upstream: Add support for a PQC KEX/KEM:

sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7

1 files changed, 3 insertions, 1 deletions

diff --git a/ssh_api.c b/ssh_api.c
index 182c0d7e4..73981aa37 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.11 2019/01/21 10:20:12 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -111,6 +111,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 # endif
 #endif /* WITH_OPENSSL */
                 ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+                ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server;
                 ssh->kex->load_host_public_key=&_ssh_host_public_key;
                 ssh->kex->load_host_private_key=&_ssh_host_private_key;
                 ssh->kex->sign=&_ssh_host_key_sign;
@@ -128,6 +129,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 # endif
 #endif /* WITH_OPENSSL */
                 ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+                ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client;
                 ssh->kex->verify_host_key =&_ssh_verify_host_key;
         }
         *sshp = ssh;