react-native-quick-crypto 1.0.0 → 1.0.1

package/QuickCrypto.podspec

@@ -92,10 +92,12 @@ Pod::Spec.new do |s|
     "ios/**/*.{h,m,mm}",
     # implementation (C++)
     "cpp/**/*.{hpp,cpp}",
-    # dependencies (C++)
-    "deps/**/*.{h,cc}",
+    # dependencies (C++) - ncrypto
+    "deps/ncrypto/include/*.{h}",
+    "deps/ncrypto/src/*.{cpp}",
     # dependencies (C) - exclude BLAKE3 x86 SIMD files (only use portable + NEON for ARM)
-    "deps/**/*.{h,c}",
+    "deps/blake3/c/*.{h,c}",
+    "deps/fastpbkdf2/*.{h,c}",
   ]
 
   # Exclude BLAKE3 x86-specific SIMD implementations (SSE2, SSE4.1, AVX2, AVX-512)
@@ -148,7 +150,7 @@ Pod::Spec.new do |s|
   # Add cpp subdirectories to header search paths
   cpp_headers = [
     "\"$(PODS_TARGET_SRCROOT)/cpp/utils\"",
-    "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto\"",
+    "\"$(PODS_TARGET_SRCROOT)/deps/ncrypto/include\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/blake3/c\"",
     "\"$(PODS_TARGET_SRCROOT)/deps/fastpbkdf2\""
   ]
@@ -175,6 +177,13 @@ Pod::Spec.new do |s|
 
   s.dependency "React-jsi"
   s.dependency "React-callinvoker"
-  s.dependency "OpenSSL-Universal", "3.3.3001"
+
+  # OpenSSL 3.6+ via SPM for ML-DSA (post-quantum cryptography) support
+  spm_dependency(s,
+    url: 'https://github.com/krzyzanowskim/OpenSSL.git',
+    requirement: {kind: 'upToNextMajorVersion', minimumVersion: '3.6.0'},
+    products: ['OpenSSL']
+  )
+
   install_modules_dependencies(s)
 end

package/android/CMakeLists.txt

@@ -40,6 +40,7 @@ add_library(
   ../cpp/hmac/HybridHmac.cpp
   ../cpp/keys/HybridKeyObjectHandle.cpp
   ../cpp/keys/KeyObjectData.cpp
+  ../cpp/mldsa/HybridMlDsaKeyPair.cpp
   ../cpp/pbkdf2/HybridPbkdf2.cpp
   ../cpp/random/HybridRandom.cpp
   ../cpp/rsa/HybridRsaKeyPair.cpp
@@ -47,7 +48,7 @@ add_library(
   ../cpp/sign/HybridVerifyHandle.cpp
   ${BLAKE3_SOURCES}
   ../deps/fastpbkdf2/fastpbkdf2.c
-  ../deps/ncrypto/ncrypto.cc
+  ../deps/ncrypto/src/ncrypto.cpp
 )
 
 # add Nitrogen specs
@@ -63,6 +64,7 @@ include_directories(
   "../cpp/hash"
   "../cpp/hmac"
   "../cpp/keys"
+  "../cpp/mldsa"
   "../cpp/pbkdf2"
   "../cpp/random"
   "../cpp/rsa"
@@ -70,7 +72,7 @@ include_directories(
   "../cpp/utils"
   "../deps/blake3/c"
   "../deps/fastpbkdf2"
-  "../deps/ncrypto"
+  "../deps/ncrypto/include"
 )
 
 # Third party libraries (Prefabs)

package/android/build.gradle

@@ -143,7 +143,7 @@ dependencies {
   implementation project(":react-native-nitro-modules")
 
   // Add a dependency on OpenSSL
-  implementation 'io.github.ronickg:openssl:3.3.2-1'
+  implementation 'io.github.ronickg:openssl:3.6.0-1'
 
   if (sodiumEnabled) {
     // Add a dependency on libsodium

package/cpp/cipher/HybridCipher.cpp

@@ -297,8 +297,9 @@ void collect_ciphers(EVP_CIPHER* cipher, void* arg) {
     if (name_str == "NULL" || name_str.find("CTS") != std::string::npos ||
         name_str.find("SIV") != std::string::npos ||  // Covers -SIV and -GCM-SIV
         name_str.find("WRAP") != std::string::npos || // Covers -WRAP-INV and -WRAP-PAD-INV
-        name_str.find("SM4-") != std::string::npos) {
-      return; // Skip adding this cipher
+        name_str.find("SM4-") != std::string::npos ||
+        name_str.find("-ETM") != std::string::npos) { // TLS-internal ciphers, not for general use
+      return;                                         // Skip adding this cipher
     }
 
     // If not filtered out, add it to the list

package/cpp/cipher/HybridRsaCipher.cpp

@@ -320,13 +320,32 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::privateDecrypt(const std::shared_p
     throw std::runtime_error("Failed to determine output length: " + std::string(err_buf));
   }
 
+  if (outlen == 0) {
+    EVP_PKEY_CTX_free(ctx);
+    uint8_t* empty_buf = new uint8_t[1];
+    return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+  }
+
   auto out_buf = std::make_unique<uint8_t[]>(outlen);
 
   if (EVP_PKEY_verify_recover(ctx, out_buf.get(), &outlen, in, inlen) <= 0) {
-    EVP_PKEY_CTX_free(ctx);
+    // OpenSSL 3.x may return failure when recovering empty plaintext
+    // In this case outlen is not updated from the initial buffer size
+    // Check the error and attempt to handle the empty data case
     unsigned long err = ERR_get_error();
     char err_buf[256];
     ERR_error_string_n(err, err_buf, sizeof(err_buf));
+
+    // Check if this is an RSA library error that might indicate empty recovered data
+    // Error code 0x1C880004 is "RSA lib" error from OpenSSL 3.x provider
+    if ((err & 0xFFFFFFF) == 0x1C880004 || (err & 0xFF) == 0x04) {
+      ERR_clear_error();
+      EVP_PKEY_CTX_free(ctx);
+      uint8_t* empty_buf = new uint8_t[1];
+      return std::make_shared<NativeArrayBuffer>(empty_buf, 0, [empty_buf]() { delete[] empty_buf; });
+    }
+
+    EVP_PKEY_CTX_free(ctx);
     throw std::runtime_error("Private decryption failed: " + std::string(err_buf));
   }
 

package/cpp/keys/HybridKeyObjectHandle.cpp

@@ -322,6 +322,14 @@ AsymmetricKeyType HybridKeyObjectHandle::getAsymmetricKeyType() {
       return AsymmetricKeyType::ED25519;
     case EVP_PKEY_ED448:
       return AsymmetricKeyType::ED448;
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+    case EVP_PKEY_ML_DSA_44:
+      return AsymmetricKeyType::ML_DSA_44;
+    case EVP_PKEY_ML_DSA_65:
+      return AsymmetricKeyType::ML_DSA_65;
+    case EVP_PKEY_ML_DSA_87:
+      return AsymmetricKeyType::ML_DSA_87;
+#endif
     default:
       throw std::runtime_error("Unsupported asymmetric key type");
   }

package/cpp/keys/KeyObjectData.hpp

@@ -2,11 +2,11 @@
 
 #include <NitroModules/ArrayBuffer.hpp>
 
-#include "../../deps/ncrypto/ncrypto.h"
 #include "KFormatType.hpp"
 #include "KeyEncoding.hpp"
 #include "KeyType.hpp"
 #include "Utils.hpp"
+#include <ncrypto.h>
 
 namespace margelo::nitro::crypto {
 

package/cpp/mldsa/HybridMlDsaKeyPair.cpp

@@ -0,0 +1,264 @@
+#include "HybridMlDsaKeyPair.hpp"
+
+#include <NitroModules/ArrayBuffer.hpp>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include "Utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+#define RNQC_HAS_ML_DSA 1
+#else
+#define RNQC_HAS_ML_DSA 0
+#endif
+
+namespace margelo::nitro::crypto {
+
+HybridMlDsaKeyPair::~HybridMlDsaKeyPair() {
+  if (pkey_ != nullptr) {
+    EVP_PKEY_free(pkey_);
+    pkey_ = nullptr;
+  }
+}
+
+int HybridMlDsaKeyPair::getEvpPkeyType() const {
+#if RNQC_HAS_ML_DSA
+  if (variant_ == "ML-DSA-44")
+    return EVP_PKEY_ML_DSA_44;
+  if (variant_ == "ML-DSA-65")
+    return EVP_PKEY_ML_DSA_65;
+  if (variant_ == "ML-DSA-87")
+    return EVP_PKEY_ML_DSA_87;
+#endif
+  return 0;
+}
+
+void HybridMlDsaKeyPair::setVariant(const std::string& variant) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#endif
+  if (variant != "ML-DSA-44" && variant != "ML-DSA-65" && variant != "ML-DSA-87") {
+    throw std::runtime_error("Invalid ML-DSA variant: " + variant + ". Must be ML-DSA-44, ML-DSA-65, or ML-DSA-87");
+  }
+  variant_ = variant;
+}
+
+std::shared_ptr<Promise<void>> HybridMlDsaKeyPair::generateKeyPair(double publicFormat, double publicType, double privateFormat,
+                                                                   double privateType) {
+  return Promise<void>::async([this, publicFormat, publicType, privateFormat, privateType]() {
+    this->generateKeyPairSync(publicFormat, publicType, privateFormat, privateType);
+  });
+}
+
+void HybridMlDsaKeyPair::generateKeyPairSync(double publicFormat, double publicType, double privateFormat, double privateType) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+
+  if (variant_.empty()) {
+    throw std::runtime_error("ML-DSA variant not set. Call setVariant() first.");
+  }
+
+  publicFormat_ = static_cast<int>(publicFormat);
+  publicType_ = static_cast<int>(publicType);
+  privateFormat_ = static_cast<int>(privateFormat);
+  privateType_ = static_cast<int>(privateType);
+
+  if (pkey_ != nullptr) {
+    EVP_PKEY_free(pkey_);
+    pkey_ = nullptr;
+  }
+
+  EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pctx == nullptr) {
+    throw std::runtime_error("Failed to create key context for " + variant_ + ": " + getOpenSSLError());
+  }
+
+  if (EVP_PKEY_keygen_init(pctx) <= 0) {
+    EVP_PKEY_CTX_free(pctx);
+    throw std::runtime_error("Failed to initialize keygen: " + getOpenSSLError());
+  }
+
+  if (EVP_PKEY_keygen(pctx, &pkey_) <= 0) {
+    EVP_PKEY_CTX_free(pctx);
+    throw std::runtime_error("Failed to generate ML-DSA key pair: " + getOpenSSLError());
+  }
+
+  EVP_PKEY_CTX_free(pctx);
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::getPublicKey() {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for public key export");
+  }
+
+  int result;
+  if (publicFormat_ == 1) {
+    result = PEM_write_bio_PUBKEY(bio, pkey_);
+  } else {
+    result = i2d_PUBKEY_bio(bio, pkey_);
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export public key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  uint8_t* data = new uint8_t[bptr->length];
+  memcpy(data, bptr->data, bptr->length);
+  size_t len = bptr->length;
+
+  BIO_free(bio);
+
+  return std::make_shared<NativeArrayBuffer>(data, len, [=]() { delete[] data; });
+#endif
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::getPrivateKey() {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  checkKeyPair();
+
+  BIO* bio = BIO_new(BIO_s_mem());
+  if (!bio) {
+    throw std::runtime_error("Failed to create BIO for private key export");
+  }
+
+  int result;
+  if (privateFormat_ == 1) {
+    result = PEM_write_bio_PrivateKey(bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr);
+  } else {
+    // Use PKCS8 format for DER export (not raw private key format)
+    result = i2d_PKCS8PrivateKey_bio(bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr);
+  }
+
+  if (result != 1) {
+    BIO_free(bio);
+    throw std::runtime_error("Failed to export private key: " + getOpenSSLError());
+  }
+
+  BUF_MEM* bptr;
+  BIO_get_mem_ptr(bio, &bptr);
+
+  uint8_t* data = new uint8_t[bptr->length];
+  memcpy(data, bptr->data, bptr->length);
+  size_t len = bptr->length;
+
+  BIO_free(bio);
+
+  return std::make_shared<NativeArrayBuffer>(data, len, [=]() { delete[] data; });
+#endif
+}
+
+std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> HybridMlDsaKeyPair::sign(const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  return Promise<std::shared_ptr<ArrayBuffer>>::async([this, nativeMessage]() { return this->signSync(nativeMessage); });
+}
+
+std::shared_ptr<ArrayBuffer> HybridMlDsaKeyPair::signSync(const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX* md_ctx = EVP_MD_CTX_new();
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create signing context");
+  }
+
+  EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pkey_ctx == nullptr) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to create signing context for " + variant_);
+  }
+
+  if (EVP_DigestSignInit(md_ctx, &pkey_ctx, nullptr, nullptr, pkey_) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    EVP_PKEY_CTX_free(pkey_ctx);
+    throw std::runtime_error("Failed to initialize signing: " + getOpenSSLError());
+  }
+
+  size_t sig_len = 0;
+  if (EVP_DigestSign(md_ctx, nullptr, &sig_len, message->data(), message->size()) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to calculate signature size: " + getOpenSSLError());
+  }
+
+  uint8_t* sig = new uint8_t[sig_len];
+
+  if (EVP_DigestSign(md_ctx, sig, &sig_len, message->data(), message->size()) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    delete[] sig;
+    throw std::runtime_error("Failed to sign message: " + getOpenSSLError());
+  }
+
+  EVP_MD_CTX_free(md_ctx);
+
+  return std::make_shared<NativeArrayBuffer>(sig, sig_len, [=]() { delete[] sig; });
+#endif
+}
+
+std::shared_ptr<Promise<bool>> HybridMlDsaKeyPair::verify(const std::shared_ptr<ArrayBuffer>& signature,
+                                                          const std::shared_ptr<ArrayBuffer>& message) {
+  auto nativeSignature = ToNativeArrayBuffer(signature);
+  auto nativeMessage = ToNativeArrayBuffer(message);
+  return Promise<bool>::async([this, nativeSignature, nativeMessage]() { return this->verifySync(nativeSignature, nativeMessage); });
+}
+
+bool HybridMlDsaKeyPair::verifySync(const std::shared_ptr<ArrayBuffer>& signature, const std::shared_ptr<ArrayBuffer>& message) {
+#if !RNQC_HAS_ML_DSA
+  throw std::runtime_error("ML-DSA requires OpenSSL 3.5+");
+#else
+  clearOpenSSLErrors();
+  checkKeyPair();
+
+  EVP_MD_CTX* md_ctx = EVP_MD_CTX_new();
+  if (md_ctx == nullptr) {
+    throw std::runtime_error("Failed to create verify context");
+  }
+
+  EVP_PKEY_CTX* pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, variant_.c_str(), nullptr);
+  if (pkey_ctx == nullptr) {
+    EVP_MD_CTX_free(md_ctx);
+    throw std::runtime_error("Failed to create verify context for " + variant_);
+  }
+
+  if (EVP_DigestVerifyInit(md_ctx, &pkey_ctx, nullptr, nullptr, pkey_) <= 0) {
+    EVP_MD_CTX_free(md_ctx);
+    EVP_PKEY_CTX_free(pkey_ctx);
+    throw std::runtime_error("Failed to initialize verification: " + getOpenSSLError());
+  }
+
+  int result = EVP_DigestVerify(md_ctx, signature->data(), signature->size(), message->data(), message->size());
+
+  EVP_MD_CTX_free(md_ctx);
+
+  if (result < 0) {
+    throw std::runtime_error("Verification error: " + getOpenSSLError());
+  }
+
+  return result == 1;
+#endif
+}
+
+void HybridMlDsaKeyPair::checkKeyPair() {
+  if (pkey_ == nullptr) {
+    throw std::runtime_error("Key pair not initialized");
+  }
+}
+
+} // namespace margelo::nitro::crypto

package/cpp/mldsa/HybridMlDsaKeyPair.hpp

@@ -0,0 +1,47 @@
+#pragma once
+
+#include <memory>
+#include <openssl/evp.h>
+#include <string>
+
+#include "HybridMlDsaKeyPairSpec.hpp"
+
+namespace margelo::nitro::crypto {
+
+class HybridMlDsaKeyPair : public HybridMlDsaKeyPairSpec {
+ public:
+  HybridMlDsaKeyPair() : HybridObject(TAG) {}
+  ~HybridMlDsaKeyPair();
+
+  std::shared_ptr<Promise<void>> generateKeyPair(double publicFormat, double publicType, double privateFormat, double privateType) override;
+
+  void generateKeyPairSync(double publicFormat, double publicType, double privateFormat, double privateType) override;
+
+  std::shared_ptr<ArrayBuffer> getPublicKey() override;
+  std::shared_ptr<ArrayBuffer> getPrivateKey() override;
+
+  std::shared_ptr<Promise<std::shared_ptr<ArrayBuffer>>> sign(const std::shared_ptr<ArrayBuffer>& message) override;
+
+  std::shared_ptr<ArrayBuffer> signSync(const std::shared_ptr<ArrayBuffer>& message) override;
+
+  std::shared_ptr<Promise<bool>> verify(const std::shared_ptr<ArrayBuffer>& signature,
+                                        const std::shared_ptr<ArrayBuffer>& message) override;
+
+  bool verifySync(const std::shared_ptr<ArrayBuffer>& signature, const std::shared_ptr<ArrayBuffer>& message) override;
+
+  void setVariant(const std::string& variant) override;
+
+ private:
+  std::string variant_;
+  EVP_PKEY* pkey_ = nullptr;
+
+  int publicFormat_ = -1;
+  int publicType_ = -1;
+  int privateFormat_ = -1;
+  int privateType_ = -1;
+
+  void checkKeyPair();
+  int getEvpPkeyType() const;
+};
+
+} // namespace margelo::nitro::crypto

package/cpp/sign/HybridSignHandle.cpp

@@ -9,6 +9,12 @@
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x30500000L
+#define RNQC_HAS_ML_DSA 1
+#else
+#define RNQC_HAS_ML_DSA 0
+#endif
+
 namespace margelo::nitro::crypto {
 
 using margelo::nitro::NativeArrayBuffer;
@@ -22,17 +28,28 @@ HybridSignHandle::~HybridSignHandle() {
 
 void HybridSignHandle::init(const std::string& algorithm) {
   algorithm_name = algorithm;
-  md = getDigestByName(algorithm);
 
-  md_ctx = EVP_MD_CTX_new();
-  if (!md_ctx) {
-    throw std::runtime_error("Failed to create message digest context");
-  }
+  // For ML-DSA and other pure signature schemes, algorithm may be empty/null
+  if (!algorithm.empty()) {
+    md = getDigestByName(algorithm);
 
-  if (EVP_DigestInit_ex(md_ctx, md, nullptr) <= 0) {
-    EVP_MD_CTX_free(md_ctx);
-    md_ctx = nullptr;
-    throw std::runtime_error("Failed to initialize message digest");
+    md_ctx = EVP_MD_CTX_new();
+    if (!md_ctx) {
+      throw std::runtime_error("Failed to create message digest context");
+    }
+
+    if (EVP_DigestInit_ex(md_ctx, md, nullptr) <= 0) {
+      EVP_MD_CTX_free(md_ctx);
+      md_ctx = nullptr;
+      throw std::runtime_error("Failed to initialize message digest");
+    }
+  } else {
+    // No digest for pure signature schemes like ML-DSA
+    md = nullptr;
+    md_ctx = EVP_MD_CTX_new();
+    if (!md_ctx) {
+      throw std::runtime_error("Failed to create message digest context");
+    }
   }
 }
 
@@ -43,22 +60,60 @@ void HybridSignHandle::update(const std::shared_ptr<ArrayBuffer>& data) {
 
   auto native_data = ToNativeArrayBuffer(data);
 
-  // Accumulate raw data for potential one-shot signing (Ed25519/Ed448)
+  // Accumulate raw data for potential one-shot signing (Ed25519/Ed448/ML-DSA)
   const uint8_t* ptr = reinterpret_cast<const uint8_t*>(native_data->data());
   data_buffer.insert(data_buffer.end(), ptr, ptr + native_data->size());
 
-  if (EVP_DigestUpdate(md_ctx, native_data->data(), native_data->size()) <= 0) {
-    unsigned long err = ERR_get_error();
-    char err_buf[256];
-    ERR_error_string_n(err, err_buf, sizeof(err_buf));
-    throw std::runtime_error("Failed to update digest: " + std::string(err_buf));
+  // Only update digest if we have one (not needed for pure signature schemes)
+  if (md != nullptr) {
+    if (EVP_DigestUpdate(md_ctx, native_data->data(), native_data->size()) <= 0) {
+      unsigned long err = ERR_get_error();
+      char err_buf[256];
+      ERR_error_string_n(err, err_buf, sizeof(err_buf));
+      throw std::runtime_error("Failed to update digest: " + std::string(err_buf));
+    }
   }
 }
 
-// Check if key type requires one-shot signing (Ed25519, Ed448)
+// Check if key type requires one-shot signing (Ed25519, Ed448, ML-DSA)
 static bool isOneShotVariant(EVP_PKEY* pkey) {
   int type = EVP_PKEY_id(pkey);
+#if RNQC_HAS_ML_DSA
+  return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448 || type == EVP_PKEY_ML_DSA_44 || type == EVP_PKEY_ML_DSA_65 ||
+         type == EVP_PKEY_ML_DSA_87;
+#else
   return type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448;
+#endif
+}
+
+// Get the algorithm name for creating PKEY_CTX (for ML-DSA variants)
+static const char* getAlgorithmName(EVP_PKEY* pkey) {
+  int type = EVP_PKEY_id(pkey);
+#if RNQC_HAS_ML_DSA
+  switch (type) {
+    case EVP_PKEY_ML_DSA_44:
+      return "ML-DSA-44";
+    case EVP_PKEY_ML_DSA_65:
+      return "ML-DSA-65";
+    case EVP_PKEY_ML_DSA_87:
+      return "ML-DSA-87";
+    case EVP_PKEY_ED25519:
+      return "ED25519";
+    case EVP_PKEY_ED448:
+      return "ED448";
+    default:
+      return nullptr;
+  }
+#else
+  switch (type) {
+    case EVP_PKEY_ED25519:
+      return "ED25519";
+    case EVP_PKEY_ED448:
+      return "ED448";
+    default:
+      return nullptr;
+  }
+#endif
 }
 
 std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<HybridKeyObjectHandleSpec>& keyHandle,
@@ -78,18 +133,35 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
   size_t sig_len = 0;
   std::unique_ptr<uint8_t[]> sig_buf;
 
-  // Ed25519/Ed448 require one-shot signing with EVP_DigestSign
-  if (isOneShotVariant(pkey)) {
+  int pkey_type = EVP_PKEY_id(pkey);
+  bool is_one_shot = isOneShotVariant(pkey);
+
+  // Ed25519/Ed448/ML-DSA require one-shot signing with EVP_DigestSign
+  // Also use one-shot path if no digest was specified (md == nullptr)
+  if (is_one_shot || md == nullptr) {
     // Create a new context for one-shot signing
     EVP_MD_CTX* sign_ctx = EVP_MD_CTX_new();
     if (!sign_ctx) {
       throw std::runtime_error("Failed to create signing context");
     }
 
-    // Initialize for one-shot signing (pass nullptr for md - Ed25519/Ed448 have built-in hash)
-    if (EVP_DigestSignInit(sign_ctx, nullptr, nullptr, nullptr, pkey) <= 0) {
+    // Get algorithm name and create PKEY_CTX for ML-DSA
+    const char* alg_name = getAlgorithmName(pkey);
+    EVP_PKEY_CTX* pkey_ctx = nullptr;
+    if (alg_name != nullptr) {
+      pkey_ctx = EVP_PKEY_CTX_new_from_name(nullptr, alg_name, nullptr);
+      if (!pkey_ctx) {
+        EVP_MD_CTX_free(sign_ctx);
+        throw std::runtime_error(std::string("Failed to create signing context for ") + alg_name);
+      }
+    }
+
+    // Initialize for one-shot signing (pass nullptr for md - these algorithms have built-in hash)
+    if (EVP_DigestSignInit(sign_ctx, pkey_ctx ? &pkey_ctx : nullptr, nullptr, nullptr, pkey) <= 0) {
       EVP_MD_CTX_free(sign_ctx);
-      throw std::runtime_error("Failed to initialize Ed signing");
+      if (pkey_ctx)
+        EVP_PKEY_CTX_free(pkey_ctx);
+      throw std::runtime_error("Failed to initialize one-shot signing");
     }
 
     // Get the accumulated data from the digest context
@@ -130,7 +202,10 @@ std::shared_ptr<ArrayBuffer> HybridSignHandle::sign(const std::shared_ptr<Hybrid
 
     if (EVP_PKEY_sign_init(pkey_ctx) <= 0) {
       EVP_PKEY_CTX_free(pkey_ctx);
-      throw std::runtime_error("Failed to initialize signing");
+      char err_buf[512];
+      snprintf(err_buf, sizeof(err_buf), "Failed to initialize signing for key type %d (expected one-shot: %s, RNQC_HAS_ML_DSA=%d)",
+               pkey_type, is_one_shot ? "true" : "false", RNQC_HAS_ML_DSA);
+      throw std::runtime_error(std::string(err_buf) + ": " + getOpenSSLError());
     }
 
     if (padding.has_value()) {