JSch: Merge with v0.2.23 of the JSch fork

... with the following exceptions: - Do not include Bouncy Castle algorithm implementations. (Require Java 16 instead.) This means that our JSch fork cannot currently support the [email protected] cipher, since the non-Bouncy-Castle implementation of that algorithm from JSch v0.1.71 and prior is not compatible with the current OpenSSH implementation. - Restore formatted comments nuked by the Maven formatter. - Do not include unused/unneeded code. - Restore public access to *.jzlib.JZlib and *.jzlib.ZStream. (NOTE: We should maybe revisit eliminating JZlib and using java.util.zip for everything, since we don't actually use SSH compression.) - Adapt the server-sig-algs implementation in mwiede/jsch@c17147c8 to better emulate the behavior of OpenSSH. (More specifically, OpenSSH only applies server-sig-algs to RSA keys: https://github.com/openssh/openssh-portable/blob/826483d51a9fee60703298bbf839d9ce37943474/sshconnect2.c#L1163-L1169.) Take the example of an SSH agent that offers 7 keys. The 7th key is the correct key to authenticate with a server, but that key uses a non-RSA algorithm (e.g. ssh-ed25519) that the server does not advertise in server-sig-algs. With MaxAuthTries=6, OpenSSH will fail to authenticate with that configuration by default, but it will succeed if the correct key is explicitly specified with the ssh -i option or the IdentityFile configuration keyword (because explicitly specifying the key promotes it to the head of the list.) JSch v0.1.66+ performs an initial authentication pass with only the algorithms advertised in server-sig-algs, then it performs a second pass with the other client-supported algorithms. With the aforementioned configuration, that behavior causes MaxAuthTries to be exceeded on the first pass (a fatal error), and the second pass never happens. Our implementation instead populates the existing Session.supportedRSAMethods list from the server-sig-algs message, if the server sent that message and the jsch.enable_server_sig_algs system property is enabled. This ensures that the client will not try any RSA algorithms except for those advertised in server-sig-algs. Note, however, that some OpenSSH server implementations still advertise ssh-rsa in server-sig-algs even if the algorithm is disabled in sshd_config. Functional and logging code from the following TurboVNC commits has been retained or adapted: 095c380 fb36f3b 053e754 dda0283 0a4aeb6 b632a9c 6838846 4a40896 273bfde fd34df2 ed50650 58986b7 dc2a88f d654a91 674e98c Completes #323
TurboVNC · Feb 4, 2025 · d2da5fe · d2da5fe
1 parent 5ff8910
commit d2da5fe
Show file tree

Hide file tree

Showing 310 changed files with 31,025 additions and 25,601 deletions.
diff --git a/BUILDING.md b/BUILDING.md
@@ -32,11 +32,11 @@ Build Requirements
 
 - PAM development kit [if building the TurboVNC Server]
 
-- JDK/OpenJDK 15 or later [if building the TurboVNC Viewer]
+- JDK/OpenJDK 16 or later [if building the TurboVNC Viewer]
   * For systems that do not provide a JDK, download the
     [Oracle Java Development Kit](http://www.oracle.com/technetwork/java/javase/downloads)
     or [OpenJDK](https://jdk.java.net)
-  * [OpenJDK](https://jdk.java.net) 15 or later must be used if building
+  * [OpenJDK](https://jdk.java.net) 16 or later must be used if building
     an installer with a custom JRE (if the `TVNC_INCLUDEJRE` CMake variable is
     set to `1`)
 
@@ -67,11 +67,11 @@ Build Requirements
   Start Menu link that can be used to launch a command prompt with the
   appropriate compiler paths automatically set.
 
-- JDK/OpenJDK 15 or later
+- JDK/OpenJDK 16 or later
   * Download the
     [Oracle Java Development Kit](http://www.oracle.com/technetwork/java/javase/downloads)
     or [OpenJDK](https://jdk.java.net)
-  * [OpenJDK](https://jdk.java.net) 15 or later must be used if building
+  * [OpenJDK](https://jdk.java.net) 16 or later must be used if building
     an installer with a custom JRE (if the `TVNC_INCLUDEJRE` CMake variable is
     set to `1`)
 
@@ -80,11 +80,11 @@ Build Requirements
 
 - Xcode 4.1 or later (OS X/macOS 10.7.x or later SDK required)
 
-- JDK/OpenJDK 15 or later
+- JDK/OpenJDK 16 or later
   * Download the
     [Oracle Java Development Kit](http://www.oracle.com/technetwork/java/javase/downloads)
     or [OpenJDK](https://jdk.java.net)
-  * [OpenJDK](https://jdk.java.net) 15 or later must be used if building
+  * [OpenJDK](https://jdk.java.net) 16 or later must be used if building
     a Mac package/disk image with a custom JRE (if the `TVNC_INCLUDEJRE` CMake
     variable is set to `1`)
 

diff --git a/ChangeLog.md b/ChangeLog.md
@@ -56,8 +56,36 @@ fatal error that occurred in TightVNC-compatible VNC viewers (other than the
 TurboVNC Viewer) when attempting to select Compression Level 0 without JPEG
 while connected to a TurboVNC session.
 
-7. The TurboVNC Viewer's built-in SSH client now supports the Ed25519 signature
-scheme.  This improves compatibility with recent OpenSSH releases.
+7. The TurboVNC Viewer's built-in SSH client has been rebased on v0.2.23 of the
+JSch fork, which includes the following notable security, compatibility, and
+performance improvements:
+
+     - Curve25519 key exchange (KEX) methods are now supported.
+     - Diffie-Hellman Group 14 through 18 KEX methods are now supported.
+     - The Ed25519 signature scheme is now supported.
+     - Encrypt-then-MAC (EtM) Message Authentication Code (MAC) algorithms are
+now supported.
+     - Galois/Counter Mode (GCM) ciphers are now supported.
+     - The `hmac-sha2-512` MAC algorithm (Hash-based Message Authentication
+Code with the SHA-512 hash algorithm) is now supported.
+     - Version 3 of the PuTTY Private Key (PPK) format is now supported.
+     - RFC 8308 extension negotiation and the `server-sig-algs` extension are
+now supported.
+     - The OpenSSH strict key exchange extension is now supported (which
+addresses CVE-2023-48795.)
+     - Insecure signature schemes, KEX methods, and ciphers are now disabled by
+default, including:
+          - 3DES ciphers
+          - CBC (Cipher Block Chaining) ciphers
+          - Diffie-Hellman Group 1 KEX methods
+          - The DSS (Digital Signature Standard) signature scheme
+          - Signature schemes and KEX methods that use the SHA-1 hash algorithm
+
+        The `Ciphers`, `HostKeyAlgorithms`, `KexAlgorithms`, and
+`PubkeyAcceptedAlgorithms` OpenSSH configuration keywords or the `jsch.cipher`,
+`jsch.server_host_key`, `jsch.kex`, and `jsch.client_pubkey` Java system
+properties can be used to re-enable insecure algorithms when connecting to
+legacy systems.
 
 8. The TurboVNC Viewer's `SSHUser` parameter has been removed.  SSH usernames
 should now be specified by prefixing the VNC host or the gateway host with the

diff --git a/java/CMakeLists.txt b/java/CMakeLists.txt
@@ -4,8 +4,7 @@ find_package(Java REQUIRED)
 if(NOT DEFINED CMAKE_JAVA_COMPILE_FLAGS AND DEFINED ENV{JAVAFLAGS})
 	set(DEFAULT_CMAKE_JAVA_COMPILE_FLAGS $ENV{JAVAFLAGS})
 else()
-	set(DEFAULT_CMAKE_JAVA_COMPILE_FLAGS
-		"-Xlint:all,-serial,-unchecked,-rawtypes")
+	set(DEFAULT_CMAKE_JAVA_COMPILE_FLAGS "-Xlint:all")
 endif()
 set(CMAKE_JAVA_COMPILE_FLAGS ${DEFAULT_CMAKE_JAVA_COMPILE_FLAGS} CACHE STRING
 	"Java compiler flags (Default: ${DEFAULT_CMAKE_JAVA_COMPILE_FLAGS})")
@@ -31,47 +30,99 @@ set(JAVA_CLASSES "")
 
 set(JSCH_CLASSNAMES
 	CipherNone
+	DH25519
+	DH25519MLKEM768
+	DH25519SNTRUP761
+	DH448
 	DHEC256
+	DHEC256MLKEM768
 	DHEC384
+	DHEC384MLKEM1024
 	DHEC521
+	DHECNKEM
 	DHG1
 	DHG14
+	DHG14224
+	DHG14256
+	DHG14N
+	DHG15
+	DHG15256
+	DHG15384
+	DHG15N
+	DHG16
+	DHG16384
+	DHG16N
+	DHG17
+	DHG18
 	DHGEX
+	DHGEX1
+	DHGEX224
 	DHGEX256
+	DHGEX384
+	DHGEX512
+	DHGN
+	DHXEC
+	DHXECKEM
 	UserAuthGSSAPIWithMIC
 	UserAuthKeyboardInteractive
 	UserAuthNone
 	UserAuthPassword
 	UserAuthPublicKey
+	XDH
+	jbcrypt/JBCrypt
 	jce/AES128CBC
 	jce/AES128CTR
+	jce/AES128GCM
 	jce/AES192CBC
 	jce/AES192CTR
 	jce/AES256CBC
 	jce/AES256CTR
+	jce/AES256GCM
+	jce/AESGCM
 	jce/ARCFOUR
 	jce/ARCFOUR128
 	jce/ARCFOUR256
 	jce/BlowfishCBC
+	jce/BlowfishCTR
 	jce/DH
 	jce/ECDH256
 	jce/ECDH384
 	jce/ECDH521
 	jce/ECDHN
 	jce/HMACMD5
+	jce/HMACMD5ETM
 	jce/HMACMD596
+	jce/HMACMD596ETM
 	jce/HMACSHA1
+	jce/HMACSHA1ETM
 	jce/HMACSHA196
+	jce/HMACSHA196ETM
+	jce/HMACSHA224SSHCOM
 	jce/HMACSHA256
+	jce/HMACSHA256ETM
+	jce/HMACSHA256SSHCOM
+	jce/HMACSHA2562SSHCOM
+	jce/HMACSHA384SSHCOM
 	jce/HMACSHA512
+	jce/HMACSHA512ETM
+	jce/HMACSHA512SSHCOM
 	jce/KeyPairGenDSA
 	jce/KeyPairGenECDSA
 	jce/KeyPairGenEdDSA
 	jce/KeyPairGenRSA
 	jce/MD5
 	jce/PBKDF
+	jce/PBKDF2
+	jce/PBKDF2HMACSHA1
+	jce/PBKDF2HMACSHA224
+	jce/PBKDF2HMACSHA256
+	jce/PBKDF2HMACSHA384
+	jce/PBKDF2HMACSHA512
+	jce/PBKDF2HMACSHA512224
+	jce/PBKDF2HMACSHA512256
 	jce/Random
 	jce/SHA1
+	jce/SHA224
 	jce/SHA256
 	jce/SHA384
 	jce/SHA512
@@ -81,19 +132,23 @@ set(JSCH_CLASSNAMES
 	jce/SignatureECDSA521
 	jce/SignatureECDSAN
 	jce/SignatureEd25519
+	jce/SignatureEd448
 	jce/SignatureEdDSA
 	jce/SignatureRSA
 	jce/SignatureRSAN
+	jce/SignatureRSASHA224SSHCOM
 	jce/SignatureRSASHA256
+	jce/SignatureRSASHA256SSHCOM
+	jce/SignatureRSASHA384SSHCOM
 	jce/SignatureRSASHA512
+	jce/SignatureRSASHA512SSHCOM
 	jce/TripleDESCBC
 	jce/TripleDESCTR
-	jcraft/Compression
-	jcraft/HMACMD5
-	jcraft/HMACMD596
-	jcraft/HMACSHA1
-	jcraft/HMACSHA196
-	jgss/GSSContextKrb5)
+	jce/Util
+	jce/XDH
+	jgss/GSSContextKrb5
+	juz/Compression
+	jzlib/Compression)
 
 foreach(class ${JSCH_CLASSNAMES})
 	set(JAVA_SOURCES ${JAVA_SOURCES} com/jcraft/jsch/${class}.java)
@@ -107,15 +162,12 @@ file(GLOB DEPEND_SOURCES
 	${SRCDIR}/com/turbovnc/rdr/*.java
 	${SRCDIR}/com/turbovnc/network/*.java
 	${SRCDIR}/com/jcraft/jsch/*.java
-	${SRCDIR}/com/jcraft/jsch/agentproxy/*.java
-	${SRCDIR}/com/jcraft/jsch/agentproxy/connector/*.java
-	${SRCDIR}/com/jcraft/jsch/agentproxy/usocket/*.java
+	${SRCDIR}/com/jcraft/jsch/jbcrypt/*.java
 	${SRCDIR}/com/jcraft/jsch/jce/*.java
-	${SRCDIR}/com/jcraft/jsch/jcraft/*.java
 	${SRCDIR}/com/jcraft/jsch/jgss/*.java
-	${SRCDIR}/com/jcraft/jzlib/*.java
-	${SRCDIR}/org/spf4j/base/*.java
-	${SRCDIR}/org/mindrot/jbcrypt/*.java)
+	${SRCDIR}/com/jcraft/jsch/juz/*.java
+	${SRCDIR}/com/jcraft/jsch/jzlib/*.java
+	${SRCDIR}/org/spf4j/base/*.java)
 
 string(REGEX REPLACE " " ";" CMAKE_JAVA_COMPILE_FLAGS
 	"${CMAKE_JAVA_COMPILE_FLAGS}")
@@ -161,16 +213,13 @@ add_custom_command(OUTPUT VncViewer.jar
 		com/turbovnc/rfb/*.class
 		com/turbovnc/rdr/*.class
 		com/turbovnc/network/*.class
-		com/jcraft/jzlib/*.class
-		com/jcraft/jsch/agentproxy/*.class
-		com/jcraft/jsch/agentproxy/connector/*.class
-		com/jcraft/jsch/agentproxy/usocket/*.class
-		com/jcraft/jsch/jgss/*.class
-		com/jcraft/jsch/jcraft/*.class
-		com/jcraft/jsch/jce/*.class
 		com/jcraft/jsch/*.class
+		com/jcraft/jsch/jbcrypt/*.class
+		com/jcraft/jsch/jce/*.class
+		com/jcraft/jsch/jgss/*.class
+		com/jcraft/jsch/juz/*.class
+		com/jcraft/jsch/jzlib/*.class
 		org/spf4j/base/*.class
-		org/mindrot/jbcrypt/*.class
 		${CLASSPATH}/toolbar.png
 		${CLASSPATH}/turbovnc.png
 		${CLASSPATH}/turbovnc-sm.png

diff --git a/java/com/jcraft/jsch/AgentConnector.java b/java/com/jcraft/jsch/AgentConnector.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2011 ymnk, JCraft,Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of conditions
+ * and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other materials provided with
+ * the distribution.
+ *
+ * 3. The names of the authors may not be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL JCRAFT, INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.jcraft.jsch;
+
+public interface AgentConnector {
+  String getName();
+
+  boolean isAvailable();
+
+  void query(Buffer buffer) throws AgentProxyException;
+}
diff --git a/java/com/jcraft/jsch/AgentIdentity.java b/java/com/jcraft/jsch/AgentIdentity.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2011 ymnk, JCraft,Inc. All rights reserved.
+ * Copyright (c) 2018, 2025 D. R. Commander. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of conditions
+ * and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other materials provided with
+ * the distribution.
+ *
+ * 3. The names of the authors may not be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL JCRAFT, INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.jcraft.jsch;
+
+class AgentIdentity implements Identity {
+
+  private AgentProxy agent;
+  private byte[] blob;
+  private String comment;
+  private String algname;
+  private HASH hash;
+
+  AgentIdentity(AgentProxy agent, byte[] blob, String comment) {
+    this.agent = agent;
+    this.blob = blob;
+    this.comment = comment;
+    algname = Util.byte2str((new Buffer(blob)).getString());
+  }
+
+  private HASH genHash() {
+    try {
+      Class c = Class.forName(JSch.getConfig("md5"));
+      hash = (HASH)(c.getDeclaredConstructor().newInstance());
+      hash.init();
+    } catch (Exception e) {
+    }
+    return hash;
+  }
+
+  @Override
+  public boolean setPassphrase(byte[] passphrase) throws JSchException {
+    return true;
+  }
+
+  @Override
+  public byte[] getPublicKeyBlob() {
+    return blob;
+  }
+
+  @Override
+  public String getFingerPrint() {
+    if (hash == null) hash = genHash();
+    if (blob == null) return null;
+    return Util.getFingerPrint(hash, blob, false, true);
+  }
+
+  @Override
+  public byte[] getSignature(byte[] data) {
+    return agent.sign(blob, data, null);
+  }
+
+  @Override
+  public byte[] getSignature(byte[] data, String alg) {
+    return agent.sign(blob, data, alg);
+  }
+
+  @Override
+  public String getAlgName() {
+    return algname;
+  }
+
+  @Override
+  public String getName() {
+    return comment;
+  }
+
+  @Override
+  public boolean isEncrypted() {
+    return false;
+  }
+
+  @Override
+  public void clear() {}
+}