Am 13.05.26 um 13:44 schrieb [email protected]:
This is an automated email from the ASF dual-hosted git repository.
dsoumis pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7ff10fab8e Add unit tests for PQC features
7ff10fab8e is described below
commit 7ff10fab8ede061fe61524ef96b463fef637429f
Author: Dimitrios Soumis <[email protected]>
AuthorDate: Wed May 13 13:44:42 2026 +0200
Add unit tests for PQC features
I am also having problems to run some of these tests. Since I do not
have problems with any other OpenSSL tests, I assume, my
build.properties are not the problem, but I am not sure.
It seems the failung tsts only work for Java 24+. See details following:
The test failures only occur when running under tcnative.
I tried with TC 9, 10.1 and 11 head.
JVM was latest Adoptium JDK 1.8.0 (TC 9), JDK 11 (TC 10.1) and JDK 17
(TC 11).
tcnative was 2.0.14 and 1.3.7
OpenSSL 4.0.0 (only tcnative 2), OpenSSL 3.6.2 and OpenSSL 3.5.6.
The failing test cases are:
testClientMLDSAwithMLDSAServer[OpenSSL]
testHostECandMLDSA[OpenSSL]
testHostMLDSA44[OpenSSL]
testHostMLDSA65[OpenSSL]
testHostMLDSA87[OpenSSL]
testHostMLDSAHandshakeFailure[OpenSSL]
testHostMLDSAwithSecP256r1MLKEM768[OpenSSL]
testHostMLDSAwithX25519MLKEM768[OpenSSL]
testHostRSAandMLDSA[OpenSSL]
All [OpenSSL-FFM] test cases were skipped (OK, JVM < 22), all [JSSE]
test cases were skipped (OK, JSSE does not yet support PQC)
The following [OpenSSL] test cases worked:
testClientMLDSA[OpenSSL]
testHostRSAwithSecP256r1MLKEM768[OpenSSL]
testHostRSAwithSecP384r1MLKEM1024[OpenSSL]
testHostRSAwithX25519MLKEM768[OpenSSL]
The failures typically looked like this:
Testcase: testHostECandMLDSA[OpenSSL] took 0.116 sec
Caused an ERROR
Protocol handler initialization failed
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1279)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:128)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:543)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:128)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:958)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:128)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:161)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:452)
at
org.apache.catalina.startup.TomcatBaseTest$TomcatWithFastSessionIDs.start(TomcatBaseTest.java:895)
at org.apache.tomcat.util.net.TestPQC.doTest(TestPQC.java:280)
at
org.apache.tomcat.util.net.TestPQC.testHostECandMLDSA(TestPQC.java:128)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Caused by: java.lang.IllegalArgumentException: Error creating SSLContext
at
org.apache.tomcat.util.net.AbstractEndpoint.createSSLContext(AbstractEndpoint.java:590)
at
org.apache.tomcat.util.net.AbstractEndpoint.initialiseSsl(AbstractEndpoint.java:836)
at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:294)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:2188)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:2206)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:958)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:96)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1277)
Caused by: java.security.NoSuchAlgorithmException: ML-DSA KeyFactory not
available
at java.base/java.security.KeyFactory.<init>(KeyFactory.java:138)
at
java.base/java.security.KeyFactory.getInstance(KeyFactory.java:183)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:564)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:344)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:279)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:200)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:367)
at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:120)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:285)
at
org.apache.tomcat.util.net.AbstractEndpoint.createSSLContext(AbstractEndpoint.java:588)
Seeing the java.security.NoSuchAlgorithmException: ML-DSA KeyFactory not
available I checked the JVM docs page "Java Security Standard Algorithm
Names". It seems the KeyManagers needed for PQC landed in Java 24. So
the failing tests can not work below Java 24 unless we find a way to
work around that. Somehow although the connectors are configured to use
tcnative, they still need algorithm support from the JDK in PEM file
handling.
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
