diff options
author | djm@openbsd.org <djm@openbsd.org> | 2024-09-02 14:13:56 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2024-09-02 14:32:44 +0200 |
commit | f68312eb593943127b39ba79a4d7fa438c34c153 (patch) | |
tree | 10f8cb337068dfd8388dccca162b049e892f850f /ssh-keyscan.c | |
parent | Don't skip audit before exitting cleanup_exit (diff) | |
download | openssh-f68312eb593943127b39ba79a4d7fa438c34c153.tar.xz openssh-f68312eb593943127b39ba79a4d7fa438c34c153.zip |
upstream: Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
Diffstat (limited to 'ssh-keyscan.c')
-rw-r--r-- | ssh-keyscan.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 548eaab83..eb5c78094 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.158 2024/06/14 00:25:25 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.159 2024/09/02 12:13:56 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -303,6 +303,9 @@ keygrab_ssh2(con *c) #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; +#ifdef WITH_MLKEM + c->c_ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; +#endif ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); /* * do the key-exchange until an error occurs or until |