Updates to make code compatible with PuTTY 2016-04-07.8552f5c - SSH version fallback is not supported anymore

+ We now verify SSH version of selected key file upon selecting immediately as it is unlikely that users wants to ever use SSH-1 only
+ Associating label with the SSH version selection combo

Source commit: 9eaefe6debc58e479ae4e7b075c64ab28ae36017

source/core/SessionData.cpp

@@ -25,7 +25,7 @@ const wchar_t * ProxyMethodNames = L"None;SOCKS4;SOCKS5;HTTP;Telnet;Cmd";
 const wchar_t * DefaultName = L"Default Settings";
 const UnicodeString CipherNames[CIPHER_COUNT] = {L"WARN", L"3des", L"blowfish", L"aes", L"des", L"arcfour", L"chacha20"};
 const UnicodeString KexNames[KEX_COUNT] = {L"WARN", L"dh-group1-sha1", L"dh-group14-sha1", L"dh-gex-sha1", L"rsa", L"ecdh"};
-const wchar_t SshProtList[][10] = {L"1 only", L"1", L"2", L"2 only"};
+const wchar_t SshProtList[][10] = {L"1", L"1>2", L"2>1", L"2"};
 const TCipher DefaultCipherList[CIPHER_COUNT] =
   { cipAES, cipChaCha20, cipBlowfish, cip3DES, cipWarn, cipArcfour, cipDES };
 const TKex DefaultKexList[KEX_COUNT] =
@@ -538,7 +538,17 @@ void __fastcall TSessionData::DoLoad(THierarchicalStorage * Storage, bool & Rewr
   GSSAPIServerRealm = Storage->ReadString(L"GSSAPIServerRealm", Storage->ReadString(L"KerbPrincipal", GSSAPIServerRealm));
   ChangeUsername = Storage->ReadBool(L"ChangeUsername", ChangeUsername);
   Compression = Storage->ReadBool(L"Compression", Compression);
-  SshProt = (TSshProt)Storage->ReadInteger(L"SshProt", SshProt);
+  TSshProt ASshProt = (TSshProt)Storage->ReadInteger(L"SshProt", SshProt);
+  // Old sessions may contain the values correponding to the fallbacks we used to allow; migrate them
+  if (ASshProt == ssh2deprecated)
+  {
+    ASshProt = ssh2only;
+  }
+  else if (ASshProt == ssh1deprecated)
+  {
+    ASshProt = ssh1only;
+  }
+  SshProt = ASshProt;
   Ssh2DES = Storage->ReadBool(L"Ssh2DES", Ssh2DES);
   SshNoUserAuth = Storage->ReadBool(L"SshNoUserAuth", SshNoUserAuth);
   CipherList = Storage->ReadString(L"Cipher", CipherList);

source/core/SessionData.h

@@ -20,7 +20,7 @@ enum TFSProtocol { fsSCPonly = 0, fsSFTP = 1, fsSFTPonly = 2, fsFTP = 5, fsWebDA
 #define FSPROTOCOL_COUNT (fsWebDAV+1)
 extern const wchar_t * ProxyMethodNames;
 enum TProxyMethod { pmNone, pmSocks4, pmSocks5, pmHTTP, pmTelnet, pmCmd };
-enum TSshProt { ssh1only, ssh1, ssh2, ssh2only };
+enum TSshProt { ssh1only, ssh1deprecated, ssh2deprecated, ssh2only };
 enum TKex { kexWarn, kexDHGroup1, kexDHGroup14, kexDHGEx, kexRSA, kexECDH };
 #define KEX_COUNT (kexECDH+1)
 enum TSshBug { sbIgnore1, sbPlainPW1, sbRSA1, sbHMAC2, sbDeriveKey2, sbRSAPad2,

source/forms/SiteAdvanced.cpp

@@ -220,7 +220,14 @@ void __fastcall TSiteAdvancedDialog::LoadSession()
     // SSH page
     Ssh2LegacyDESCheck->Checked = FSessionData->Ssh2DES;
     CompressionCheck->Checked = FSessionData->Compression;
-    SshProtCombo->ItemIndex = FSessionData->SshProt;
+    if (FSessionData->SshProt == ssh1only)
+    {
+      SshProtCombo2->ItemIndex = 0;
+    }
+    else
+    {
+      SshProtCombo2->ItemIndex = 1;
+    }
 
     CipherListBox->Items->Clear();
     DebugAssert(CIPHER_NAME_WARN+CIPHER_COUNT-1 == CIPHER_NAME_CHACHA20);
@@ -394,7 +401,7 @@ void __fastcall TSiteAdvancedDialog::LoadSession()
 //---------------------------------------------------------------------
 TSshProt __fastcall TSiteAdvancedDialog::GetSshProt()
 {
-  return (TSshProt)SshProtCombo->ItemIndex;
+  return (SshProtCombo2->ItemIndex == 0) ? ssh1only : ssh2only;
 }
 //---------------------------------------------------------------------
 void __fastcall TSiteAdvancedDialog::SaveSession()
@@ -771,18 +778,18 @@ void __fastcall TSiteAdvancedDialog::UpdateControls()
 
     // ssh/authentication sheet
     AuthSheet->Enabled = SshProtocol;
-    EnableControl(SshNoUserAuthCheck, (GetSshProt() != ssh1only));
+    EnableControl(SshNoUserAuthCheck, (GetSshProt() == ssh2only));
     EnableControl(AuthenticationGroup,
       !SshNoUserAuthCheck->Enabled || !SshNoUserAuthCheck->Checked);
-    EnableControl(AuthTISCheck, AuthenticationGroup->Enabled && (GetSshProt() != ssh2only));
-    EnableControl(AuthKICheck, AuthenticationGroup->Enabled && (GetSshProt() != ssh1only));
+    EnableControl(AuthTISCheck, AuthenticationGroup->Enabled && (GetSshProt() == ssh1only));
+    EnableControl(AuthKICheck, AuthenticationGroup->Enabled && (GetSshProt() == ssh2only));
     EnableControl(AuthKIPasswordCheck,
       AuthenticationGroup->Enabled &&
       ((AuthTISCheck->Enabled && AuthTISCheck->Checked) ||
        (AuthKICheck->Enabled && AuthKICheck->Checked)));
     EnableControl(AuthenticationParamsGroup, AuthenticationGroup->Enabled);
     EnableControl(AuthGSSAPICheck3,
-      AuthenticationGroup->Enabled && (GetSshProt() != ssh1only));
+      AuthenticationGroup->Enabled && (GetSshProt() == ssh2only));
     EnableControl(GSSAPIFwdTGTCheck,
       AuthGSSAPICheck3->Enabled && AuthGSSAPICheck3->Checked);
 
@@ -791,10 +798,10 @@ void __fastcall TSiteAdvancedDialog::UpdateControls()
     EnableControl(CipherUpButton, CipherListBox->ItemIndex > 0);
     EnableControl(CipherDownButton, CipherListBox->ItemIndex >= 0 &&
       CipherListBox->ItemIndex < CipherListBox->Items->Count-1);
-    EnableControl(Ssh2LegacyDESCheck, (GetSshProt() != ssh1only));
+    EnableControl(Ssh2LegacyDESCheck, (GetSshProt() == ssh2only));
 
     // ssh/kex sheet
-    KexSheet->Enabled = SshProtocol && (GetSshProt() != ssh1only) &&
+    KexSheet->Enabled = SshProtocol && (GetSshProt() == ssh2only) &&
       (BugRekey2Combo->ItemIndex != 2);
     EnableControl(KexUpButton, KexListBox->ItemIndex > 0);
     EnableControl(KexDownButton, KexListBox->ItemIndex >= 0 &&
@@ -802,27 +809,27 @@ void __fastcall TSiteAdvancedDialog::UpdateControls()
 
     // ssh/bugs sheet
     BugsSheet->Enabled = SshProtocol;
-    EnableControl(BugIgnore1Combo, (GetSshProt() != ssh2only));
+    EnableControl(BugIgnore1Combo, (GetSshProt() == ssh1only));
     EnableControl(BugIgnore1Label, BugIgnore1Combo->Enabled);
-    EnableControl(BugPlainPW1Combo, (GetSshProt() != ssh2only));
+    EnableControl(BugPlainPW1Combo, (GetSshProt() == ssh1only));
     EnableControl(BugPlainPW1Label, BugPlainPW1Combo->Enabled);
-    EnableControl(BugRSA1Combo, (GetSshProt() != ssh2only));
+    EnableControl(BugRSA1Combo, (GetSshProt() == ssh1only));
     EnableControl(BugRSA1Label, BugRSA1Combo->Enabled);
-    EnableControl(BugHMAC2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugHMAC2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugHMAC2Label, BugHMAC2Combo->Enabled);
-    EnableControl(BugDeriveKey2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugDeriveKey2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugDeriveKey2Label, BugDeriveKey2Combo->Enabled);
-    EnableControl(BugRSAPad2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugRSAPad2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugRSAPad2Label, BugRSAPad2Combo->Enabled);
-    EnableControl(BugPKSessID2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugPKSessID2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugPKSessID2Label, BugPKSessID2Combo->Enabled);
-    EnableControl(BugRekey2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugRekey2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugRekey2Label, BugRekey2Combo->Enabled);
-    EnableControl(BugMaxPkt2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugMaxPkt2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugMaxPkt2Label, BugMaxPkt2Combo->Enabled);
-    EnableControl(BugIgnore2Combo, (GetSshProt() != ssh1only));
+    EnableControl(BugIgnore2Combo, (GetSshProt() == ssh2only));
     EnableControl(BugIgnore2Label, BugIgnore2Combo->Enabled);
-    EnableControl(BugWinAdjCombo, (GetSshProt() != ssh1only));
+    EnableControl(BugWinAdjCombo, (GetSshProt() == ssh2only));
     EnableControl(BugWinAdjLabel, BugWinAdjCombo->Enabled);
 
     // connection/proxy sheet
@@ -1238,7 +1245,7 @@ void __fastcall TSiteAdvancedDialog::PrivateKeyEdit2AfterDialog(TObject * Sender
   TFilenameEdit * Edit = dynamic_cast<TFilenameEdit *>(Sender);
   if (Name != Edit->Text)
   {
-    VerifyAndConvertKey(Name);
+    VerifyAndConvertKey(Name, GetSshProt());
   }
 }
 //---------------------------------------------------------------------------
@@ -1248,9 +1255,9 @@ void __fastcall TSiteAdvancedDialog::FormCloseQuery(TObject * /*Sender*/,
   if (ModalResult == DefaultResult(this))
   {
     // StripPathQuotes should not be needed as we do not feed quotes anymore
-    VerifyKeyIncludingVersion(StripPathQuotes(PrivateKeyEdit2->Text), GetSshProt());
-    // for tunnel key do not check SSH version as it is not configurable
-    VerifyKey(StripPathQuotes(TunnelPrivateKeyEdit2->Text));
+    VerifyKey(StripPathQuotes(PrivateKeyEdit2->Text), GetSshProt());
+    // for tunnel SSH version is not configurable
+    VerifyKey(StripPathQuotes(TunnelPrivateKeyEdit2->Text), ssh2only);
     VerifyCertificate(StripPathQuotes(TlsCertificateFileEdit->Text));
   }
 }

source/forms/SiteAdvanced.dfm

@@ -1720,6 +1720,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
             Width = 152
             Height = 13
             Caption = 'Preferred SSH protocol version:'
+            FocusControl = SshProtCombo2
           end
           object CompressionCheck: TCheckBox
             Left = 16
@@ -1731,7 +1732,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
             TabOrder = 0
             OnClick = DataChange
           end
-          object SshProtCombo: TComboBox
+          object SshProtCombo2: TComboBox
             Left = 303
             Top = 37
             Width = 80
@@ -1741,10 +1742,8 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
             TabOrder = 1
             OnChange = DataChange
             Items.Strings = (
-              '1 only'
-              '1 preferred'
-              '2 preferred'
-              '2 only')
+              '1'
+              '2')
           end
         end
         object EncryptionGroup: TGroupBox

source/forms/SiteAdvanced.h

@@ -252,7 +252,7 @@ __published:
   TLabel *Label4;
   TFilenameEdit *TlsCertificateFileEdit;
   TCheckBox *TrimVMSVersionsCheck;
-  TComboBox *SshProtCombo;
+  TComboBox *SshProtCombo2;
   TCheckBox *FollowDirectorySymlinksCheck;
   void __fastcall DataChange(TObject *Sender);
   void __fastcall FormShow(TObject *Sender);

source/windows/Tools.cpp

@@ -1006,7 +1006,7 @@ static void __fastcall ConvertKey(UnicodeString & FileName, TKeyType Type)
 }
 //---------------------------------------------------------------------------
 static void __fastcall DoVerifyKey(
-  UnicodeString & FileName, bool TypeOnly, TSshProt SshProt, bool Convert)
+  UnicodeString & FileName, TSshProt SshProt, bool Convert)
 {
   if (!FileName.Trim().IsEmpty())
   {
@@ -1051,18 +1051,12 @@ static void __fastcall DoVerifyKey(
 
       case ktSSH1:
       case ktSSH2:
-        // on file select do not check for SSH version as user may
-        // intend to change it only after he/she selects key file
-        if (!TypeOnly)
+        if ((Type == ktSSH1) != (SshProt == ssh1only))
         {
-          if ((Type == ktSSH1) !=
-                ((SshProt == ssh1only) || (SshProt == ssh1)))
-          {
-            Message =
-              MainInstructions(
-                FMTLOAD(KEY_TYPE_DIFFERENT_SSH,
-                  (FileName, (Type == ktSSH1 ? L"SSH-1" : L"PuTTY SSH-2"))));
-          }
+          Message =
+            MainInstructions(
+              FMTLOAD(KEY_TYPE_DIFFERENT_SSH,
+                (FileName, (Type == ktSSH1 ? L"SSH-1" : L"PuTTY SSH-2"))));
         }
         break;
 
@@ -1101,19 +1095,14 @@ static void __fastcall DoVerifyKey(
   }
 }
 //---------------------------------------------------------------------------
-void __fastcall VerifyAndConvertKey(UnicodeString & FileName)
-{
-  DoVerifyKey(FileName, true, TSshProt(0), true);
-}
-//---------------------------------------------------------------------------
-void __fastcall VerifyKey(UnicodeString FileName)
+void __fastcall VerifyAndConvertKey(UnicodeString & FileName, TSshProt SshProt)
 {
-  DoVerifyKey(FileName, true, TSshProt(0), false);
+  DoVerifyKey(FileName, SshProt, true);
 }
 //---------------------------------------------------------------------------
-void __fastcall VerifyKeyIncludingVersion(UnicodeString FileName, TSshProt SshProt)
+void __fastcall VerifyKey(UnicodeString FileName, TSshProt SshProt)
 {
-  DoVerifyKey(FileName, false, SshProt, false);
+  DoVerifyKey(FileName, SshProt, false);
 }
 //---------------------------------------------------------------------------
 void __fastcall VerifyCertificate(const UnicodeString & FileName)

source/windows/Tools.h

@@ -64,9 +64,8 @@ void __fastcall CopyToClipboard(TStrings * Strings);
 void __fastcall ShutDownWindows();
 void __fastcall SuspendWindows();
 void __fastcall EditSelectBaseName(HWND Edit);
-void __fastcall VerifyAndConvertKey(UnicodeString & FileName);
-void __fastcall VerifyKey(UnicodeString FileName);
-void __fastcall VerifyKeyIncludingVersion(UnicodeString FileName, TSshProt SshProt);
+void __fastcall VerifyAndConvertKey(UnicodeString & FileName, TSshProt SshProt);
+void __fastcall VerifyKey(UnicodeString FileName, TSshProt SshProt);
 void __fastcall VerifyCertificate(const UnicodeString & FileName);
 TStrings * __fastcall GetUnwrappedMemoLines(TMemo * Memo);
 bool __fastcall DetectSystemExternalEditor(