--- a/test/jdk/sun/security/krb5/auto/KDC.java	Fri Jan 19 15:05:18 2018 -0800
+++ b/test/jdk/sun/security/krb5/auto/KDC.java	Mon Jan 22 12:00:41 2018 +0800
@@ -604,19 +604,7 @@
      */
     private static EncryptionKey generateRandomKey(int eType)
             throws KrbException  {
-        // Is 32 enough for AES256? I should have generated the keys directly
-        // but different cryptos have different rules on what keys are valid.
-        char[] pass = randomPassword();
-        String algo;
-        switch (eType) {
-            case EncryptedData.ETYPE_DES_CBC_MD5: algo = "DES"; break;
-            case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD: algo = "DESede"; break;
-            case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96: algo = "AES128"; break;
-            case EncryptedData.ETYPE_ARCFOUR_HMAC: algo = "ArcFourHMAC"; break;
-            case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96: algo = "AES256"; break;
-            default: algo = "DES"; break;
-        }
-        return new EncryptionKey(pass, "NOTHING", algo);    // Silly
+        return genKey0(randomPassword(), "NOTHING", null, eType, null);
     }
 
     /**
@@ -680,6 +668,8 @@
         switch (etype) {
             case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
             case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
+            case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128:
+            case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192:
                 String pn = p.toString();
                 if (p.getRealmString() == null) {
                     pn = pn + "@" + getRealm();
@@ -687,7 +677,11 @@
                 if (s2kparamses.containsKey(pn)) {
                     return s2kparamses.get(pn);
                 }
-                return new byte[] {0, 0, 0x10, 0};
+                if (etype < EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128) {
+                    return new byte[]{0, 0, 0x10, 0};
+                } else {
+                    return new byte[]{0, 0, (byte) 0x80, 0};
+                }
             default:
                 return null;
         }
@@ -715,9 +709,8 @@
                     kvno = pass[pass.length-1] - '0';
                 }
             }
-            return new EncryptionKey(EncryptionKeyDotStringToKey(
-                    getPassword(p, server), getSalt(p), getParams(p, etype), etype),
-                    etype, kvno);
+            return genKey0(getPassword(p, server), getSalt(p),
+                    getParams(p, etype), etype, kvno);
         } catch (KrbException ke) {
             throw ke;
         } catch (Exception e) {
@@ -735,6 +728,17 @@
     }
 
     /**
+     * Generates key from password.
+     */
+    private static EncryptionKey genKey0(
+            char[] pass, String salt, byte[] s2kparams,
+            int etype, Integer kvno) throws KrbException {
+        return new EncryptionKey(EncryptionKeyDotStringToKey(
+                pass, salt, s2kparams, etype),
+                etype, kvno);
+    }
+
+    /**
      * Processes an incoming request and generates a response.
      * @param in the request
      * @return the response
@@ -1181,8 +1185,8 @@
                 }
                 boolean allOld = true;
                 for (int i: eTypes) {
-                    if (i == EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96 ||
-                            i == EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96) {
+                    if (i >= EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96 &&
+                            i != EncryptedData.ETYPE_ARCFOUR_HMAC) {
                         allOld = false;
                         break;
                     }