summaryrefslogtreecommitdiffstats
path: root/ssh-keyscan.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2024-09-02 14:13:56 +0200
committerDamien Miller <djm@mindrot.org>2024-09-02 14:32:44 +0200
commitf68312eb593943127b39ba79a4d7fa438c34c153 (patch)
tree10f8cb337068dfd8388dccca162b049e892f850f /ssh-keyscan.c
parentDon't skip audit before exitting cleanup_exit (diff)
downloadopenssh-f68312eb593943127b39ba79a4d7fa438c34c153.tar.xz
openssh-f68312eb593943127b39ba79a4d7fa438c34c153.zip
upstream: Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r--ssh-keyscan.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 548eaab83..eb5c78094 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.158 2024/06/14 00:25:25 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.159 2024/09/02 12:13:56 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -303,6 +303,9 @@ keygrab_ssh2(con *c)
#endif
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
c->c_ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;
+#ifdef WITH_MLKEM
+ c->c_ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client;
+#endif
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until