[openssh-commits] [openssh] branch master updated (05f2b141 -> 51b82648)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Sep 2 22:34:13 AEST 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from 05f2b141 Don't skip audit before exitting cleanup_exit
     new f68312eb upstream: Add experimental support for hybrid post-quantum key exchange
     new 51b82648 upstream: missing ifdef

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 51b82648b6827675fc0cde21175fd1ed8e89aab2
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Sep 2 12:18:35 2024 +0000

    upstream: missing ifdef
    
    OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021

commit f68312eb593943127b39ba79a4d7fa438c34c153
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Sep 2 12:13:56 2024 +0000

    upstream: Add experimental support for hybrid post-quantum key exchange
    
    ML-KEM768 with ECDH/X25519 from the Internet-draft:
    https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
    
    This is based on previous patches from markus@ but adapted to use the
    final FIPS203 standard ML-KEM using a formally-verified implementation
    from libcrux.
    
    Note this key exchange method is still a draft and thus subject to
    change. It is therefore disabled by default; set MLKEM=yes to build it.
    We're making it available now to make it easy for other SSH
    implementations to test against it.
    
    ok markus@ deraadt@
    
    OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c

Summary of changes:
 .depend                                     |     1 +
 Makefile.in                                 |     2 +-
 configure.ac                                |     9 +
 crypto_api.h                                |     7 +-
 kex-names.c                                 |     6 +-
 kex.h                                       |    11 +-
 kexc25519.c                                 |     4 +-
 kexgen.c                                    |    21 +-
 kexsntrup761x25519.c => kexmlkem768x25519.c |   168 +-
 libcrux_mlkem768_sha3.h                     | 12332 ++++++++++++++++++++++++++
 mlkem768.sh                                 |   148 +
 monitor.c                                   |     5 +-
 ssh-keyscan.c                               |     5 +-
 ssh_api.c                                   |     8 +-
 sshconnect2.c                               |     5 +-
 sshd-session.c                              |     5 +-
 16 files changed, 12644 insertions(+), 93 deletions(-)
 copy kexsntrup761x25519.c => kexmlkem768x25519.c (59%)
 create mode 100644 libcrux_mlkem768_sha3.h
 create mode 100644 mlkem768.sh

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list