This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new b7b6118cc0 Add ML-DSA to the key algorithms
b7b6118cc0 is described below
commit b7b6118cc0efe752aad25804f1c66d8ed73fe016
Author: remm <r...@apache.org>
AuthorDate: Fri Aug 29 09:34:10 2025 +0200
Add ML-DSA to the key algorithms
Improve reporting of key loading errors by wrapping inside an exception
to indicate which algorithm was attempted.
---
java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 4 ++--
webapps/docs/changelog.xml | 4 ++++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
index 6fd6c33ac5..6e0c7e3cb7 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -27,6 +27,7 @@ pemFile.noPassword=A password is required to decrypt the
private key
pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the
only permitted KDF for PBES2
pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
pemFile.parseError=Unable to parse the key from [{0}]
+pemFile.parseError.algorithm=Unable to parse the key using algorithm [{0}]
pemFile.unknownEncryptedFormat=The format [{0}] is not a recognised encrypted
PEM file format
pemFile.unknownEncryptionAlgorithm=The encryption algorithm with DER encoded
OID of [{0}] was not recognised
pemFile.unknownPkcs8Algorithm=The PKCS#8 encryption algorithm with DER encoded
OID of [{0}] was not recognised
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index f380c385b0..95d18d93aa 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -482,11 +482,11 @@ public class PEMFile {
InvalidKeyException exception = new
InvalidKeyException(sm.getString("pemFile.parseError", filename));
if (keyAlgorithm == null) {
- for (String algorithm : new String[] { "RSA", "DSA", "EC" }) {
+ for (String algorithm : new String[] { "RSA", "DSA", "EC",
"ML-DSA" }) {
try {
return
KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
- exception.addSuppressed(e);
+ exception.addSuppressed(new
InvalidKeySpecException(sm.getString("pemFile.parseError.algorithm",
algorithm), e));
}
}
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 22ad28c7be..d4f9d123d6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,10 @@
Ensure keys are handed out to OpenSSL even if <code>PEMFile</code>
fails to process it, with appropriate logging. (remm)
</fix>
+ <fix>
+ Add new <code>ML-DSA</code> key algorithm to <code>PEMFile</code>
+ and improve reporting when reading a key fails. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name = "Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
