ssh: remove Go 1.24 build tag for ML-KEM kex

drakkan · gopherbot · commit 8f580defa01d · 2025-08-26T00:42:33.000-07:00
Change-Id: Ia77ad1b6fef9919ab100fb10c42231725eb81c12 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698775 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/ssh/common.go b/ssh/common.go
@@ -83,6 +83,7 @@ var (
 	// supportedKexAlgos specifies key-exchange algorithms implemented by this
 	// package in preference order, excluding those with security issues.
 	supportedKexAlgos = []string{
+		KeyExchangeMLKEM768X25519,
 		KeyExchangeCurve25519,
 		KeyExchangeECDHP256,
 		KeyExchangeECDHP384,
@@ -94,6 +95,7 @@ var (
 	// defaultKexAlgos specifies the default preference for key-exchange
 	// algorithms in preference order.
 	defaultKexAlgos = []string{
+		KeyExchangeMLKEM768X25519,
 		KeyExchangeCurve25519,
 		KeyExchangeECDHP256,
 		KeyExchangeECDHP384,
diff --git a/ssh/kex.go b/ssh/kex.go
@@ -438,6 +438,7 @@ func init() {
 	kexAlgoMap[keyExchangeCurve25519LibSSH] = &curve25519sha256{}
 	kexAlgoMap[InsecureKeyExchangeDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
 	kexAlgoMap[KeyExchangeDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
+	kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{}
 }
 
 // curve25519sha256 implements the curve25519-sha256 (formerly known as
diff --git a/ssh/mlkem.go b/ssh/mlkem.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build go1.24
-
 package ssh
 
 import (
@@ -13,23 +11,10 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"runtime"
-	"slices"
 
 	"golang.org/x/crypto/curve25519"
 )
 
-func init() {
-	// After Go 1.24rc1 mlkem swapped the order of return values of Encapsulate.
-	// See #70950.
-	if runtime.Version() == "go1.24rc1" {
-		return
-	}
-	supportedKexAlgos = slices.Insert(supportedKexAlgos, 0, KeyExchangeMLKEM768X25519)
-	defaultKexAlgos = slices.Insert(defaultKexAlgos, 0, KeyExchangeMLKEM768X25519)
-	kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{}
-}
-
 // mlkem768WithCurve25519sha256 implements the hybrid ML-KEM768 with
 // curve25519-sha256 key exchange method, as described by
 // draft-kampanakis-curdle-ssh-pq-ke-05 section 2.3.3.

Original file line number	Diff line number	Diff line change
`@@ -438,6 +438,7 @@ func init() {`
`438`	`438`	`kexAlgoMap[keyExchangeCurve25519LibSSH] = &curve25519sha256{}`
`439`	`439`	`kexAlgoMap[InsecureKeyExchangeDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}`
`440`	`440`	`kexAlgoMap[KeyExchangeDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}`
	`441`	`+ kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{}`
`441`	`442`	`}`
`442`	`443`
`443`	`444`	`// curve25519sha256 implements the curve25519-sha256 (formerly known as`