Merge

e6e223e5 · asaha · 5df3ec85 · 812f09e0 · e6e223e5 · e6e223e5
3 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -467,6 +467,7 @@ fe1c420a8982e58f6d49c50b729732d93f9682dd jdk8u65-b05
 bd2ad7acb217391747dae8263c090483af454313 jdk8u65-b07
 d215cd281678e4b89a4155755cd6e03e37b7e9b1 jdk8u65-b08
 e9de15763a5a3cef64ef1d4bc40a018d4d572325 jdk8u65-b09
+ed9e7ba6a419a80cbcdc60f4634388af054bdc76 jdk8u65-b10
 e9f82302d5fdef8a0976640e09363895e9dcde3c jdk8u66-b00
 64d7bd4e98150447916f210e3bfd6875a4c2728a jdk8u66-b01
 d8210091911b14930192abd3138ee37c281fb632 jdk8u66-b02

--- a/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
 /*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -77,6 +77,13 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
    private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
        Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));

+    private final static Set<CryptoPrimitive> KU_PRIMITIVE_SET =
+        Collections.unmodifiableSet(EnumSet.of(
+            CryptoPrimitive.SIGNATURE,
+            CryptoPrimitive.KEY_ENCAPSULATION,
+            CryptoPrimitive.PUBLIC_KEY_ENCRYPTION,
+            CryptoPrimitive.KEY_AGREEMENT));
+
    private final static DisabledAlgorithmConstraints
        certPathDefaultConstraints = new DisabledAlgorithmConstraints(
            DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
@@ -210,9 +217,11 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
                null, null, -1, PKIXReason.INVALID_KEY_USAGE);
        }

+        // Assume all key usage bits are set if key usage is not present
+        Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
+
        if (keyUsage != null) {
-            Set<CryptoPrimitive> primitives =
-                        EnumSet.noneOf(CryptoPrimitive.class);
+                primitives = EnumSet.noneOf(CryptoPrimitive.class);

            if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
                // keyUsage[0]: KeyUsage.digitalSignature
@@ -237,15 +246,19 @@ final public class AlgorithmChecker extends PKIXCertPathChecker {
            // KeyUsage.encipherOnly and KeyUsage.decipherOnly are
            // undefined in the absence of the keyAgreement bit.

-            if (!primitives.isEmpty()) {
-                if (!constraints.permits(primitives, currPubKey)) {
-                    throw new CertPathValidatorException(
-                        "algorithm constraints check failed",
-                        null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
-                }
+            if (primitives.isEmpty()) {
+                throw new CertPathValidatorException(
+                    "incorrect KeyUsage extension",
+                    null, null, -1, PKIXReason.INVALID_KEY_USAGE);
            }
        }

+        if (!constraints.permits(primitives, currPubKey)) {
+            throw new CertPathValidatorException(
+                "algorithm constraints check failed",
+                null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
+        }
+
        // Check with previous cert for signature algorithm and public key
        if (prevPubKey != null) {
            if (currSigAlg != null) {

--- a/test/java/util/regex/RegExTest.java
+++ b/test/java/util/regex/RegExTest.java
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@
 * 6358731 6178785 6284152 6231989 6497148 6486934 6233084 6504326 6635133
 * 6350801 6676425 6878475 6919132 6931676 6948903 6990617 7014645 7039066
 * 7067045 7014640 7189363 8007395 8013252 8013254 8012646 8023647 6559590
- * 8027645
+ * 8027645 6854417
 */

 import java.util.regex.*;
@@ -3131,15 +3131,26 @@ public class RegExTest {
            // Create a short pattern to search for
            int patternLength = generator.nextInt(7) + 4;
            StringBuffer patternBuffer = new StringBuffer(patternLength);
-            for (int x=0; x<patternLength; x++) {
-                int ch = baseCharacter + generator.nextInt(26);
-                if (Character.isSupplementaryCodePoint(ch)) {
-                    patternBuffer.append(Character.toChars(ch));
-                } else {
-                    patternBuffer.append((char)ch);
+            String pattern;
+            retry: for (;;) {
+                for (int x=0; x<patternLength; x++) {
+                    int ch = baseCharacter + generator.nextInt(26);
+                    if (Character.isSupplementaryCodePoint(ch)) {
+                        patternBuffer.append(Character.toChars(ch));
+                    } else {
+                        patternBuffer.append((char)ch);
+                    }
+                }
+                pattern = patternBuffer.toString();
+
+                // Avoid patterns that start and end with the same substring
+                // See JDK-6854417
+                for (int x=1; x <patternLength; x++) {
+                    if (pattern.startsWith(pattern.substring(x)))
+                        continue retry;
                }
+                break;
            }
-            String pattern =  patternBuffer.toString();
            Pattern p = Pattern.compile(pattern);

            // Create a buffer with random ASCII chars that does