None.
| Issue |
Description |
| JDK-8347938 |
Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings
The JDK now encodes ML-KEM and ML-DSA private keys in PKCS #8 format using the DER-encoded ASN.1 CHOICE formats defined in Section 6 of RFC 9935 and Section 6 of RFC 9881. Two new security properties (jdk.mlkem.pkcs8.encoding and jdk.mldsa.pkcs8.encoding) control the encoding used when generating new keys with a KeyPairGenerator or when translating keys with a KeyFactory. Valid values are "seed", "expandedKey", and "both" (case-insensitive). If a system property of the same name is also specified, it supersedes the security property value. All three formats are supported when decoding previously encoded private keys with a KeyFactory.
When these algorithms were introduced in JDK 24, the encoding format was equivalent to the "expandedKey" choice. This release changes the default to "seed". As a result, ML-KEM and ML-DSA private keys generated by this JDK release will not be accepted by older releases by default, although keys generated by older releases are still readable by this release. To make a new private key acceptable by older releases, set the relevant property to "expandedKey" and use KeyFactory.translateKey to convert it to the older format.
|
|
Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings
The JDK now encodes ML-KEM and ML-DSA private keys in PKCS #8 format using the DER-encoded ASN.1 CHOICE formats defined in Section 6 of RFC 9935 and Section 6 of RFC 9881. Two new security properties (jdk.mlkem.pkcs8.encoding and jdk.mldsa.pkcs8.encoding) control the encoding used when generating new keys with a KeyPairGenerator or when translating keys with a KeyFactory. Valid values are "seed", "expandedKey", and "both" (case-insensitive). If a system property of the same name is also specified, it supersedes the security property value. All three formats are supported when decoding previously encoded private keys with a KeyFactory.
When these algorithms were introduced in JDK 24, the encoding format was equivalent to the "expandedKey" choice. This release changes the default to "seed". As a result, ML-KEM and ML-DSA private keys generated by this JDK release will not be accepted by older releases by default, although keys generated by older releases are still readable by this release. To make a new private key acceptable by older releases, set the relevant property to "expandedKey" and use KeyFactory.translateKey to convert it to the older format.
This change is planned to be backported to Oracle's JDK update releases that support ML-KEM and ML-DSA, so the interoperability impact is expected to be temporary.
|
| Priority |
Bug |
Summary |
| P3 |
JDK-8378727 |
[macOS] Missing dispatch_release for semaphores in CDesktopPeer |
| P3 |
JDK-8376233 |
Clean up code in Desktop native peer |
| P3 |
JDK-8377534 |
Test java/awt/print/PrinterJob/PrintNullString.java fails with FAILURE: No IAE for empty iterator, int |
| P3 |
JDK-8379256 |
Update GIFlib to 6.1.1 |
| P3 |
JDK-8380078 |
Update GIFlib to 6.1.2 |
| P3 |
JDK-8377526 |
Update Libpng to 1.6.55 |
| P3 |
JDK-8380959 |
Update Libpng to 1.6.56 |
| P3 |
JDK-8382047 |
Update Libpng to 1.6.57 |
| P4 |
JDK-8379499 |
[AIX] headless-only build of libjawt.so fails |
| P4 |
JDK-8346154 |
[XWayland] Some tests fail intermittently in the CI, but not locally |
| P4 |
JDK-8381745 |
Ensure Modal/FileDialog tests explicitly reference Asserts class |
| P4 |
JDK-8374304 |
MultiResolutionSplashTest.java fails in CI: "Image with wrong resolution is used for splash screen!" |
| P4 |
JDK-8373239 |
Test java/awt/print/PrinterJob/PageRanges.java fails with incorrect selection of printed pages |
| P4 |
JDK-8360160 |
ubuntu-22-04 machine is failing client tests |
| P5 |
JDK-8068378 |
[TEST_BUG]The java/awt/Modal/PrintDialogsTest/PrintDialogsTest.java instruction need to update |
| Priority |
Bug |
Summary |
| P3 |
JDK-8376031 |
HttpsURLConnection.getServerCertificates() throws "java.lang.IllegalStateException: connection not yet open" for the HEAD method |
| P4 |
JDK-8376479 |
Http3 test server thread deadlock in ThrowingPublishersInRequest |
| P4 |
JDK-8373362 |
Http3TestServer should not log an exception stack trace when it is stopping normally |
| P4 |
JDK-8373704 |
Improve "SocketException: Protocol family unavailable" message |
| P4 |
JDK-8376308 |
java/net/httpclient/CancelRequestTest.java fails intermittently with "Expected CancellationException not received" |
| P4 |
JDK-8373537 |
Migrate "test/jdk/com/sun/net/httpserver/" to null-safe "SimpleSSLContext" methods |
| P4 |
JDK-8373808 |
Refactor java/net/httpclient qpack and hpack tests to use JUnit |
| P4 |
JDK-8373796 |
Refactor java/net/httpclient/ThrowingPublishers*.java tests to use JUnit5 |
| P4 |
JDK-8373869 |
Refactor java/net/httpclient/ThrowingPushPromises*.java tests to use JUnit5 |
| P4 |
JDK-8373866 |
Refactor java/net/httpclient/ThrowingSubscribers*.java tests to use JUnit5 |
| P4 |
JDK-8373893 |
Refactor networking http server tests to use JUnit |
| P4 |
JDK-8369950 |
TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException |
| Priority |
Bug |
Summary |
| P3 |
JDK-8378353 |
[PPC64] StringCoding.countPositives causes errors when the length is not a proper 32 bit int |
| P3 |
JDK-8373021 |
aarch64: MacroAssembler::arrays_equals reads out of bounds |
| P3 |
JDK-8376104 |
C2 crashes in PhiNode::Ideal(PhaseGVN*, bool) accessing NULL pointer |
| P3 |
JDK-8374903 |
C2 VectorAPI: assert(vbox->as_Phi()->region() == vect->as_Phi()->region()) failed |
| P3 |
JDK-8375010 |
C2 VectorAPI: assert(vbox->is_CheckCastPP()) failed: should be expanded |
| P3 |
JDK-8374043 |
C2: assert(_base >= VectorMask && _base <= VectorZ) failed: Not a Vector |
| P3 |
JDK-8378713 |
C2: performance regression due to missing constant folding for Math.pow() |
| P3 |
JDK-8370502 |
C2: segfault while adding node to IGVN worklist |
| P3 |
JDK-8366138 |
Parse::jump_switch_ranges() could cause stack overflow when compiling huge switch statement |
| P4 |
JDK-8381596 |
Adjust checks which use supports_ht() on x86 for hybrid CPUs |
| P4 |
JDK-8381315 |
compiler/vectorapi/TestVectorReallocation.java fails with -XX:UseAVX=1 after JDK-8380565 |
| P4 |
JDK-8374744 |
Enable dumping of APX EGPRs (R16–R31) in JVM fatal error logs |
| P4 |
JDK-8375598 |
VM crashes with "assert((labs(val) & 0xFFFFFFFF00000000) == 0 || dest == (address)-1) failed: must be 32bit offset or -1" when using too high value for NonNMethodCodeHeapSize |
| P5 |
JDK-8368977 |
Provide clear naming for AVX10 identifiers |
| P5 |
JDK-8344345 |
test/hotspot/gtest/x86/x86-asmtest.py has trailing whitespaces |
| Priority |
Bug |
Summary |
| P2 |
JDK-8380474 |
Crash SEGV in ThreadIdTable::lazy_initialize after JDK-8323792 |
| P2 |
JDK-8373944 |
ObjectMonitor::ExitOnSuspend can call java_lang_VirtualThread::set_onWaitingList() while in safepoint |
| P3 |
JDK-8377512 |
AOT cache creation fails with invalid native pointer |
| P3 |
JDK-8380409 |
JVM crashes when -XX:AOTMode=create uses app.aotconf generated with JVMTI agent |
| P3 |
JDK-8380565 |
PPC64: deoptimization stub should save vector registers |
| P4 |
JDK-8377932 |
AOT cache is not rejected when JAR file has changed |
| P4 |
JDK-8378871 |
CPU feature flags are not properly set in vm_version_windows_aarch64.cpp |
| P4 |
JDK-8376402 |
Dependencies::print_statistics() and AbstractClassHierarchyWalker::print_statistics() are not called from PRODUCT code |
| P4 |
JDK-8374998 |
Failing os::write - remove bad file |
| P4 |
JDK-8374343 |
Fix SIGSEGV when lib/modules is unreadable |
| P4 |
JDK-8376688 |
Gtest os.attempt_reserve_memory_between_small_range_fill_hole_vm fails on AIX 7.3 |
| P4 |
JDK-8377898 |
Hotspot build on AIX with unused-functions warning reports some unused functions |
| P4 |
JDK-8374711 |
Hotspot runtime/CommandLine/OptionsValidation/TestOptionsWithRanges fails without printing the option name |
| P4 |
JDK-8377777 |
Improve logging when rejecting assets from the AOT archive |
| P4 |
JDK-8374178 |
Missing include in systemDictionary.cpp after JDK-8365526 |
| P4 |
JDK-8374769 |
PPC: MASM::pop_cont_fastpath() should reset _cont_fastpath if SP == _cont_fastpath |
| P4 |
JDK-8371503 |
RETAIN_IMAGE_AFTER_TEST do not work for some tests |
| P4 |
JDK-8374056 |
RISC-V: Fix argument passing for the RiscvFlushIcache::flush |
| P4 |
JDK-8375311 |
Some builds are missing debug helpers |
| P4 |
JDK-8379457 |
Test EATests.java#id0 ERROR: monitor list errors: error_cnt=1 |
| P4 |
JDK-8380316 |
Test runtime/os/AvailableProcessors.java fails Invalid argument |
| P4 |
JDK-8374322 |
TestMemoryWithSubgroups.java fails Permission denied |