* packet.h, build-packet.c (build_sig_subpkt), export.c

(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.

g10/sign.c

@@ -338,7 +338,7 @@ hash_for(int pubkey_algo, int packet_version )
     return opt.def_digest_algo;
   else if( recipient_digest_algo )
     return recipient_digest_algo;
-  else if(opt.pgp2 && pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 )
+  else if(PGP2 && pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 )
     {
       /* Old-style PGP only understands MD5 */
       return DIGEST_ALGO_MD5;
@@ -510,7 +510,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
         pt->timestamp = make_timestamp ();
         pt->mode = ptmode;
         pt->len = filesize;
-        pt->new_ctb = !pt->len && !opt.rfc1991;
+        pt->new_ctb = !pt->len && !RFC1991;
         pt->buf = inp;
         init_packet(&pkt);
         pkt.pkttype = PKT_PLAINTEXT;
@@ -561,7 +561,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
 
 	/* build the signature packet */
 	sig = m_alloc_clear (sizeof *sig);
-	if(opt.force_v3_sigs || opt.rfc1991)
+	if(opt.force_v3_sigs || RFC1991)
 	  sig->version=3;
 	else if(duration || opt.sig_policy_url || opt.sig_notation_data)
 	  sig->version=4;
@@ -660,18 +660,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
     if( fname && filenames->next && (!detached || encryptflag) )
 	log_bug("multiple files can only be detached signed");
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
+    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
       duration=ask_expire_interval(1);
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
 
-    if(opt.pgp2 && !only_old_style(sk_list))
+    if(PGP2 && !only_old_style(sk_list))
       {
 	log_info(_("you can only detach-sign with PGP 2.x style keys "
 		   "while in --pgp2 mode\n"));
-	log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	opt.pgp2=0;
+	compliance_failure();
       }
 
     if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
@@ -744,7 +743,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 		hashlen=20;
 
 	    if((algo=
-		select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hashlen))>0)
+		select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,
+				       hashlen?&hashlen:NULL))>0)
 	      recipient_digest_algo=algo;
 	  }
       }
@@ -757,7 +757,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
     if( !multifile )
 	iobuf_push_filter( inp, md_filter, &mfx );
 
-    if( detached && !encryptflag && !opt.rfc1991 )
+    if( detached && !encryptflag && !RFC1991 )
 	afx.what = 2;
 
     if( opt.armor && !outfile  )
@@ -787,9 +787,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 		select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
 	      compr_algo=default_compress_algo();
 	  }
- 	else if(!opt.expert &&
- 		select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
- 				       compr_algo,NULL)!=compr_algo)
+ 	else if(!opt.expert && pk_list
+ 		&& select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
+					  compr_algo,NULL)!=compr_algo)
  	  log_info(_("forcing compression algorithm %s (%d) "
  		     "violates recipient preferences\n"),
  		   compress_algo_to_string(compr_algo),compr_algo);
@@ -803,7 +803,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
       }
 
     /* Write the one-pass signature packets if needed */
-    if (!detached && !opt.rfc1991) {
+    if (!detached && !RFC1991) {
         rc = write_onepass_sig_packets (sk_list, out,
                                         opt.textmode && !outfile ? 0x01:0x00);
         if (rc)
@@ -897,14 +897,14 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
     int rc = 0;
     SK_LIST sk_list = NULL;
     SK_LIST sk_rover = NULL;
-    int old_style = opt.rfc1991;
+    int old_style = RFC1991;
     int only_md5 = 0;
     u32 duration=0;
 
     memset( &afx, 0, sizeof afx);
     init_packet( &pkt );
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
+    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
       duration=ask_expire_interval(1);
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
@@ -913,12 +913,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
     if( !old_style && !duration )
 	old_style = only_old_style( sk_list );
 
-    if(!old_style && opt.pgp2)
+    if(PGP2 && !only_old_style(sk_list))
       {
 	log_info(_("you can only clearsign with PGP 2.x style keys "
 		   "while in --pgp2 mode\n"));
-	log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	opt.pgp2=0;
+	compliance_failure();
       }
 
     /* prepare iobufs */
@@ -1045,7 +1044,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
     memset( &cfx, 0, sizeof cfx);
     init_packet( &pkt );
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
+    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
       duration=ask_expire_interval(1);
 
     rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
@@ -1064,7 +1063,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
 
     /* prepare key */
     s2k = m_alloc_clear( sizeof *s2k );
-    s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
+    s2k->mode = RFC1991? 0:opt.s2k_mode;
     s2k->hash_algo = opt.s2k_digest_algo;
 
     algo = default_cipher_algo();
@@ -1102,7 +1101,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
 
     /* Write the symmetric key packet */
     /*(current filters: armor)*/
-    if (!opt.rfc1991) {
+    if (!RFC1991) {
 	PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc );
 	enc->version = 4;
 	enc->cipher_algo = cfx.dek->algo;
@@ -1126,7 +1125,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
 
     /* Write the one-pass signature packets */
     /*(current filters: zip - encrypt - armor)*/
-    if (!opt.rfc1991) {
+    if (!RFC1991) {
         rc = write_onepass_sig_packets (sk_list, out,
                                         opt.textmode? 0x01:0x00);
         if (rc)