gpg: Remove MDC options

* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.

--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

This is a stripped down version of commit
253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be
applied due to the AEAD mechanisms there.

Signed-off-by: Werner Koch <wk@gnupg.org>

doc/gpg.texi

@@ -2580,17 +2580,13 @@ is the default.
 These options are obsolete and have no effect since GnuPG 2.1.
 
 @item --force-mdc
+@itemx --disable-mdc
 @opindex force-mdc
-Force the use of encryption with a modification detection code. This
-is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if all of the recipient keys indicate MDC support in
-their feature flags.
-
-@item --disable-mdc
 @opindex disable-mdc
-Disable the use of the modification detection code. Note that by
-using this option, the encrypted message becomes vulnerable to a
-message modification attack.
+These options are obsolete and have no effect since GnuPG 2.2.8.  The
+MDC is always used.  But note: If the creation of a legacy non-MDC
+message is exceptionally required, the option @option{--rfc2440}
+allows for this.
 
 @item --disable-signer-uid
 @opindex disable-signer-uid
@@ -2710,7 +2706,10 @@ keys or data may not be usable with future GnuPG versions.
 @item --rfc2440
 @opindex rfc2440
 Reset all packet, cipher and digest options to strict RFC-2440
-behavior.
+behavior.  Note that by using this option encryption packets are
+created in a legacy mode without MDC protection.  This is dangerous
+and should thus only be used for experiments.  See also option
+@option{--ignore-mdc-error}.
 
 @item --pgp6
 @opindex pgp6
@@ -2721,7 +2720,7 @@ compression algorithms none and ZIP. This also disables
 @option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
 does not understand signatures made by signing subkeys.
 
-This option implies @option{--disable-mdc --escape-from-lines}.
+This option implies @option{--escape-from-lines}.
 
 @item --pgp7
 @opindex pgp7
@@ -3186,7 +3185,7 @@ It is required to decrypt old messages which did not use an MDC.  It
 may also be useful if a message is partially garbled, but it is
 necessary to get as much data as possible out of that garbled message.
 Be aware that a missing or failed MDC can be an indication of an
-attack.  Use with caution.
+attack.  Use with great caution; see also option @option{--rfc2440}.
 
 @item --allow-weak-digest-algos
 @opindex allow-weak-digest-algos

g10/cipher.c

@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "options.h"
 #include "main.h"
+#include "../common/i18n.h"
 #include "../common/status.h"
 
 
@@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
     }
   else
     {
-      log_info ("WARNING: "
-                "encrypting without integrity protection is dangerous\n");
+      log_info (_("WARNING: "
+                  "encrypting without integrity protection is dangerous\n"));
+      log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
     }
 
   write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",

g10/encrypt.c

@@ -109,57 +109,20 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
 }
 
 
-/* We try very hard to use a MDC */
+/* Shall we use the MDC?  Yes - unless rfc-2440 compatibility is
+ * requested. */
 int
 use_mdc (pk_list_t pk_list,int algo)
 {
-  /* RFC-2440 don't has MDC */
+  (void)pk_list;
+  (void)algo;
+
+  /* RFC-2440 don't has MDC - this is the only way to create a legacy
+   * non-MDC encryption packet.  */
   if (RFC2440)
     return 0;
 
-  /* --force-mdc overrides --disable-mdc */
-  if(opt.force_mdc)
-    return 1;
-
-  if(opt.disable_mdc)
-    return 0;
-
-  /* Do the keys really support MDC? */
-
-  if(select_mdc_from_pklist(pk_list))
-    return 1;
-
-  /* The keys don't support MDC, so now we do a bit of a hack - if any
-     of the AESes or TWOFISH are in the prefs, we assume that the user
-     can handle a MDC.  This is valid for PGP 7, which can handle MDCs
-     though it will not generate them.  2440bis allows this, by the
-     way. */
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
-    return 1;
-
-  if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
-			    CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
-    return 1;
-
-  /* Last try.  Use MDC for the modern ciphers. */
-
-  if (openpgp_cipher_get_algo_blklen (algo) != 8)
-    return 1;
-
-  if (opt.verbose)
-    warn_missing_mdc_from_pklist (pk_list);
-
-  return 0; /* No MDC */
+  return 1; /* In all other cases we use the MDC */
 }
 
 

g10/gpg.c

@@ -297,10 +297,6 @@ enum cmd_and_opt_values
     oShowPhotos,
     oNoShowPhotos,
     oPhotoViewer,
-    oForceMDC,
-    oNoForceMDC,
-    oDisableMDC,
-    oNoDisableMDC,
     oS2KMode,
     oS2KDigest,
     oS2KCipher,
@@ -598,11 +594,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oQuiet,	  "quiet",   "@"),
   ARGPARSE_s_n (oNoTTY,   "no-tty",  "@"),
 
-  ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
-  ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
-  ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
-  ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
-
   ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
 
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@@ -910,6 +901,11 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
   ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
   ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
+  ARGPARSE_s_n (oNoop, "force-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+
 
   ARGPARSE_end ()
 };
@@ -2158,7 +2154,6 @@ set_compliance_option (enum cmd_and_opt_values option)
     case oDE_VS:
       set_compliance_option (oOpenPGP);
       opt.compliance = CO_DE_VS;
-      opt.force_mdc = 1;
       /* Fixme: Change other options.  */
       break;
 
@@ -2959,11 +2954,6 @@ main (int argc, char **argv)
 	    break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
 
-	  case oForceMDC: opt.force_mdc = 1; break;
-	  case oNoForceMDC: opt.force_mdc = 0; break;
-	  case oDisableMDC: opt.disable_mdc = 1; break;
-	  case oNoDisableMDC: opt.disable_mdc = 0; break;
-
           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
 
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
@@ -3734,7 +3724,6 @@ main (int argc, char **argv)
       {
         /* That does not anymore work because we have no more support
            for v3 signatures.  */
-	opt.disable_mdc=1;
 	opt.escape_from=1;
 	opt.ask_sig_expire=0;
       }

g10/options.h

@@ -91,8 +91,6 @@ struct
   int no_armor;
   int list_packets; /* Option --list-packets active.  */
   int def_cipher_algo;
-  int force_mdc;
-  int disable_mdc;
   int def_digest_algo;
   int cert_digest_algo;
   int compress_algo;