PR#301: Experimental support for Post Quantum keys -

certmonger

#301 Experimental support for Post Quantum keys

Opened Jan 12, 2026 by rcritten. Modified Mar 9, 2026

rcritten/certmonger pq into master

Allow requesting a ML-DSA key using a strength

Rob Crittenden • Jan 15, 2026

2bf41b5b20eae95560adfe1453670b834b9c260d

Implement more PQ testing for both NSS and OpenSSL

Rob Crittenden • Jan 14, 2026

0d988f887da7c152ea9e418ce96896e548276093

Test for PQ support in NSS, print summary at end of configure

Rob Crittenden • Jan 14, 2026

c06ebb0f791f9acacb2ebeb2ee478ab4f57fb243

Add initial ML-DSA support with NSS 3.112.0-4

Rob Crittenden • Jan 14, 2026

0fc2d593b7c68f996989bd16daef159882a7041e

Add initial ML-DSA support with OpenSSL 3.5.0

Rob Crittenden • Jan 14, 2026

c18445f900ffc5600c45c7c7274aacee64320b21

Replace deprecated OpenSSL 3.0.0 function calls

Rob Crittenden • Jan 14, 2026

0e526d0d41b572f3f7857278526f3668be4b68a4

Download 301.patch

rcritten commented Jan 12, 2026

Add some experimental support for ML-DSA certificates in both NSS and OpenSSL. This includes some basic key and csr generation tests.

rcritten commented Jan 12, 2026

This includes a PR to modernize OpenSSL support to rely more on EVP_PKEY instead of deprecated key-specific types.

rebased onto 5e53a204062a78f7e5c9311bfac3d392d23d5134

Jan 14, 2026

6 new commits added

Allow requesting a ML-DSA key using a strength
Implement more PQ testing for both NSS and OpenSSL
Test for PQ support in NSS, print summary at end of configure
Add initial ML-DSA support with NSS 3.112.0-4
Add initial ML-DSA support with OpenSSL 3.5.0
Replace deprecated OpenSSL 3.0.0 function calls

Jan 15, 2026

6 new commits added

Allow requesting a ML-DSA key using a strength
Implement more PQ testing for both NSS and OpenSSL
Test for PQ support in NSS, print summary at end of configure
Add initial ML-DSA support with NSS 3.112.0-4
Add initial ML-DSA support with OpenSSL 3.5.0
Replace deprecated OpenSSL 3.0.0 function calls

Jan 15, 2026

Metadata

Assignee

None

Tags

No Tags

Changes Summary 40

src/certmonger.conf.5.in

file added

tests/001-keyiread-mldsa/expected.out

+36

file added

tests/001-keyiread-mldsa/run.sh

+27

file added

tests/002-keygen-mldsa/expected.out

file added

tests/002-keygen-mldsa/prequal.sh

+84

file added

tests/002-keygen-mldsa/run.sh

file added

tests/003-csrgen-mldsa/expected.out

+52

file added

tests/003-csrgen-mldsa/run.sh

+4 -4

file changed

tests/028-dbus/expected.out

+965

file added

tests/028-dbus/expected.out.nodsa.withmldsa

+965

file added

tests/028-dbus/expected.out.nomldsa

tests/tools/keyiread.c

certmonger

#301 Experimental support for Post Quantum keys Opened Jan 12, 2026 by rcritten. Modified Mar 9, 2026 rcritten/certmonger pq into master

Metadata

Changes Summary 40

#301 Experimental support for Post Quantum keys

Opened Jan 12, 2026 by rcritten. Modified Mar 9, 2026

rcritten/certmonger pq into master