nodejs
diff --git a/‎deps/ncrypto/ncrypto.cc‎
Lines changed: 48 additions & 2 deletions b/‎deps/ncrypto/ncrypto.cc‎
Lines changed: 48 additions & 2 deletions
diff --git a/‎deps/ncrypto/ncrypto.h‎
Lines changed: 4 additions & 0 deletions b/‎deps/ncrypto/ncrypto.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎doc/api/crypto.md‎
Lines changed: 32 additions & 2 deletions b/‎doc/api/crypto.md‎
Lines changed: 32 additions & 2 deletions
diff --git a/‎lib/internal/crypto/keygen.js‎
Lines changed: 19 additions & 15 deletions b/‎lib/internal/crypto/keygen.js‎
Lines changed: 19 additions & 15 deletions
diff --git a/‎node.gyp‎
Lines changed: 2 additions & 0 deletions b/‎node.gyp‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/crypto/crypto_keys.cc‎
Lines changed: 25 additions & 3 deletions b/‎src/crypto/crypto_keys.cc‎
Lines changed: 25 additions & 3 deletions
@@ -1942,7 +1942,16 @@ EVP_PKEY* EVPKeyPointer::release() {
 
 int EVPKeyPointer::id(const EVP_PKEY* key) {
   if (key == nullptr) return 0;
-  return EVP_PKEY_id(key);
+  int type = EVP_PKEY_id(key);
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+  // https://github.com/openssl/openssl/issues/27738#issuecomment-3013215870
+  if (type == -1) {
+    if (EVP_PKEY_is_a(key, "ML-DSA-44")) return EVP_PKEY_ML_DSA_44;
+    if (EVP_PKEY_is_a(key, "ML-DSA-65")) return EVP_PKEY_ML_DSA_65;
+    if (EVP_PKEY_is_a(key, "ML-DSA-87")) return EVP_PKEY_ML_DSA_87;
+  }
+#endif
+  return type;
 }
 
 int EVPKeyPointer::base_id(const EVP_PKEY* key) {
@@ -1998,6 +2007,32 @@ DataPointer EVPKeyPointer::rawPublicKey() const {
   return {};
 }
 
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+DataPointer EVPKeyPointer::rawSeed() const {
+  if (!pkey_) return {};
+  switch (id()) {
+    case EVP_PKEY_ML_DSA_44:
+    case EVP_PKEY_ML_DSA_65:
+    case EVP_PKEY_ML_DSA_87:
+      break;
+    default:
+      unreachable();
+  }
+
+  size_t seed_len = 32;
+  if (auto data = DataPointer::Alloc(seed_len)) {
+    const Buffer<unsigned char> buf = data;
+    size_t len = data.size();
+    // TODO(@panva): use OSSL_PKEY_PARAM_ML_DSA_SEED instead of "seed"
+    if (EVP_PKEY_get_octet_string_param(
+            get(), "seed", buf.data, len, &seed_len) != 1)
+      return {};
+    return data;
+  }
+  return {};
+}
+#endif
+
 DataPointer EVPKeyPointer::rawPrivateKey() const {
   if (!pkey_) return {};
   if (auto data = DataPointer::Alloc(rawPrivateKeySize())) {
@@ -2453,7 +2488,18 @@ bool EVPKeyPointer::isRsaVariant() const {
 bool EVPKeyPointer::isOneShotVariant() const {
   if (!pkey_) return false;
   int type = id();
-  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
+  switch (type) {
+    case EVP_PKEY_ED25519:
+    case EVP_PKEY_ED448:
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+    case EVP_PKEY_ML_DSA_44:
+    case EVP_PKEY_ML_DSA_65:
+    case EVP_PKEY_ML_DSA_87:
+#endif
+      return true;
+    default:
+      return false;
+  }
 }
 
 bool EVPKeyPointer::isSigVariant() const {
 
@@ -910,6 +910,10 @@ class EVPKeyPointer final {
   DataPointer rawPrivateKey() const;
   BIOPointer derPublicKey() const;
 
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+  DataPointer rawSeed() const;
+#endif
+
   Result<BIOPointer, bool> writePrivateKey(
       const PrivateKeyEncodingConfig& config) const;
   Result<BIOPointer, bool> writePublicKey(
 
@@ -1916,6 +1916,9 @@ This can be called many times with new data as it is streamed.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA keys.
   - version:
     - v14.5.0
     - v12.19.0
@@ -2021,6 +2024,9 @@ Other key details might be exposed via this API using additional attributes.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA keys.
   - version:
      - v13.9.0
      - v12.17.0
@@ -2055,6 +2061,9 @@ types are:
 * `'ed25519'` (OID 1.3.101.112)
 * `'ed448'` (OID 1.3.101.113)
 * `'dh'` (OID 1.2.840.113549.1.3.1)
+* `'ml-dsa-44'`[^openssl35] (OID 2.16.840.1.101.3.4.3.17)
+* `'ml-dsa-65'`[^openssl35] (OID 2.16.840.1.101.3.4.3.18)
+* `'ml-dsa-87'`[^openssl35] (OID 2.16.840.1.101.3.4.3.19)
 
 This property is `undefined` for unrecognized `KeyObject` types and symmetric
 keys.
@@ -3403,6 +3412,9 @@ input.on('readable', () => {
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA keys.
   - version: v15.12.0
     pr-url: https://github.com/nodejs/node/pull/37254
     description: The key can also be a JWK object.
@@ -3439,6 +3451,9 @@ of the passphrase is limited to 1024 bytes.
 <!-- YAML
 added: v11.6.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA keys.
   - version: v15.12.0
     pr-url: https://github.com/nodejs/node/pull/37254
     description: The key can also be a JWK object.
@@ -3648,6 +3663,9 @@ underlying hash function. See [`crypto.createHmac()`][] for more information.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA key pairs.
   - version: v18.0.0
     pr-url: https://github.com/nodejs/node/pull/41678
     description: Passing an invalid callback to the `callback` argument
@@ -3767,6 +3785,9 @@ a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
 <!-- YAML
 added: v10.12.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA key pairs.
   - version: v16.10.0
     pr-url: https://github.com/nodejs/node/pull/39927
     description: Add ability to define `RSASSA-PSS-params` sequence parameters
@@ -3792,7 +3813,8 @@ changes:
 -->
 
 * `type`: {string} Must be `'rsa'`, `'rsa-pss'`, `'dsa'`, `'ec'`, `'ed25519'`,
-  `'ed448'`, `'x25519'`, `'x448'`, or `'dh'`.
+  `'ed448'`, `'x25519'`, `'x448'`, `'dh'`, `'ml-dsa-44'`[^openssl35],
+  `'ml-dsa-65'`[^openssl35], or `'ml-dsa-87'`[^openssl35].
 * `options`: {Object}
   * `modulusLength`: {number} Key size in bits (RSA, DSA).
   * `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
@@ -3816,7 +3838,7 @@ changes:
   * `privateKey`: {string | Buffer | KeyObject}
 
 Generates a new asymmetric key pair of the given `type`. RSA, RSA-PSS, DSA, EC,
-Ed25519, Ed448, X25519, X448, and DH are currently supported.
+Ed25519, Ed448, X25519, X448, DH, and ML-DSA[^openssl35] are currently supported.
 
 If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
 behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
@@ -5416,6 +5438,9 @@ Throws an error if FIPS mode is not available.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA signing.
   - version: v18.0.0
     pr-url: https://github.com/nodejs/node/pull/41678
     description: Passing an invalid callback to the `callback` argument
@@ -5526,6 +5551,9 @@ not introduce timing vulnerabilities.
 <!-- YAML
 added: v12.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59259
+    description: Add support for ML-DSA signature verification.
   - version: v18.0.0
     pr-url: https://github.com/nodejs/node/pull/41678
     description: Passing an invalid callback to the `callback` argument
@@ -6150,6 +6178,8 @@ See the [list of SSL OP Flags][] for details.
   </tr>
 </table>
 
+[^openssl35]: Requires OpenSSL >= 3.5
+
 [AEAD algorithms]: https://en.wikipedia.org/wiki/Authenticated_encryption
 [CCM mode]: #ccm-mode
 [CVE-2021-44532]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
 
@@ -19,6 +19,9 @@ const {
   kKeyVariantRSA_SSA_PKCS1_v1_5,
   EVP_PKEY_ED25519,
   EVP_PKEY_ED448,
+  EVP_PKEY_ML_DSA_44,
+  EVP_PKEY_ML_DSA_65,
+  EVP_PKEY_ML_DSA_87,
   EVP_PKEY_X25519,
   EVP_PKEY_X448,
   OPENSSL_EC_NAMED_CURVE,
@@ -162,6 +165,16 @@ function parseKeyEncoding(keyType, options = kEmptyObject) {
   ];
 }
 
+const ids = {
+  'ed25519': EVP_PKEY_ED25519,
+  'ed448': EVP_PKEY_ED448,
+  'x25519': EVP_PKEY_X25519,
+  'x448': EVP_PKEY_X448,
+  'ml-dsa-44': EVP_PKEY_ML_DSA_44,
+  'ml-dsa-65': EVP_PKEY_ML_DSA_65,
+  'ml-dsa-87': EVP_PKEY_ML_DSA_87,
+};
+
 function createJob(mode, type, options) {
   validateString(type, 'type');
 
@@ -278,23 +291,14 @@ function createJob(mode, type, options) {
     case 'ed448':
     case 'x25519':
     case 'x448':
+    case 'ml-dsa-44':
+    case 'ml-dsa-65':
+    case 'ml-dsa-87':
     {
-      let id;
-      switch (type) {
-        case 'ed25519':
-          id = EVP_PKEY_ED25519;
-          break;
-        case 'ed448':
-          id = EVP_PKEY_ED448;
-          break;
-        case 'x25519':
-          id = EVP_PKEY_X25519;
-          break;
-        case 'x448':
-          id = EVP_PKEY_X448;
-          break;
+      if (ids[type] === undefined) {
+        throw new ERR_INVALID_ARG_VALUE('type', type, 'must be a supported key type');
       }
-      return new NidKeyPairGenJob(mode, id, ...encoding);
+      return new NidKeyPairGenJob(mode, ids[type], ...encoding);
     }
     case 'dh':
     {
 
@@ -336,6 +336,7 @@
       'src/crypto/crypto_cipher.cc',
       'src/crypto/crypto_context.cc',
       'src/crypto/crypto_ec.cc',
+      'src/crypto/crypto_ml_dsa.cc',
       'src/crypto/crypto_hmac.cc',
       'src/crypto/crypto_random.cc',
       'src/crypto/crypto_rsa.cc',
@@ -367,6 +368,7 @@
       'src/crypto/crypto_clienthello.h',
       'src/crypto/crypto_context.h',
       'src/crypto/crypto_ec.h',
+      'src/crypto/crypto_ml_dsa.h',
       'src/crypto/crypto_hkdf.h',
       'src/crypto/crypto_pbkdf2.h',
       'src/crypto/crypto_sig.h',
 
@@ -1,12 +1,13 @@
 #include "crypto/crypto_keys.h"
+#include "async_wrap-inl.h"
+#include "base_object-inl.h"
 #include "crypto/crypto_common.h"
+#include "crypto/crypto_dh.h"
 #include "crypto/crypto_dsa.h"
 #include "crypto/crypto_ec.h"
-#include "crypto/crypto_dh.h"
+#include "crypto/crypto_ml_dsa.h"
 #include "crypto/crypto_rsa.h"
 #include "crypto/crypto_util.h"
-#include "async_wrap-inl.h"
-#include "base_object-inl.h"
 #include "env-inl.h"
 #include "memory_tracker-inl.h"
 #include "node.h"
@@ -176,6 +177,14 @@ bool ExportJWKAsymmetricKey(Environment* env,
       // Fall through
     case EVP_PKEY_X448:
       return ExportJWKEdKey(env, key, target);
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+    case EVP_PKEY_ML_DSA_44:
+      // Fall through
+    case EVP_PKEY_ML_DSA_65:
+      // Fall through
+    case EVP_PKEY_ML_DSA_87:
+      return ExportJwkMlDsaKey(env, key, target);
+#endif
   }
   THROW_ERR_CRYPTO_JWK_UNSUPPORTED_KEY_TYPE(env);
   return false;
@@ -903,6 +912,14 @@ Local<Value> KeyObjectHandle::GetAsymmetricKeyType() const {
       return env()->crypto_x25519_string();
     case EVP_PKEY_X448:
       return env()->crypto_x448_string();
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+    case EVP_PKEY_ML_DSA_44:
+      return env()->crypto_ml_dsa_44_string();
+    case EVP_PKEY_ML_DSA_65:
+      return env()->crypto_ml_dsa_65_string();
+    case EVP_PKEY_ML_DSA_87:
+      return env()->crypto_ml_dsa_87_string();
+#endif
     default:
       return Undefined(env()->isolate());
   }
@@ -1178,6 +1195,11 @@ void Initialize(Environment* env, Local<Object> target) {
   NODE_DEFINE_CONSTANT(target, kWebCryptoKeyFormatJWK);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED448);
+#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_44);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_65);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_87);
+#endif
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X448);
   NODE_DEFINE_CONSTANT(target, kKeyEncodingPKCS1);