8342183: Update tests to use stronger algorithms and keys

Reviewed-by: rhalade, ascarpino
2024-11-01 17:52:20 +00:00 · 2024-11-01 17:52:20 +00:00 · c82ad845e1
commit c82ad845e1
parent 1eccdfc622
35 changed files with 259 additions and 125 deletions
--- a/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java
+++ b/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java
@ -75,7 +75,7 @@ public class CICOSkipTest {
        "OFB", "OFB64", "PCBC"};
    private static final String[] PADDINGS = {"NoPadding", "Pkcs5Padding"};
    private static final String[] PBE_ALGOS = {"PBEWithMD5AndDES",
-        "PBEWithMD5AndDES/CBC/PKCS5Padding"};
+        "PBEWithMD5AndDES/CBC/PKCS5Padding", "PBEWithSHA1AndDESede"};
    public static void main(String[] args) throws Exception {
        // how many kinds of padding mode such as PKCS5padding and NoPadding
--- a/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java
+++ b/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java
@ -167,7 +167,8 @@ public class TestCipherKeyWrapperTest {
        test.wrapperPBEKeyTest(provider);
        // Public and private key wrap test
-        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos);
+        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "DES");
        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "AES");
    }
    private void wrapperAesDESedeKeyTest(String algo, String wrapAlgo,
@ -263,7 +264,7 @@ public class TestCipherKeyWrapperTest {
        }
    }
-    private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms)
+    private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms, String algoWrap)
            throws NoSuchAlgorithmException, InvalidKeyException,
            NoSuchPaddingException, IllegalBlockSizeException,
            InvalidAlgorithmParameterException {
@ -275,7 +276,6 @@ public class TestCipherKeyWrapperTest {
            kpg.initialize(SecurityUtils.getTestKeySize(algo));
            KeyPair kp = kpg.genKeyPair();
            // key generated
            String algoWrap = "DES";
            KeyGenerator kg = KeyGenerator.getInstance(algoWrap, p);
            Key key = kg.generateKey();
            wrapTest(algo, algoWrap, key, kp.getPrivate(), Cipher.PRIVATE_KEY,
--- a/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java
+++ b/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java
@ -40,7 +40,7 @@ import javax.crypto.NoSuchPaddingException;
 public class TestCipherPBECons {
    private static final String[] PBEAlgorithms = {"pbeWithMD5ANDdes",
-        "PBEWithMD5AndTripleDES"};
+        "PBEWithMD5AndTripleDES", "PBEWithSHA1AndDESede"};
    private static final String[] cipherModes = {"ECb", "cbC", "cFB", "Cfb32",
        "OfB", "oFb64", "pCbC"};
    private static final String[] cipherPaddings = {"Pkcs5Padding", "NoPaDDing"};
--- a/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
+++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
@ -232,20 +232,26 @@ public class DHKeyAgreement2 {
        }
        System.err.println("Shared secrets are the same");
        testSecretKey(bobKeyAgree, alicePubKey, "DES");
        testSecretKey(bobKeyAgree, alicePubKey, "AES");
    }
    private static void testSecretKey(KeyAgreement bobKeyAgree, PublicKey alicePubKey, String algo)
            throws Exception {
        // Now let's return the shared secret as a SecretKey object
        // and use it for encryption
-        System.out.println("Return shared secret as SecretKey object ...");
+        System.out.println("Return shared secret as SecretKey object with algorithm: " + algo);
        bobKeyAgree.doPhase(alicePubKey, true);
-        SecretKey desKey = bobKeyAgree.generateSecret("DES");
+        SecretKey key = bobKeyAgree.generateSecret(algo);
-        Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
+        Cipher cipher = Cipher.getInstance(algo + "/ECB/PKCS5Padding");
-        desCipher.init(Cipher.ENCRYPT_MODE, desKey);
+        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] cleartext = "This is just an example".getBytes();
-        byte[] ciphertext = desCipher.doFinal(cleartext);
+        byte[] ciphertext = cipher.doFinal(cleartext);
-        desCipher.init(Cipher.DECRYPT_MODE, desKey);
+        cipher.init(Cipher.DECRYPT_MODE, key);
-        byte[] cleartext1 = desCipher.doFinal(ciphertext);
+        byte[] cleartext1 = cipher.doFinal(ciphertext);
        int clearLen = cleartext.length;
        int clear1Len = cleartext1.length;
--- a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
+++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
@ -24,6 +24,7 @@
 /**
 * @test
 * @bug 8072452 8163498
 * @library /test/lib
 * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
 *          This test has been split based on lower/higher key sizes in order to
 *          reduce individual execution times and run in parallel
@ -33,14 +34,16 @@
 * @run main/timeout=300 SupportedDHParamGens 832
 * @run main/timeout=300 SupportedDHParamGens 1024
 * @run main/timeout=600 SupportedDHParamGens 2048
 * @run main/timeout=600 SupportedDHParamGens 3072
 * @run main/timeout=600 SupportedDHParamGens 4096
 */
 import java.math.BigInteger;
 import java.security.*;
 import javax.crypto.*;
 import javax.crypto.interfaces.*;
 import javax.crypto.spec.*;
 import jdk.test.lib.security.DiffieHellmanGroup;
 import jdk.test.lib.security.SecurityUtils;
 public class SupportedDHParamGens {
@ -48,12 +51,18 @@ public class SupportedDHParamGens {
        int primeSize = Integer.valueOf(args[0]).intValue();
        System.out.println("Checking " + primeSize + " ...");
-        AlgorithmParameterGenerator apg =
+        DHParameterSpec spec = null;
-                AlgorithmParameterGenerator.getInstance("DH",
+        switch (primeSize) {
-                        System.getProperty("test.provider.name", "SunJCE"));
+            case 2048, 3072, 4096 -> spec = getDHParameterSpec(primeSize);
-        apg.init(primeSize);
+            default -> {
-        AlgorithmParameters ap = apg.generateParameters();
+                AlgorithmParameterGenerator apg =
-        DHParameterSpec spec = ap.getParameterSpec(DHParameterSpec.class);
+                        AlgorithmParameterGenerator.getInstance("DH",
                                System.getProperty("test.provider.name", "SunJCE"));
                apg.init(primeSize);
                AlgorithmParameters ap = apg.generateParameters();
                spec = ap.getParameterSpec(DHParameterSpec.class);
            }
        }
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH",
                        System.getProperty("test.provider.name", "SunJCE"));
@ -62,6 +71,11 @@ public class SupportedDHParamGens {
        checkKeyPair(kp, primeSize);
    }
    private static DHParameterSpec getDHParameterSpec(int primeSize) {
        DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup(primeSize);
        return new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());
    }
    private static void checkKeyPair(KeyPair kp, int pSize) throws Exception {
        DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate();
--- a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java
+++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java
@ -24,6 +24,7 @@
 /**
 * @test
 * @bug 8072452 8163498
 * @library /test/lib
 * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
 *          This test has been split based on lower/higher key sizes in order to
 *          reduce individual execution times and run in parallel
--- a/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java
+++ b/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java
@ -35,10 +35,10 @@ import java.util.*;
 public class TestExplicitKeyLength {
-    private static final String ALGOS[] = { "RC2", "ARCFOUR" };
+    private static final String ALGOS[] = { "RC2", "ARCFOUR", "AES", "AES", "AES" };
    private static final int KEY_SIZES[] =
-        { 64, 80 }; // in bits
+        { 64, 80, 128, 192, 256 }; // in bits
    public static void runTest(String algo, int keysize) throws Exception {
        KeyGenerator kg = KeyGenerator.getInstance(algo,
--- a/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java
+++ b/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java
@ -41,6 +41,10 @@ public class HmacSaltLengths {
    private static final String[] ALGOS = {
        "HmacPBESHA1",
        "HmacPBESHA224",
        "HmacPBESHA256",
        "HmacPBESHA384",
        "HmacPBESHA512",
        "PBEWithHmacSHA1",
        "PBEWithHmacSHA224",
        "PBEWithHmacSHA256",
--- a/test/jdk/com/sun/crypto/provider/Mac/MacClone.java
+++ b/test/jdk/com/sun/crypto/provider/Mac/MacClone.java
@ -26,6 +26,8 @@
 * @bug 7087021 8013069 8288050
 * @summary Clone tests for all MAC algorithms.
 * @author Jan Luehe
 * @run main MacClone DES
 * @run main MacClone AES
 */
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.*;
@ -39,7 +41,8 @@ public class MacClone {
                           "HmacSHA384", "HmacSHA512", "HmacSHA512/224",
                           "HmacSHA512/256",
        };
-        KeyGenerator kgen = KeyGenerator.getInstance("DES");
+        String keyAlgo = args[0];
        KeyGenerator kgen = KeyGenerator.getInstance(keyAlgo);
        SecretKey skey = kgen.generateKey();
        for (String algo : algos) {
            doTest(algo, skey, null);
--- a/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java
+++ b/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -47,7 +47,7 @@ public class TestKeyStoreEntry {
    private static final char[] PASSWDF = new String("guardian Angel")
            .toCharArray();
    private static final String[] KS_ALGOS = {
-            "DES", "DESede", "Blowfish"
+            "DES", "DESede", "Blowfish", "AES"
    };
    private static final int NUM_ALGOS = KS_ALGOS.length;
--- a/test/jdk/java/security/MessageDigest/ByteBuffers.java
+++ b/test/jdk/java/security/MessageDigest/ByteBuffers.java
@ -27,6 +27,8 @@
 * @summary Test the MessageDigest.update(ByteBuffer) method
 * @author Andreas Sterbenz
 * @key randomness
 * @run main ByteBuffers MD5
 * @run main ByteBuffers SHA-1
 */
 import java.util.*;
@ -43,7 +45,8 @@ public class ByteBuffers {
        byte[] t = new byte[n];
        random.nextBytes(t);
-        MessageDigest md = MessageDigest.getInstance("MD5", p);
+        String digestAlgo = args[0];
        MessageDigest md = MessageDigest.getInstance(digestAlgo, p);
        byte[] d1 = md.digest(t);
        // test 1: ByteBuffer with an accessible backing array
--- a/test/jdk/java/security/Signature/ByteBuffers.java
+++ b/test/jdk/java/security/Signature/ByteBuffers.java
@ -27,6 +27,8 @@
 * @summary Test the Signature.update(ByteBuffer) method
 * @author Andreas Sterbenz
 * @key randomness
 * @run main ByteBuffers DSA 512
 * @run main ByteBuffers SHA256withDSA 2048
 */
 import java.util.*;
@ -44,11 +46,14 @@ public class ByteBuffers {
        byte[] t = new byte[n];
        random.nextBytes(t);
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
+        String kpgAlgorithm = "DSA";
-        kpg.initialize(512);
+        int keySize = Integer.parseInt(args[1]);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
        kpg.initialize(keySize);
        KeyPair kp = kpg.generateKeyPair();
-        Signature sig = Signature.getInstance("DSA", p);
+        String signAlgo = args[0];
        Signature sig = Signature.getInstance(signAlgo, p);
        sig.initSign(kp.getPrivate());
        sig.update(t);
        byte[] signature = sig.sign();
--- a/test/jdk/java/security/Signature/SignWithOutputBuffer.java
+++ b/test/jdk/java/security/Signature/SignWithOutputBuffer.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
 * @bug 4114896
 * @summary Signature should support a sign() method that places the signature
 * in an already existing array.
 * @run main SignWithOutputBuffer DSS 512
 * @run main SignWithOutputBuffer SHA256withDSA 2048
 */
 import java.security.*;
@ -36,11 +38,14 @@ public class SignWithOutputBuffer {
        int numBytes;
-        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
+        String kpgAlgorithm = "DSA";
-        kpGen.initialize(512);
+        int keySize = Integer.parseInt(args[1]);
        KeyPairGenerator kpGen = KeyPairGenerator.getInstance(kpgAlgorithm);
        kpGen.initialize(keySize);
        KeyPair kp = kpGen.genKeyPair();
-        Signature sig = Signature.getInstance("DSS");
+        String signAlgo = args[0];
        Signature sig = Signature.getInstance(signAlgo);
        sig.initSign(kp.getPrivate());
        sig.update((byte)0xff);
@ -55,10 +60,10 @@ public class SignWithOutputBuffer {
        }
        // Now repeat the same with a buffer that's big enough
-        sig = Signature.getInstance("DSS");
+        sig = Signature.getInstance(signAlgo);
        sig.initSign(kp.getPrivate());
        sig.update((byte)0xff);
-        out = new byte[48];
+        out = new byte[64];
        numBytes = sig.sign(out, 0, out.length);
        System.out.println("Signature len="+numBytes);
--- a/test/jdk/java/security/Signature/SignatureGetInstance.java
+++ b/test/jdk/java/security/Signature/SignatureGetInstance.java
@ -27,7 +27,8 @@
 * @summary Ensure the BC provider-reselection workaround in Signature class
 *     functions correctly
 * @modules java.base/sun.security.util
- * @run main/othervm SignatureGetInstance
+ * @run main/othervm SignatureGetInstance default
 * @run main/othervm SignatureGetInstance SHA-256
 */
 import java.security.*;
 import java.security.interfaces.*;
@ -37,8 +38,12 @@ import sun.security.util.SignatureUtil;
 public class SignatureGetInstance {
    private static final String SIGALG = "RSASSA-PSS";
    private static PSSParameterSpec pssParamSpec;
    public static void main(String[] args) throws Exception {
        String mdName = args[0];
        pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT :
                new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1);
        Provider testProvider = new TestProvider();
        // put test provider before SunRsaSign provider
        Security.insertProviderAt(testProvider, 1);
@ -85,7 +90,7 @@ public class SignatureGetInstance {
    private static void testDblInit(PrivateKey key1, PublicKey key2,
            boolean shouldPass, String expectedProvName) throws Exception {
        Signature sig = Signature.getInstance(SIGALG);
-        SignatureUtil.initSignWithParam(sig, key1, PSSParameterSpec.DEFAULT, null);
+        SignatureUtil.initSignWithParam(sig, key1, pssParamSpec, null);
        try {
            sig.initVerify(key2);
            if (!shouldPass) {
@ -108,7 +113,7 @@ public class SignatureGetInstance {
        } else {
            sig = Signature.getInstance(SIGALG, provName);
        }
-        AlgorithmParameterSpec params = PSSParameterSpec.DEFAULT;
+        AlgorithmParameterSpec params = pssParamSpec;
        boolean doSign = (key instanceof PrivateKey);
        try {
            if (doSign) {
--- a/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java
+++ b/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java
@ -24,23 +24,30 @@
 /**
 * @test
 * @bug 4716321
 * @library /test/lib
 * @summary Ensure the random source supplied in
 * Signature.initSign(PrivateKey, SecureRandom) is used.
 * @run main TestInitSignWithMyOwnRandom DSA 512
 * @run main TestInitSignWithMyOwnRandom SHA256withDSA 2048
 */
 import java.security.*;
 import jdk.test.lib.security.SecurityUtils;
 public class TestInitSignWithMyOwnRandom {
-    public static void main(String[] argv) throws Exception {
+    public static void main(String[] args) throws Exception {
        // any signature implementation will do as long as
        // it needs a random source
        Provider p = Security.getProvider(
-                            System.getProperty("test.provider.name", "SUN"));
+                System.getProperty("test.provider.name", "SUN"));
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
+        String kpgAlgorithm = "DSA";
-        kpg.initialize(512);
+        int keySize = Integer.parseInt(args[1]);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
        kpg.initialize(keySize);
        KeyPair kp = kpg.generateKeyPair();
        TestRandomSource rand = new TestRandomSource();
-        Signature sig = Signature.getInstance("DSA", p);
+        String signAlgo = args[0];
        Signature sig = Signature.getInstance(signAlgo, p);
        sig.initSign(kp.getPrivate(), rand);
        sig.update(new byte[20]);
        sig.sign();
--- a/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java
+++ b/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java
@ -48,7 +48,7 @@ public class VerifyRangeCheckOverflow {
        PublicKey publicKey = keys.getPublic();
        byte[] sigBytes = new byte[100];
-        Signature signature = Signature.getInstance("SHA1withDSA");
+        Signature signature = Signature.getInstance("SHA256withDSA");
        signature.initVerify(publicKey);
        try {
            signature.verify(sigBytes, Integer.MAX_VALUE, 1);
--- a/test/jdk/java/security/SignedObject/Chain.java
+++ b/test/jdk/java/security/SignedObject/Chain.java
@ -165,6 +165,8 @@ public class Chain {
        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
        new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.SHA224withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.SHA256withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.SHA3_224withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.SHA3_256withRSA, KeyAlg.RSA, Provider.Default),
        new Test(SigAlg.SHA3_384withRSA, KeyAlg.RSA, Provider.Default),
--- a/test/jdk/java/security/SignedObject/Copy.java
+++ b/test/jdk/java/security/SignedObject/Copy.java
@ -31,31 +31,35 @@ import java.security.SignedObject;
 * @test
 * @bug 8050374
 * @summary Checks if a signed object is a copy of an original object
 * @run main Copy DSA 512
 * @run main Copy SHA256withDSA 2048
 */
 public class Copy {
    private static final String DSA = "DSA";
    private static final int KEY_SIZE = 512;
    private static final int MAGIC = 123;
    public static void main(String args[]) throws Exception {
        int keySize = Integer.parseInt(args[1]);
        KeyPairGenerator kg = KeyPairGenerator.getInstance(DSA);
-        kg.initialize(KEY_SIZE);
+        kg.initialize(keySize);
        KeyPair kp = kg.genKeyPair();
-        Signature signature = Signature.getInstance(DSA);
+        String signAlgo = args[0];
        Signature signature = Signature.getInstance(signAlgo);
        Test original = new Test();
        SignedObject so = new SignedObject(original, kp.getPrivate(),
                signature);
        System.out.println("Signature algorithm: " + so.getAlgorithm());
-        signature = Signature.getInstance(DSA, System.getProperty("test.provider.name", "SUN"));
+        signature = Signature.getInstance(signAlgo,
                System.getProperty("test.provider.name", "SUN"));
        if (!so.verify(kp.getPublic(), signature)) {
            throw new RuntimeException("Verification failed");
        }
        kg = KeyPairGenerator.getInstance(DSA);
-        kg.initialize(KEY_SIZE);
+        kg.initialize(keySize);
        kp = kg.genKeyPair();
        if (so.verify(kp.getPublic(), signature)) {
--- a/test/jdk/javax/crypto/Cipher/ByteBuffers.java
+++ b/test/jdk/javax/crypto/Cipher/ByteBuffers.java
@ -27,6 +27,8 @@
 * @summary Test the Cipher.update/doFinal(ByteBuffer, ByteBuffer) methods
 * @author Andreas Sterbenz
 * @key randomness
 * @run main ByteBuffers DES 8
 * @run main ByteBuffers AES 16
 */
 import java.util.*;
@ -47,11 +49,13 @@ public class ByteBuffers {
        byte[] t = new byte[n];
        random.nextBytes(t);
-        byte[] keyBytes = new byte[8];
+        int keyInt = Integer.parseInt(args[1]);
        byte[] keyBytes = new byte[keyInt];
        random.nextBytes(keyBytes);
-        SecretKey key = new SecretKeySpec(keyBytes, "DES");
+        String algo = args[0];
        SecretKey key = new SecretKeySpec(keyBytes, algo);
-        Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
+        Cipher cipher = Cipher.getInstance(algo + "/ECB/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] outBytes = cipher.doFinal(t);
--- a/test/jdk/javax/crypto/Cipher/TestGetInstance.java
+++ b/test/jdk/javax/crypto/Cipher/TestGetInstance.java
@ -26,10 +26,13 @@
 * @bug 4898428
 * @summary test that the new getInstance() implementation works correctly
 * @author Andreas Sterbenz
 * @run main TestGetInstance DES PBEWithMD5AndTripleDES
 * @run main TestGetInstance AES PBEWithHmacSHA1AndAES_128
 */
 import java.security.*;
 import java.security.spec.*;
 import java.util.Locale;
 import javax.crypto.*;
@ -42,61 +45,64 @@ public class TestGetInstance {
    }
    public static void main(String[] args) throws Exception {
        String algo = args[0];
        String algoLC = algo.toLowerCase(Locale.ROOT);
        String pbeAlgo = args[1];
        Provider p = Security.getProvider(
                System.getProperty("test.provider.name", "SunJCE"));
        Cipher c;
-        c = Cipher.getInstance("PBEWithMD5AndTripleDES");
+        c = Cipher.getInstance(pbeAlgo);
        same(p, c.getProvider());
-        c = Cipher.getInstance("des",
+        c = Cipher.getInstance(algoLC,
                System.getProperty("test.provider.name", "SunJCE"));
        same(p, c.getProvider());
-        c = Cipher.getInstance("des/cbc/pkcs5padding",
+        c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding",
                System.getProperty("test.provider.name", "SunJCE"));
        same(p, c.getProvider());
-        c = Cipher.getInstance("des", p);
+        c = Cipher.getInstance(algoLC, p);
        same(p, c.getProvider());
-        c = Cipher.getInstance("des/cbc/pkcs5padding", p);
+        c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding", p);
        same(p, c.getProvider());
        try {
-            c = Cipher.getInstance("DES/XYZ/PKCS5Padding");
+            c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding");
            throw new AssertionError();
        } catch (NoSuchAlgorithmException e) {
            System.out.println(e);
        }
        try {
-            c = Cipher.getInstance("DES/XYZ/PKCS5Padding",
+            c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding",
                    System.getProperty("test.provider.name", "SunJCE"));
            throw new AssertionError();
        } catch (NoSuchAlgorithmException e) {
            System.out.println(e);
        }
        try {
-            c = Cipher.getInstance("DES/XYZ/PKCS5Padding", p);
+            c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding", p);
            throw new AssertionError();
        } catch (NoSuchAlgorithmException e) {
            System.out.println(e);
        }
        try {
-            c = Cipher.getInstance("DES/CBC/XYZPadding");
+            c = Cipher.getInstance(algo + "/CBC/XYZPadding");
            throw new AssertionError();
        } catch (NoSuchAlgorithmException e) {
            System.out.println(e);
        }
        try {
-            c = Cipher.getInstance("DES/CBC/XYZPadding",
+            c = Cipher.getInstance(algo + "/CBC/XYZPadding",
                    System.getProperty("test.provider.name", "SunJCE"));
            throw new AssertionError();
        } catch (NoSuchPaddingException e) {
            System.out.println(e);
        }
        try {
-            c = Cipher.getInstance("DES/CBC/XYZPadding", p);
+            c = Cipher.getInstance(algo + "/CBC/XYZPadding", p);
            throw new AssertionError();
        } catch (NoSuchPaddingException e) {
            System.out.println(e);
--- a/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java
+++ b/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java
@ -27,6 +27,8 @@
 * @summary Cipher.doFinal(ByteBuffer,ByteBuffer) fails to
 *     process when in.remaining() == 0
 * @key randomness
 * @run main DirectBBRemaining DES 8
 * @run main DirectBBRemaining AES 16
 */
 import java.nio.ByteBuffer;
@ -53,11 +55,13 @@ public class DirectBBRemaining {
        boolean failedOnce = false;
        Exception failedReason = null;
-        byte[] keyBytes = new byte[8];
+        int keyInt = Integer.parseInt(args[1]);
        byte[] keyBytes = new byte[keyInt];
        random.nextBytes(keyBytes);
-        SecretKey key = new SecretKeySpec(keyBytes, "DES");
+        String algo = args[0];
        SecretKey key = new SecretKeySpec(keyBytes, algo);
-        Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding",
+        Cipher cipher = Cipher.getInstance(algo + "/CBC/PKCS5Padding",
                System.getProperty("test.provider.name", "SunJCE"));
        cipher.init(Cipher.ENCRYPT_MODE, key);
--- a/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java
+++ b/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java
@ -29,6 +29,8 @@
 * crypto permssion checks failed.
 * @author Valerie Peng
 * @key randomness
 * @run main AllPermCheck DES
 * @run main AllPermCheck AES
 */
 import java.io.*;
@ -86,7 +88,8 @@ public class AllPermCheck {
    public static void main(String[] args) throws Exception {
        Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
        System.out.println("Testing provider " + p.getName() + "...");
-        if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) {
+        String transformation = args[0];
        if (Cipher.getMaxAllowedKeyLength(transformation) == Integer.MAX_VALUE) {
            // skip this test for unlimited jurisdiction policy files
            System.out.println("Skip this test due to unlimited version");
            return;
--- a/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java
+++ b/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java
@ -48,7 +48,7 @@ public class LowercasePermCheck {
    public static void main(String[] args) throws Exception {
        Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
        System.out.println("Testing provider " + p.getName() + "...");
-        if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) {
+        if (Cipher.getMaxAllowedKeyLength("AES") == Integer.MAX_VALUE) {
            // skip this test for unlimited jurisdiction policy files
            System.out.println("Skip this test due to unlimited version");
            return;
--- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java
+++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java
@ -26,6 +26,8 @@
 * @bug 4508341
 * @summary Test the EncryptedPrivateKeyInfo.getKeySpec(...) methods.
 * @author Valerie Peng
 * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpec
 * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpec
 */
 import java.util.*;
 import java.nio.*;
@ -37,12 +39,13 @@ import javax.crypto.*;
 import javax.crypto.spec.*;
 public class GetKeySpec {
-    private static final String cipherAlg = "PBEWithMD5AndDES";
+    private static String cipherAlg;
    private static final char[] passwd = { 'p','a','s','s','w','d' };
    private static AlgorithmParameters GOOD_PARAMS;
    static {
        try {
            cipherAlg = System.getProperty("cipherAlg");
            PBEParameterSpec goodParamSpec =
                new PBEParameterSpec(new byte[8], 1024);
            GOOD_PARAMS = AlgorithmParameters.getInstance
@ -55,7 +58,8 @@ public class GetKeySpec {
    }
    private static String pkcs8Encoded = "30:82:01:53:02:01:00:30:0D:06:09:2A:86:48:86:F7:0D:01:01:01:05:00:04:82:01:3D:30:82:01:39:02:01:00:02:40:6E:A4:13:65:97:A2:C2:47:5E:F2:23:6B:94:D8:D7:25:13:BB:A4:AE:8A:AA:A7:27:A4:9A:04:DC:15:F7:9B:E4:39:18:99:9E:27:EA:92:BB:D0:0E:F3:26:F4:95:89:33:02:65:6D:84:69:2C:CE:B7:FA:68:8E:FE:8D:63:44:6B:02:03:01:00:01:02:40:59:6E:1C:13:98:FE:C1:04:89:75:35:36:27:29:22:B5:E0:7E:62:BD:86:6E:2C:10:7A:16:D8:68:C1:04:D4:A7:10:41:F7:B9:B4:84:05:03:A5:C0:28:73:24:A7:24:F1:1B:C3:4F:BF:05:20:D0:D9:00:08:7F:C3:29:64:1B:29:02:21:00:C4:63:4D:0C:32:51:44:AE:DD:90:A9:B7:B6:C2:6B:11:BE:D2:07:E7:B5:C2:4A:9F:4D:0F:2F:30:5F:E6:1C:6D:02:21:00:90:39:A4:2D:93:0B:08:AF:2F:6F:18:CC:1A:EF:B6:E6:01:E7:21:3A:7F:45:C7:3F:39:12:B8:CC:DF:44:2D:37:02:21:00:B3:9B:61:9E:B2:F2:12:4F:9E:C1:2C:06:A1:B5:A3:38:62:7D:31:CF:9F:32:67:0E:D3:E9:FC:2D:50:B7:61:ED:02:20:5B:FD:77:FB:5D:A3:97:09:6E:1E:D5:59:32:01:1D:CE:7C:FE:38:12:80:A5:38:1D:DA:40:57:C0:CC:D3:46:67:02:20:52:EC:61:05:0D:EC:8A:ED:F7:1E:95:67:D0:7C:8B:D9:AA:A5:33:B8:26:26:2E:8F:D7:A7:18:16:2A:83:63:5C";
-    private static String encryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2";
+    private static String sha1EncryptedPKCS8 = "0D:CA:00:8F:64:91:9C:60:36:F5:9B:BD:DD:C5:A9:A2:27:9E:6B:AE:CB:23:0E:2F:DA:76:03:A5:B7:C0:D5:3E:B9:03:60:62:41:2C:D6:51:37:F0:D9:ED:B2:CC:E7:99:28:03:CD:20:5D:EC:56:77:FC:61:57:D7:8C:F3:F6:10:F7:E5:BA:88:04:FE:1A:17:B3:8C:36:BF:70:2D:CD:6F:BF:83:ED:03:41:22:95:68:E3:08:90:76:B5:97:CB:FF:CE:51:27:14:F6:38:00:22:E9:0F:86:9F:64:D2:47:34:F6:50:DA:A9:80:F5:67:BF:C7:51:B3:38:AF:CD:15:96:50:8F:33:F3:8B:43:4C:AF:ED:DD:37:03:EC:B1:CC:57:53:0A:AF:0D:53:CD:D7:2B:A2:20:C5:37:AF:09:78:8E:3F:A0:E4:EC:22:C6:71:EC:D1:42:15:9D:1D:E9:E3:9D:8F:D6:0B:2A:99:C9:C8:90:B1:CD:AB:17:DD:A3:6F:64:43:23:26:25:7B:A5:E0:1F:2E:AF:18:89:C8:D6:97:28:32:A1:01:22:6F:14:B6:6C:4E:8A:83:47:16:99:51:B4:8D:85:9E:AB:00:B5:18:BB:49:97:47:59:F8:A7:A8:64:76:3F:41:5F:71:1A:F3:4A:96:F2:B4:44:38:42:4B:AE:0F:08:83:5C:33:F8:6A:8F:B9:6A:3D:1C:06:02:4E:07:48:46:E0:6D:6D:ED:E8:19:CB:3F:B0:6F:10:68:3A:5E:F5:8F:94:EF:B4:8B:58:5F:50:0A:E5:F2:13:54:59:14:99:C5:74:02:A2:B1:73:16:7F:F2:D4:DE:E0:12:86:55:46:9C:57:D1:7A:5C:8B:46:E1:7E:C3:32:14:31:52:64:07:52:9D:65:04:9D:54:89";
    private static String md5EncryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2";
    private static byte[] parse(String s) {
        try {
@ -99,7 +103,7 @@ public class GetKeySpec {
            throw new Exception("Static parameter generation failed");
        }
        byte[] encodedKey = parse(pkcs8Encoded);
-        byte[] encryptedData = parse(encryptedPKCS8);
+        byte[] encryptedData = parse(cipherAlg.contains("MD5") ? md5EncryptedPKCS8 : sha1EncryptedPKCS8);
        boolean result = true;
        Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
--- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java
+++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java
@ -28,6 +28,8 @@
 * @summary Test the error conditions of
 * EncryptedPrivateKeyInfo.getKeySpec(...) methods.
 * @author Valerie Peng
 * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecException
 * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecException
 */
 import java.security.*;
 import java.util.Arrays;
@ -37,7 +39,7 @@ import javax.crypto.*;
 import javax.crypto.spec.*;
 public class GetKeySpecException {
-    private static final String cipherAlg = "PBEWithMD5AndDES";
+    private static String cipherAlg;
    private static final char[] passwd = { 'p','a','s','s','w','d' };
    private static SecretKey cipherKey;
    private static Cipher cipher = null;
@ -50,6 +52,7 @@ public class GetKeySpecException {
    static {
        try {
            cipherAlg = System.getProperty("cipherAlg");
            sunjce = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
            PBEParameterSpec badParamSpec =
                new PBEParameterSpec(new byte[10], 10);
--- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java
+++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java
@ -28,6 +28,8 @@
 * with wrong mode with EncryptedPrivateKeyInfo.getKeySpec
 * (Cipher) method.
 * @author Valerie Peng
 * @run main GetKeySpecException2 PBEWithMD5AndDES
 * @run main GetKeySpecException2 PBEWithSHA1AndDESede
 */
 import java.security.*;
 import java.util.Arrays;
@ -38,11 +40,10 @@ import javax.crypto.interfaces.PBEKey;
 import javax.crypto.spec.*;
 public class GetKeySpecException2 {
    private static final String cipherAlg = "PBEWithMD5AndDES";
    private static final char[] passwd = { 'p','a','s','s','w','d' };
-    public static void main(String[] argv) throws Exception {
+    public static void main(String[] args) throws Exception {
-
+        String cipherAlg = args[0];
        // use random data
        byte[] encryptedData = new byte[30];
        encryptedData[20] = (byte) 8;
--- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java
+++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java
@ -28,6 +28,8 @@
 * methods with scenarios where the decrypted bytes are not
 * encoded correctly per PKCS#8 standard.
 * @author Valerie Peng
 * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecInvalidEncoding
 * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecInvalidEncoding
 */
 import java.util.*;
 import java.nio.*;
@ -39,12 +41,13 @@ import javax.crypto.*;
 import javax.crypto.spec.*;
 public class GetKeySpecInvalidEncoding {
-    private static final String cipherAlg = "PBEWithMD5AndDES";
+    private static String cipherAlg;
    private static final char[] passwd = { 'p','a','s','s', 'w', 'd' };
    private static AlgorithmParameters GOOD_PARAMS;
    static {
        try {
            cipherAlg = System.getProperty("cipherAlg");
            PBEParameterSpec goodParamSpec =
                new PBEParameterSpec(new byte[8], 6);
            GOOD_PARAMS = AlgorithmParameters.getInstance
--- a/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java
+++ b/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java
@ -26,6 +26,8 @@
 * @bug 4898428
 * @summary test that the new getInstance() implementation works correctly
 * @author Andreas Sterbenz
 * @run main TestGetInstance des
 * @run main TestGetInstance aes
 */
 import java.security.*;
@ -47,12 +49,13 @@ public class TestGetInstance {
        KeyGenerator kg;
-        kg = KeyGenerator.getInstance("des");
+        String algo = args[0];
        kg = KeyGenerator.getInstance(algo);
        System.out.println("Default: " + kg.getProvider().getName());
-        kg = KeyGenerator.getInstance("des",
+        kg = KeyGenerator.getInstance(algo,
                System.getProperty("test.provider.name", "SunJCE"));
        same(p, kg.getProvider());
-        kg = KeyGenerator.getInstance("des", p);
+        kg = KeyGenerator.getInstance(algo, p);
        same(p, kg.getProvider());
        try {
--- a/test/jdk/javax/crypto/Mac/ByteBuffers.java
+++ b/test/jdk/javax/crypto/Mac/ByteBuffers.java
@ -27,6 +27,8 @@
 * @summary Test the Mac.update(ByteBuffer) method
 * @author Andreas Sterbenz
 * @key randomness
 * @run main ByteBuffers HmacMD5
 * @run main ByteBuffers HmacSha256
 */
 import java.util.*;
@ -46,11 +48,12 @@ public class ByteBuffers {
        byte[] t = new byte[n];
        random.nextBytes(t);
        String algo = args[0];
        byte[] keyBytes = new byte[16];
        random.nextBytes(keyBytes);
-        SecretKey key = new SecretKeySpec(keyBytes, "HmacMD5");
+        SecretKey key = new SecretKeySpec(keyBytes, algo);
-        Mac mac = Mac.getInstance("HmacMD5");
+        Mac mac = Mac.getInstance(algo);
        mac.init(key);
        byte[] macValue = mac.doFinal(t);
--- a/test/jdk/javax/crypto/Mac/TestGetInstance.java
+++ b/test/jdk/javax/crypto/Mac/TestGetInstance.java
@ -26,6 +26,8 @@
 * @bug 4898428
 * @summary test that the new getInstance() implementation works correctly
 * @author Andreas Sterbenz
 * @run main TestGetInstance hmacmd5
 * @run main TestGetInstance hmacsha256
 */
 import java.security.*;
@ -47,11 +49,12 @@ public class TestGetInstance {
        Mac mac;
-        mac = Mac.getInstance("hmacmd5");
+        String algo = args[0];
        mac = Mac.getInstance(algo);
        System.out.println("Default: " + mac.getProvider().getName());
-        mac = Mac.getInstance("hmacmd5", System.getProperty("test.provider.name", "SunJCE"));
+        mac = Mac.getInstance(algo, System.getProperty("test.provider.name", "SunJCE"));
        same(p, mac.getProvider());
-        mac = Mac.getInstance("hmacmd5", p);
+        mac = Mac.getInstance(algo, p);
        same(p, mac.getProvider());
        try {
--- a/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java
+++ b/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,8 @@
 *          java.base/sun.security.util
 *          java.base/sun.security.x509
 * @compile -XDignore.symbol.file PKCS10AttrEncoding.java
- * @run main PKCS10AttrEncoding
+ * @run main PKCS10AttrEncoding DSA 512
 * @run main PKCS10AttrEncoding Sha256withDSA 2048
 */
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
@ -69,11 +70,13 @@ public class PKCS10AttrEncoding {
            constructedMap.put(ids[j], values[j]);
        }
        String kpgAlgorithm = "DSA";
        X500Name subject = new X500Name("cn=Test");
-        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(kpgAlgorithm);
-        String sigAlg = "DSA";
+        String sigAlg = args[0];
        int keySize = Integer.parseInt(args[1]);
-        keyGen.initialize(512);
+        keyGen.initialize(keySize);
        KeyPair pair = keyGen.generateKeyPair();
        X509Key publicKey = (X509Key) pair.getPublic();
--- a/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java
+++ b/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,8 @@
 * @modules java.base/sun.security.pkcs
 *          java.base/sun.security.util
 *          java.base/sun.security.x509
- * @run main SignerOrder
+ * @run main SignerOrder default 1024
 * @run main SignerOrder Sha256 2048
 */
 import java.io.IOException;
 import java.math.BigInteger;
@ -62,20 +63,21 @@ public class SignerOrder {
    static final byte[] data1 = "12345".getBytes();
    static final byte[] data2 = "abcde".getBytes();
-    public static void main(String[] argv) throws Exception {
+    public static void main(String[] args) throws Exception {
-
+        String digestAlg = "default".equals(args[0]) ? null : args[0];
        int keySize = Integer.parseInt(args[1]);
        SignerInfo[] signerInfos = new SignerInfo[9];
-        SimpleSigner signer1 = new SimpleSigner(null, null, null, null);
+        SimpleSigner signer1 = new SimpleSigner(digestAlg, null, null, null, keySize);
        signerInfos[8] = signer1.genSignerInfo(data1);
        signerInfos[7] = signer1.genSignerInfo(new byte[]{});
        signerInfos[6] = signer1.genSignerInfo(data2);
-        SimpleSigner signer2 = new SimpleSigner(null, null, null, null);
+        SimpleSigner signer2 = new SimpleSigner(digestAlg, null, null, null, keySize);
        signerInfos[5] = signer2.genSignerInfo(data1);
        signerInfos[4] = signer2.genSignerInfo(new byte[]{});
        signerInfos[3] = signer2.genSignerInfo(data2);
-        SimpleSigner signer3 = new SimpleSigner(null, null, null, null);
+        SimpleSigner signer3 = new SimpleSigner(digestAlg, null, null, null, keySize);
        signerInfos[2] = signer3.genSignerInfo(data1);
        signerInfos[1] = signer3.genSignerInfo(new byte[]{});
        signerInfos[0] = signer3.genSignerInfo(data2);
@ -156,28 +158,33 @@ class SimpleSigner {
    public SimpleSigner(String digestAlg,
            String encryptionAlg,
            KeyPair keyPair,
-            X500Name agent) throws Exception {
+            X500Name agent,
            int keySize) throws Exception {
        String signAlgoDigest;
        if (agent == null) {
            agent = new X500Name("cn=test");
        }
        if (digestAlg == null) {
            digestAlg = "SHA";
        }
        if (encryptionAlg == null) {
            encryptionAlg = "DSA";
        }
        if (digestAlg == null) {
            digestAlg = "SHA";
            signAlgoDigest = encryptionAlg;
        } else {
            signAlgoDigest = digestAlg + "with" + encryptionAlg;
        }
        if (keyPair == null) {
            KeyPairGenerator keyGen =
                    KeyPairGenerator.getInstance(encryptionAlg);
-            keyGen.initialize(1024);
+            keyGen.initialize(keySize);
            keyPair = keyGen.generateKeyPair();
        }
        publicKey = (X509Key) keyPair.getPublic();
        privateKey = keyPair.getPrivate();
        if ("DSA".equals(encryptionAlg)) {
-            this.sig = Signature.getInstance(encryptionAlg);
+            this.sig = Signature.getInstance(signAlgoDigest);
        } else { // RSA
            this.sig = Signature.getInstance(digestAlg + "/" + encryptionAlg);
        }
--- a/test/jdk/sun/security/rsa/TestKeyPairGenerator.java
+++ b/test/jdk/sun/security/rsa/TestKeyPairGenerator.java
@ -86,9 +86,10 @@ public class TestKeyPairGenerator {
    }
    // regression test for 4865198
-    private static void testInvalidSignature(KeyPair kp1, KeyPair kp2) throws Exception {
+    private static void testInvalidSignature(KeyPair kp1, KeyPair kp2, String signAlgo)
            throws Exception {
        System.out.println("Testing signature with incorrect key...");
-        Signature sig = Signature.getInstance("MD5withRSA", provider);
+        Signature sig = Signature.getInstance(signAlgo, provider);
        sig.initSign(kp1.getPrivate());
        byte[] data = new byte[100];
        sig.update(data);
@ -153,9 +154,14 @@ public class TestKeyPairGenerator {
            }
            test(privateKey, publicKey);
        }
-        testInvalidSignature(keyPairs[0], keyPairs[1]);
+        String md5Algo = "MD5withRSA";
-        testInvalidSignature(keyPairs[0], keyPairs[2]);
+        String sha256Algo = "Sha256withRSA";
-        testInvalidSignature(keyPairs[2], keyPairs[0]);
+        testInvalidSignature(keyPairs[0], keyPairs[1], md5Algo);
        testInvalidSignature(keyPairs[0], keyPairs[2], md5Algo);
        testInvalidSignature(keyPairs[2], keyPairs[0], md5Algo);
        testInvalidSignature(keyPairs[0], keyPairs[1], sha256Algo);
        testInvalidSignature(keyPairs[0], keyPairs[2], sha256Algo);
        testInvalidSignature(keyPairs[2], keyPairs[0], sha256Algo);
        long stop = System.currentTimeMillis();
        System.out.println("All tests passed (" + (stop - start) + " ms).");
    }
--- a/test/jdk/sun/security/rsa/pss/InitAgain.java
+++ b/test/jdk/sun/security/rsa/pss/InitAgain.java
@ -29,18 +29,23 @@ import jdk.test.lib.security.SecurityUtils;
 * @bug 8205445
 * @library /test/lib
 * @summary Make sure old state is cleared when init is called again
 * @run main InitAgain default
 * @run main InitAgain SHA-256
 */
 public class InitAgain {
    public static void main(String[] args) throws Exception {
        String mdName = args[0];
        PSSParameterSpec pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT :
                new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1);
        byte[] msg = "hello".getBytes();
        Signature s1 = Signature.getInstance("RSASSA-PSS");
        Signature s2 = Signature.getInstance("RSASSA-PSS");
-        s1.setParameter(PSSParameterSpec.DEFAULT);
+        s1.setParameter(pssParamSpec);
-        s2.setParameter(PSSParameterSpec.DEFAULT);
+        s2.setParameter(pssParamSpec);
        String kpgAlgorithm = "RSA";
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm);
--- a/test/jdk/sun/security/tools/keytool/KeyToolTest.java
+++ b/test/jdk/sun/security/tools/keytool/KeyToolTest.java
@ -68,6 +68,7 @@ import java.security.NoSuchAlgorithmException;
 import java.util.*;
 import java.security.cert.X509Certificate;
 import jdk.test.lib.util.FileUtils;
 import jdk.test.lib.security.SecurityUtils;
 import sun.security.util.ObjectIdentifier;
@ -103,6 +104,8 @@ public class KeyToolTest {
            "-srcproviderName SunPKCS11-nzz " +
            "-addprovider SunPKCS11 " +
            "-providerArg p11-nzz.txt ";
    private static final int KEY_LENGTH_DSA = SecurityUtils.getTestKeySize("DSA");
    private static final int KEY_LENGTH_RSA = SecurityUtils.getTestKeySize("RSA");
    String p11Arg, srcP11Arg;
@ -192,7 +195,7 @@ public class KeyToolTest {
            // SunPKCS11-NSS does not support SHA256withDSA yet.
            if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey")
                    && cmd.contains("DSA")) {
-                cmd += " -sigalg SHA1withDSA -keysize 1024";
+                cmd += " -sigalg SHA256withDSA -keysize " + KEY_LENGTH_DSA;
            }
            test(input, cmd);
        } catch(Exception e) {
@ -955,6 +958,9 @@ public class KeyToolTest {
        // sig not compatible
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -selfcert -sigalg MD5withRSA");
        // sig not compatible
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -selfcert -sigalg SHA256withRSA");
        // bad pass
        testFail("", "-keystore x.jks -storetype JKS -storepass wrong " +
                "-keypass changeit -selfcert");
@ -1062,10 +1068,10 @@ public class KeyToolTest {
                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " +
                "-alias n5");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " +
+                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 2048 " +
                "-alias n6");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " +
+                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 3072 " +
                "-alias n7");
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " +
@ -1076,6 +1082,9 @@ public class KeyToolTest {
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
                "-sigalg MD5withRSA -alias n10");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
                "-sigalg SHA256withRSA -alias n10-1");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
                "-sigalg SHA1withRSA -alias n11");
@ -1152,16 +1161,20 @@ public class KeyToolTest {
        remove("csr1");
        // PrivateKeyEntry can do certreq
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024");
+                "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize " +
                KEY_LENGTH_DSA);
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-certreq -file csr1 -alias mykey");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-certreq -file csr1");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-certreq -file csr1 -sigalg SHA1withDSA");
+                "-certreq -file csr1 -sigalg SHA256withDSA");
-        // unmatched sigalg
+        // unmatched md5
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-certreq -file csr1 -sigalg MD5withRSA");
        // unmatched sha
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-certreq -file csr1 -sigalg SHA256withRSA");
        // misc test
        // bad storepass
        testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass " +
@ -1192,9 +1205,9 @@ public class KeyToolTest {
                "-certreq -file csr1");
        // unmatched sigalg
        testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-certreq -file csr1 -sigalg SHA1withDSA");
+                "-certreq -file csr1 -sigalg SHA256withDSA");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
-                "-certreq -file csr1 -sigalg MD5withRSA");
+                "-certreq -file csr1 -sigalg SHA256withRSA");
        // TrustedCertificateEntry cannot do certreq
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-exportcert -file x.jks.p1.cert");
@ -1222,6 +1235,9 @@ public class KeyToolTest {
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa " +
                "-keysize 512 -sigalg MD5withRSA -alias myweakkey");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa -keysize " +
                KEY_LENGTH_RSA + " -sigalg SHA256withRSA -alias myweakkey-sha");
        testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
                "-export -file myweakkey.cert -alias myweakkey");
        testFail("", "-printcert -file badkeystore");
@ -1673,31 +1689,32 @@ public class KeyToolTest {
        remove("x.jks");
        testOK("", "-help");
-        //   2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore
+        //   2. keytool -genkey -keyalg DSA -v -keysize <strongKeySize> Enter "a" for the keystore
        // password. Check error (password too short). Enter "password" for
        // the keystore password. Hit 'return' for "first and last name",
        // "organizational unit", "City", "State", and "Country Code".
        // Type "yes" when they ask you if everything is correct.
        // Type 'return' for new key password.
        testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n",
-                "-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS");
+                "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA + " -keystore x.jks " +
                        "-storetype JKS");
        //   3. keytool -list -v -storepass password
        testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS");
        //   4. keytool -list -v Type "a" for the keystore password.
        // Check error (wrong keystore password).
        testFail("a\n", "-list -v -keystore x.jks -storetype JKS");
        assertTrue(ex.indexOf("password was incorrect") != -1);
-        //   5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password.
+        //   5. keytool - -keyalg DSA -v -keysize <strongKeySize> Enter "password" as the password.
        // Check error (alias 'mykey' already exists).
-        testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" +
+        testFail("password\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA +
                " -keystore x.jks -storetype JKS");
        assertTrue(ex.indexOf("alias <mykey> already exists") != -1);
-        //   6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password
+        //   6. keytool -genkey -keyalg DSA -v -keysize <strongKeySize> -alias mykey2 -storepass password
        // Hit 'return' for "first and last name", "organizational unit", "City",
        // "State", and "Country Code". Type "yes" when they ask you if
        // everything is correct. Type 'return' for new key password.
-        testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" +
+        testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA +
-                " -storepass password -keystore x.jks -storetype JKS");
+                " -alias mykey2 -storepass password -keystore x.jks -storetype JKS");
        //   7. keytool -list -v Type 'password' for the store password.
        testOK("password\n", "-list -v -keystore x.jks -storetype JKS");
        //   8. keytool -keypasswd -v -alias mykey2 -storepass password
@ -1777,7 +1794,7 @@ public class KeyToolTest {
        //   1. sccs edit cert8.db key3.db
        //Runtime.getRuntime().exec("/usr/bin/sccs edit cert8.db key3.db");
        testOK("", p11Arg + ("-storepass test12 -genkey -alias genkey" +
-                " -dname cn=genkey -keysize 512 -keyalg rsa"));
+                " -dname cn=genkey -keysize " + KEY_LENGTH_RSA  + " -keyalg rsa"));
        testOK("", p11Arg + "-storepass test12 -list");
        testOK("", p11Arg + "-storepass test12 -list -alias genkey");
        testOK("", p11Arg +