From 8f580defa01dec23898d3cd27f6369cdcc62f71f Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sun, 24 Aug 2025 10:53:36 +0200
Subject: ssh: remove Go 1.24 build tag for ML-KEM kex

Change-Id: Ia77ad1b6fef9919ab100fb10c42231725eb81c12
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698775
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 ssh/common.go |  2 ++
 ssh/kex.go    |  1 +
 ssh/mlkem.go  | 15 ---------------
 3 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/ssh/common.go b/ssh/common.go
index f2ec089..8bfad16 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -83,6 +83,7 @@ var (
 	// supportedKexAlgos specifies key-exchange algorithms implemented by this
 	// package in preference order, excluding those with security issues.
 	supportedKexAlgos = []string{
+		KeyExchangeMLKEM768X25519,
 		KeyExchangeCurve25519,
 		KeyExchangeECDHP256,
 		KeyExchangeECDHP384,
@@ -94,6 +95,7 @@ var (
 	// defaultKexAlgos specifies the default preference for key-exchange
 	// algorithms in preference order.
 	defaultKexAlgos = []string{
+		KeyExchangeMLKEM768X25519,
 		KeyExchangeCurve25519,
 		KeyExchangeECDHP256,
 		KeyExchangeECDHP384,
diff --git a/ssh/kex.go b/ssh/kex.go
index 3686247..78aaf03 100644
--- a/ssh/kex.go
+++ b/ssh/kex.go
@@ -438,6 +438,7 @@ func init() {
 	kexAlgoMap[keyExchangeCurve25519LibSSH] = &curve25519sha256{}
 	kexAlgoMap[InsecureKeyExchangeDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
 	kexAlgoMap[KeyExchangeDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
+	kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{}
 }
 
 // curve25519sha256 implements the curve25519-sha256 (formerly known as
diff --git a/ssh/mlkem.go b/ssh/mlkem.go
index 657e107..ddc0ed1 100644
--- a/ssh/mlkem.go
+++ b/ssh/mlkem.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build go1.24
-
 package ssh
 
 import (
@@ -13,23 +11,10 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"runtime"
-	"slices"
 
 	"golang.org/x/crypto/curve25519"
 )
 
-func init() {
-	// After Go 1.24rc1 mlkem swapped the order of return values of Encapsulate.
-	// See #70950.
-	if runtime.Version() == "go1.24rc1" {
-		return
-	}
-	supportedKexAlgos = slices.Insert(supportedKexAlgos, 0, KeyExchangeMLKEM768X25519)
-	defaultKexAlgos = slices.Insert(defaultKexAlgos, 0, KeyExchangeMLKEM768X25519)
-	kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{}
-}
-
 // mlkem768WithCurve25519sha256 implements the hybrid ML-KEM768 with
 // curve25519-sha256 key exchange method, as described by
 // draft-kampanakis-curdle-ssh-pq-ke-05 section 2.3.3.
-- 
cgit v1.3