diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-09-02 14:13:56 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-09-02 14:32:44 +0200 |
| commit | f68312eb593943127b39ba79a4d7fa438c34c153 (patch) | |
| tree | 10f8cb337068dfd8388dccca162b049e892f850f /configure.ac | |
| parent | Don't skip audit before exitting cleanup_exit (diff) | |
| download | openssh-f68312eb593943127b39ba79a4d7fa438c34c153.tar.xz openssh-f68312eb593943127b39ba79a4d7fa438c34c153.zip | |
upstream: Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 591d5a388..d355c205c 100644 --- a/configure.ac +++ b/configure.ac @@ -2095,6 +2095,15 @@ AC_ARG_ENABLE([dsa-keys], ] ) +AC_ARG_ENABLE([ml-kem], + [ --enable-ml-kem enable experimental ML-KEM/x25519 key exchange [no]], + [ + if test "x$enableval" != "xno" ; then + AC_DEFINE([WITH_MLKEM], [], [Enable for ML-KEM KEX support]) + fi + ] +) + AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) |