The comment that Private-Hash: was not allowed in DSS PuTTY-User-Key-File-1

keys was apparently incorrect; prior to r1413, it was both allowed, and
generated for passphraseless keys. Remove it and associated validation so that
people are able to load such keys into PuTTYgen to upgrade them, as suggested.

git-svn-id: svn://svn.tartarus.org/sgt/putty@5403 cda61777-01e9-0310-a592-d414129be87e

diff --git a/sshpubk.c b/sshpubk.c
index 9e89fe9..166afbc 100644 (file)
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -461,10 +461,9 @@ int saversakey(const Filename *filename, struct RSAKey *key, char *passphrase)
  * with "PuTTY-User-Key-File-1" (version number differs). In this
  * format the Private-MAC: field only covers the private-plaintext
  * field and nothing else (and without the 4-byte string length on
- * the front too). Moreover, for RSA keys the Private-MAC: field
- * can be replaced with a Private-Hash: field which is a plain
- * SHA-1 hash instead of an HMAC. This is not allowable in DSA
- * keys. (Yes, the old format was a mess. Guess why it changed :-)
+ * the front too). Moreover, the Private-MAC: field can be replaced
+ * with a Private-Hash: field which is a plain SHA-1 hash instead of
+ * an HMAC (this was generated for unencrypted keys).
  */
 
 static int read_header(FILE * fp, char *header)
@@ -723,8 +722,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
        if ((mac = read_body(fp)) == NULL)
            goto error;
        is_mac = 1;
-    } else if (0 == strcmp(header, "Private-Hash") &&
-                          alg == &ssh_rsa && old_fmt) {
+    } else if (0 == strcmp(header, "Private-Hash") && old_fmt) {
        if ((mac = read_body(fp)) == NULL)
            goto error;
        is_mac = 0;