Add module-lattice-based digital signature (ML-DSA) support

README.md

@@ -90,6 +90,7 @@ The following quantum-safe digital signature algorithms from liboqs are supporte
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
 - **CRYSTALS-DILITHIUM**: `dilithium3`, `dilithium5`
 - **Falcon**: `falcon512`, `falcon1024`
+- **ML-DSA**: `mldsa44`, `mldsa65`, `mldsa87`
 - **SPHINCS-SHA2**: `sphincssha2128fsimple`, `sphincssha2128ssimple`, `sphincssha2192fsimple`, `sphincssha2192ssimple`, `sphincssha2256fsimple`, `sphincssha2256ssimple`
 - **SPHINCS-SHAKE**: `sphincsshake128fsimple`, `sphincsshake128ssimple`, `sphincsshake192fsimple`, `sphincsshake192ssimple`, `sphincsshake256fsimple`, `sphincsshake256ssimple`
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->

crypto/evp/evp.c

@@ -230,6 +230,12 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
       return &dilithium3_asn1_meth;
     case EVP_PKEY_DILITHIUM5:
       return &dilithium5_asn1_meth;
+    case EVP_PKEY_MLDSA44:
+      return &mldsa44_asn1_meth;
+    case EVP_PKEY_MLDSA65:
+      return &mldsa65_asn1_meth;
+    case EVP_PKEY_MLDSA87:
+      return &mldsa87_asn1_meth;
     case EVP_PKEY_FALCON512:
       return &falcon512_asn1_meth;
     case EVP_PKEY_FALCON1024:

crypto/evp/evp_asn1.c

@@ -78,6 +78,9 @@ static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {
     &dilithium2_asn1_meth,
     &dilithium3_asn1_meth,
     &dilithium5_asn1_meth,
+    &mldsa44_asn1_meth,
+    &mldsa65_asn1_meth,
+    &mldsa87_asn1_meth,
     &falcon512_asn1_meth,
     &falcon1024_asn1_meth,
     &sphincssha2128fsimple_asn1_meth,

crypto/evp/evp_ctx.c

@@ -75,6 +75,9 @@ static const EVP_PKEY_METHOD *const evp_methods[] = {
     &dilithium2_pkey_meth,
     &dilithium3_pkey_meth,
     &dilithium5_pkey_meth,
+    &mldsa44_pkey_meth,
+    &mldsa65_pkey_meth,
+    &mldsa87_pkey_meth,
     &falcon512_pkey_meth,
     &falcon1024_pkey_meth,
     &sphincssha2128fsimple_pkey_meth,

crypto/evp/internal.h

@@ -304,6 +304,9 @@ extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium2_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium3_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium5_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa44_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa65_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa87_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falcon512_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falcon1024_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD sphincssha2128fsimple_asn1_meth;
@@ -329,6 +332,9 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium2_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium3_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium5_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa44_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa65_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa87_pkey_meth;
 extern const EVP_PKEY_METHOD falcon512_pkey_meth;
 extern const EVP_PKEY_METHOD falcon1024_pkey_meth;
 extern const EVP_PKEY_METHOD sphincssha2128fsimple_pkey_meth;

crypto/evp/p_oqs.c

@@ -150,6 +150,9 @@ DEFINE_OQS_PKEY_METHOD(ALG, ALG_PKEY)
 DEFINE_OQS_PKEY_METHODS(dilithium2, OQS_SIG_alg_dilithium_2, EVP_PKEY_DILITHIUM2)
 DEFINE_OQS_PKEY_METHODS(dilithium3, OQS_SIG_alg_dilithium_3, EVP_PKEY_DILITHIUM3)
 DEFINE_OQS_PKEY_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
+DEFINE_OQS_PKEY_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44)
+DEFINE_OQS_PKEY_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
+DEFINE_OQS_PKEY_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
 DEFINE_OQS_PKEY_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_METHODS(falcon1024, OQS_SIG_alg_falcon_1024, EVP_PKEY_FALCON1024)
 DEFINE_OQS_PKEY_METHODS(sphincssha2128fsimple, OQS_SIG_alg_sphincs_sha2_128f_simple, EVP_PKEY_SPHINCSSHA2128FSIMPLE)

crypto/evp/p_oqs_asn1.c

@@ -229,6 +229,15 @@ DEFINE_OQS_PKEY_ASN1_METHOD(dilithium3, EVP_PKEY_DILITHIUM3, OID(0x2B, 0x06, 0x0
 DEFINE_OQS_ASN1_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
 DEFINE_OQS_PKEY_ASN1_METHOD(dilithium5, EVP_PKEY_DILITHIUM5, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, 0x08, 0x07))
 
+DEFINE_OQS_ASN1_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa44, EVP_PKEY_MLDSA44, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x04, 0x04))
+
+DEFINE_OQS_ASN1_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa65, EVP_PKEY_MLDSA65, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x06, 0x05))
+
+DEFINE_OQS_ASN1_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa87, EVP_PKEY_MLDSA87, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x08, 0x07))
+
 DEFINE_OQS_ASN1_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_ASN1_METHOD(falcon512, EVP_PKEY_FALCON512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x06))
 

crypto/obj/obj_dat.h

@@ -57,7 +57,7 @@
 /* This file is generated by crypto/obj/objects.go. */
 
 
-#define NUM_NID 1240
+#define NUM_NID 1243
 
 static const uint8_t kObjectData[] = {
     /* NID_rsadsi */
@@ -7269,6 +7269,42 @@ static const uint8_t kObjectData[] = {
     0x06,
     0x09,
     0x0c,
+    /* NID_mldsa44 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x04,
+    0x04,
+    /* NID_mldsa65 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x06,
+    0x05,
+    /* NID_mldsa87 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x08,
+    0x07,
 };
 
 static const ASN1_OBJECT kObjects[NUM_NID] = {
@@ -9208,6 +9244,9 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
     {"x25519_mlkem768", "x25519_mlkem768", NID_x25519_mlkem768, 0, NULL, 0},
     {"mlkem1024", "mlkem1024", NID_mlkem1024, 0, NULL, 0},
     {"p521_mlkem1024", "p521_mlkem1024", NID_p521_mlkem1024, 0, NULL, 0},
+    {"mldsa44", "mldsa44", NID_mldsa44, 11, &kObjectData[6311], 0},
+    {"mldsa65", "mldsa65", NID_mldsa65, 11, &kObjectData[6322], 0},
+    {"mldsa87", "mldsa87", NID_mldsa87, 11, &kObjectData[6333], 0},
 };
 
 static const uint16_t kNIDsInShortNameOrder[] = {
@@ -9863,6 +9902,9 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     504 /* mime-mhs */,
     506 /* mime-mhs-bodies */,
     505 /* mime-mhs-headings */,
+    1240 /* mldsa44 */,
+    1241 /* mldsa65 */,
+    1242 /* mldsa87 */,
     1238 /* mlkem1024 */,
     1232 /* mlkem512 */,
     1235 /* mlkem768 */,
@@ -10873,6 +10915,9 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     911 /* mgf1 */,
     506 /* mime-mhs-bodies */,
     505 /* mime-mhs-headings */,
+    1240 /* mldsa44 */,
+    1241 /* mldsa65 */,
+    1242 /* mldsa87 */,
     1238 /* mlkem1024 */,
     1232 /* mlkem512 */,
     1235 /* mlkem768 */,
@@ -12141,5 +12186,8 @@ static const uint16_t kNIDsInOIDOrder[] = {
     967 /* 1.3.6.1.4.1.2.267.7.4.4 (OBJ_dilithium2) */,
     1143 /* 1.3.6.1.4.1.2.267.7.6.5 (OBJ_dilithium3) */,
     1207 /* 1.3.6.1.4.1.2.267.7.8.7 (OBJ_dilithium5) */,
+    1240 /* 1.3.6.1.4.1.2.267.12.4.4 (OBJ_mldsa44) */,
+    1241 /* 1.3.6.1.4.1.2.267.12.6.5 (OBJ_mldsa65) */,
+    1242 /* 1.3.6.1.4.1.2.267.12.8.7 (OBJ_mldsa87) */,
     34 /* 1.3.6.1.4.1.188.7.1.1.2 (OBJ_idea_cbc) */,
 };

crypto/obj/obj_mac.num

@@ -1010,3 +1010,6 @@ p384_mlkem768		1236
 x25519_mlkem768		1237
 mlkem1024		1238
 p521_mlkem1024		1239
+mldsa44		1240
+mldsa65		1241
+mldsa87		1242

crypto/obj/obj_xref.c

@@ -93,6 +93,9 @@ static const nid_triple kTriples[] = {
     {NID_dilithium2, NID_sha256, NID_dilithium2},
     {NID_dilithium3, NID_sha384, NID_dilithium3},
     {NID_dilithium5, NID_sha512, NID_dilithium5},
+    {NID_mldsa44, NID_sha256, NID_mldsa44},
+    {NID_mldsa65, NID_sha384, NID_mldsa65},
+    {NID_mldsa87, NID_sha512, NID_mldsa87},
     {NID_falcon512, NID_sha256, NID_falcon512},
     {NID_falcon1024, NID_sha512, NID_falcon1024},
     {NID_sphincssha2128fsimple, NID_sha256, NID_sphincssha2128fsimple},

crypto/obj/objects.txt

@@ -1407,6 +1407,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 1 3 6 1 4 1 2 267 7 4 4 : dilithium2 : dilithium2
 1 3 6 1 4 1 2 267 7 6 5 : dilithium3 : dilithium3
 1 3 6 1 4 1 2 267 7 8 7 : dilithium5 : dilithium5
+1 3 6 1 4 1 2 267 12 4 4 : mldsa44 : mldsa44
+1 3 6 1 4 1 2 267 12 6 5 : mldsa65 : mldsa65
+1 3 6 1 4 1 2 267 12 8 7 : mldsa87 : mldsa87
 1 3 9999 3 6 : falcon512 : falcon512
 1 3 9999 3 9 : falcon1024 : falcon1024
 1 3 9999 6 4 13 : sphincssha2128fsimple : sphincssha2128fsimple

crypto/x509/algorithm.c

@@ -98,6 +98,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
       pkey_id == EVP_PKEY_DILITHIUM2 ||
       pkey_id == EVP_PKEY_DILITHIUM3 ||
       pkey_id == EVP_PKEY_DILITHIUM5 ||
+      pkey_id == EVP_PKEY_MLDSA44 ||
+      pkey_id == EVP_PKEY_MLDSA65 ||
+      pkey_id == EVP_PKEY_MLDSA87 ||
       pkey_id == EVP_PKEY_FALCON512 ||
       pkey_id == EVP_PKEY_FALCON1024 ||
       pkey_id == EVP_PKEY_SPHINCSSHA2128FSIMPLE ||

include/openssl/evp.h

@@ -186,6 +186,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
 #define EVP_PKEY_DILITHIUM2 NID_dilithium2
 #define EVP_PKEY_DILITHIUM3 NID_dilithium3
 #define EVP_PKEY_DILITHIUM5 NID_dilithium5
+#define EVP_PKEY_MLDSA44 NID_mldsa44
+#define EVP_PKEY_MLDSA65 NID_mldsa65
+#define EVP_PKEY_MLDSA87 NID_mldsa87
 #define EVP_PKEY_FALCON512 NID_falcon512
 #define EVP_PKEY_FALCON1024 NID_falcon1024
 #define EVP_PKEY_SPHINCSSHA2128FSIMPLE NID_sphincssha2128fsimple
@@ -205,6 +208,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
    (pkey_id == NID_dilithium2) || \
    (pkey_id == NID_dilithium3) || \
    (pkey_id == NID_dilithium5) || \
+   (pkey_id == NID_mldsa44) || \
+   (pkey_id == NID_mldsa65) || \
+   (pkey_id == NID_mldsa87) || \
    (pkey_id == NID_falcon512) || \
    (pkey_id == NID_falcon1024) || \
    (pkey_id == NID_sphincssha2128fsimple) || \

include/openssl/nid.h

@@ -4463,6 +4463,21 @@ extern "C" {
 #define SN_p521_mlkem1024 "p521_mlkem1024"
 #define NID_p521_mlkem1024 1239
 
+#define SN_mldsa44 "mldsa44"
+#define LN_mldsa44 "mldsa44"
+#define NID_mldsa44 1240
+#define OBJ_mldsa44 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 4L, 4L
+
+#define SN_mldsa65 "mldsa65"
+#define LN_mldsa65 "mldsa65"
+#define NID_mldsa65 1241
+#define OBJ_mldsa65 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 6L, 5L
+
+#define SN_mldsa87 "mldsa87"
+#define LN_mldsa87 "mldsa87"
+#define NID_mldsa87 1242
+#define OBJ_mldsa87 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 8L, 7L
+
 
 #if defined(__cplusplus)
 } /* extern C */

include/openssl/ssl.h

@@ -1074,6 +1074,9 @@ OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl,
 #define SSL_SIGN_DILITHIUM2 0xfea0
 #define SSL_SIGN_DILITHIUM3 0xfea3
 #define SSL_SIGN_DILITHIUM5 0xfea5
+#define SSL_SIGN_MLDSA44 0xfed0
+#define SSL_SIGN_MLDSA65 0xfed1
+#define SSL_SIGN_MLDSA87 0xfed2
 #define SSL_SIGN_FALCON512 0xfeae
 #define SSL_SIGN_FALCON1024 0xfeb1
 #define SSL_SIGN_SPHINCSSHA2128FSIMPLE 0xfeb3

oqs_scripts/test_with_interop_server.py

@@ -59,6 +59,9 @@
         'dilithium2',
         'dilithium3',
         'dilithium5',
+        'mldsa44',
+        'mldsa65',
+        'mldsa87',
         'falcon512',
         'falcon1024',
         'sphincssha2128fsimple',

oqs_scripts/try_handshake.py

@@ -62,6 +62,9 @@
         'dilithium2',
         'dilithium3',
         'dilithium5',
+        'mldsa44',
+        'mldsa65',
+        'mldsa87',
         'falcon512',
         'falcon1024',
         'sphincssha2128fsimple',

oqs_template/generate.yml

@@ -138,6 +138,30 @@ sigs:
     oqs_meth: 'OQS_SIG_alg_dilithium_5'
     code_point: '0xfea5'
     claimed_security_level: '5'
+  -
+    family: 'ML-DSA'
+    name: 'mldsa44'
+    oid: '1 3 6 1 4 1 2 267 12 4 4'
+    oid_encoded: '0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x04, 0x04'
+    oqs_meth: 'OQS_SIG_alg_ml_dsa_44'
+    code_point: '0xfed0'
+    claimed_security_level: '2'
+  -
+    family: 'ML-DSA'
+    name: 'mldsa65'
+    oid: '1 3 6 1 4 1 2 267 12 6 5'
+    oid_encoded: '0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x06, 0x05'
+    oqs_meth: 'OQS_SIG_alg_ml_dsa_65'
+    code_point: '0xfed1'
+    claimed_security_level: '3'
+  -
+    family: 'ML-DSA'
+    name: 'mldsa87'
+    oid: '1 3 6 1 4 1 2 267 12 8 7'
+    oid_encoded: '0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x08, 0x07'
+    oqs_meth: 'OQS_SIG_alg_ml_dsa_87'
+    code_point: '0xfed2'
+    claimed_security_level: '5'
   -
     family: 'Falcon'
     name: 'falcon512'

ssl/extensions.cc

@@ -541,6 +541,9 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
     SSL_SIGN_DILITHIUM2,
     SSL_SIGN_DILITHIUM3,
     SSL_SIGN_DILITHIUM5,
+    SSL_SIGN_MLDSA44,
+    SSL_SIGN_MLDSA65,
+    SSL_SIGN_MLDSA87,
     SSL_SIGN_FALCON512,
     SSL_SIGN_FALCON1024,
     SSL_SIGN_SPHINCSSHA2128FSIMPLE,
@@ -581,6 +584,9 @@ static const uint16_t kSignSignatureAlgorithms[] = {
     SSL_SIGN_DILITHIUM2,
     SSL_SIGN_DILITHIUM3,
     SSL_SIGN_DILITHIUM5,
+    SSL_SIGN_MLDSA44,
+    SSL_SIGN_MLDSA65,
+    SSL_SIGN_MLDSA87,
     SSL_SIGN_FALCON512,
     SSL_SIGN_FALCON1024,
     SSL_SIGN_SPHINCSSHA2128FSIMPLE,
@@ -4352,6 +4358,9 @@ Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) {
                               SSL_SIGN_DILITHIUM2,
                               SSL_SIGN_DILITHIUM3,
                               SSL_SIGN_DILITHIUM5,
+                              SSL_SIGN_MLDSA44,
+                              SSL_SIGN_MLDSA65,
+                              SSL_SIGN_MLDSA87,
                               SSL_SIGN_FALCON512,
                               SSL_SIGN_FALCON1024,
                               SSL_SIGN_SPHINCSSHA2128FSIMPLE,

ssl/ssl_privkey.cc

@@ -79,6 +79,9 @@ bool ssl_is_key_type_supported(int key_type) {
          key_type == EVP_PKEY_DILITHIUM2 ||
          key_type == EVP_PKEY_DILITHIUM3 ||
          key_type == EVP_PKEY_DILITHIUM5 ||
+         key_type == EVP_PKEY_MLDSA44 ||
+         key_type == EVP_PKEY_MLDSA65 ||
+         key_type == EVP_PKEY_MLDSA87 ||
          key_type == EVP_PKEY_FALCON512 ||
          key_type == EVP_PKEY_FALCON1024 ||
          key_type == EVP_PKEY_SPHINCSSHA2128FSIMPLE ||
@@ -156,6 +159,9 @@ static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = {
     {SSL_SIGN_DILITHIUM2, EVP_PKEY_DILITHIUM2, NID_undef, &EVP_sha256, false},
     {SSL_SIGN_DILITHIUM3, EVP_PKEY_DILITHIUM3, NID_undef, &EVP_sha384, false},
     {SSL_SIGN_DILITHIUM5, EVP_PKEY_DILITHIUM5, NID_undef, &EVP_sha512, false},
+    {SSL_SIGN_MLDSA44, EVP_PKEY_MLDSA44, NID_undef, &EVP_sha256, false},
+    {SSL_SIGN_MLDSA65, EVP_PKEY_MLDSA65, NID_undef, &EVP_sha384, false},
+    {SSL_SIGN_MLDSA87, EVP_PKEY_MLDSA87, NID_undef, &EVP_sha512, false},
     {SSL_SIGN_FALCON512, EVP_PKEY_FALCON512, NID_undef, &EVP_sha256, false},
     {SSL_SIGN_FALCON1024, EVP_PKEY_FALCON1024, NID_undef, &EVP_sha512, false},
     {SSL_SIGN_SPHINCSSHA2128FSIMPLE, EVP_PKEY_SPHINCSSHA2128FSIMPLE, NID_undef, &EVP_sha256, false},
@@ -560,6 +566,9 @@ static const SignatureAlgorithmName kSignatureAlgorithmNames[] = {
     {SSL_SIGN_DILITHIUM2, "dilithium2"},
     {SSL_SIGN_DILITHIUM3, "dilithium3"},
     {SSL_SIGN_DILITHIUM5, "dilithium5"},
+    {SSL_SIGN_MLDSA44, "mldsa44"},
+    {SSL_SIGN_MLDSA65, "mldsa65"},
+    {SSL_SIGN_MLDSA87, "mldsa87"},
     {SSL_SIGN_FALCON512, "falcon512"},
     {SSL_SIGN_FALCON1024, "falcon1024"},
     {SSL_SIGN_SPHINCSSHA2128FSIMPLE, "sphincssha2128fsimple"},
@@ -736,6 +745,9 @@ static constexpr struct {
     {EVP_PKEY_DILITHIUM2, NID_sha256, SSL_SIGN_DILITHIUM2},
     {EVP_PKEY_DILITHIUM3, NID_sha384, SSL_SIGN_DILITHIUM3},
     {EVP_PKEY_DILITHIUM5, NID_sha512, SSL_SIGN_DILITHIUM5},
+    {EVP_PKEY_MLDSA44, NID_sha256, SSL_SIGN_MLDSA44},
+    {EVP_PKEY_MLDSA65, NID_sha384, SSL_SIGN_MLDSA65},
+    {EVP_PKEY_MLDSA87, NID_sha512, SSL_SIGN_MLDSA87},
     {EVP_PKEY_FALCON512, NID_sha256, SSL_SIGN_FALCON512},
     {EVP_PKEY_FALCON1024, NID_sha512, SSL_SIGN_FALCON1024},
     {EVP_PKEY_SPHINCSSHA2128FSIMPLE, NID_sha256, SSL_SIGN_SPHINCSSHA2128FSIMPLE},