsign with PGP 2.x style keys "
 		   "while in --pgp2 mode\n"));
-	log_info(_("This message will not be usable by PGP 2.x\n"));
+	log_info(_("this message will not be usable by PGP 2.x\n"));
+	opt.pgp2=0;
       }
 
     /* prepare iobufs */