This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9ab864c4c0 Add ML-DSA to the key algorithms
9ab864c4c0 is described below
commit 9ab864c4c0a1f914237f3443d9d4e07584102f20
Author: remm <[email protected]>
AuthorDate: Fri Aug 29 09:34:10 2025 +0200
Add ML-DSA to the key algorithms
Improve reporting of key loading errors by wrapping inside an exception
to indicate which algorithm was attempted.
---
java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 4 ++--
webapps/docs/changelog.xml | 4 ++++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
index 6a3d1fd3e7..d4cdaa1105 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -24,6 +24,7 @@ pemFile.noPassword=A password is required to decrypt the
private key
pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the
only permitted KDF for PBES2
pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
pemFile.parseError=Unable to parse the key from [{0}]
+pemFile.parseError.algorithm=Unable to parse the key using algorithm [{0}]
pemFile.unknownEncryptedFormat=The format [{0}] is not a recognised encrypted
PEM file format
pemFile.unknownEncryptionAlgorithm=The encryption algorithm with DER encoded
OID of [{0}] was not recognised
pemFile.unknownPkcs8Algorithm=The PKCS#8 encryption algorithm with DER encoded
OID of [{0}] was not recognised
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index f380c385b0..95d18d93aa 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -482,11 +482,11 @@ public class PEMFile {
InvalidKeyException exception = new
InvalidKeyException(sm.getString("pemFile.parseError", filename));
if (keyAlgorithm == null) {
- for (String algorithm : new String[] { "RSA", "DSA", "EC" }) {
+ for (String algorithm : new String[] { "RSA", "DSA", "EC",
"ML-DSA" }) {
try {
return
KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
- exception.addSuppressed(e);
+ exception.addSuppressed(new
InvalidKeySpecException(sm.getString("pemFile.parseError.algorithm",
algorithm), e));
}
}
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aec980560e..f0eeb26e40 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -212,6 +212,10 @@
Ensure keys are handed out to OpenSSL even if <code>PEMFile</code>
fails to process it, with appropriate logging. (remm)
</fix>
+ <fix>
+ Add new <code>ML-DSA</code> key algorithm to <code>PEMFile</code>
+ and improve reporting when reading a key fails. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
