Google -> GitHub Sync, 1 Feb 2017 (#19)

* Removing duplicates from BigIntegerTest.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=142548323

* Remove @NoPresubmitCheck from testModifiedPublic() and testModifiedPublicSpec(). The corresponding bug was fixed in BC 1.55 or BC 1.56.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=142561682

* minor typos

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=142743772

* Regenerating the test vectors for ECDSA:
- this adds more comments for bugtypes and modifications or the signatures.
- fixes some ugly formatting.
- adds some additional test vectors.

There are no new bugs.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144619819

* Regenerating DSA test vectors:
This adds a few more test vectors.
The test vectors are now divided between test vectors with valid BER encodings
and test vectors with invalid DER encodings.
The description of the test vector better describes what was modified.

Also fixing issue #17 on Github: testVectors in DsaTest not using the message parameter

There are no changes to the presubmit tests. Tests that can be enabled because of the
Oracles security update will be added in another CL.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144814889

* Regenerating test vectors for EcdhTest.java

Merging a test with small order into the test vectors.
Fixing ASN encoding of 0 (from 0200 to 020100, i.e. length must be > 0).

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144815129

* Regenerating RSA signatures.

Adding test vectors that were removed because of b/31575502. Oracle fixes this with CVE-2016-5547.

Changing ASN tags with value 0x50 to 0x30 (0x50 would be something like sequence of sequence but does not exist), hence the old vectors are unlikely to cause problems.

Adding more modifications of OIDs. The new vectors unpack the OIDs and change the nodes.
(E.g. the OID for sha256 is the hexadecimal string "608648016503040201" which is an
ASN encoding of "2.16.840.1.101.3.4.2.1". The new test vectors include invalid encoding,
encodings with additional nodes, deleted nodes and nodes that are changed to large integers)

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144846826

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145060646

* Removing presubmit restrictions for tests that have been fixed internally and upstream.
Mainly these are tests with CVEs that were announced during the Jan 17 security update
by Oracle.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145397539

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145418516

* Adding the CVE numbers from Oracles Jan 17 security update to the documentation.
Minor changes to some test vectors: Some of the garbage added to the ASN encoding
was itself incorrect and has been replaced.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145650774

* ECDSA MODIFIED_SIGNATURES should be public now.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=146186539

11 files changed, 2999 insertions, 525 deletions

diff --git a/doc/index.md b/doc/index.md
index c664ba1..0d570e6 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -1,7 +1,7 @@
 # Project Wycheproof
 
 This page describes the goals and strategies of project Wycheproof. See
-[README](../README.md) for introduction to the project.
+[README](../README.md) for an introduction to the project.
 
 ## Defense in depth
 
@@ -33,7 +33,7 @@ rather than exploitability. Examples:
 
 One of the goals of Wycheproof is to test for compatibility issues.
 Switching JCE providers should not introduce vulnerabilities simply because
-the solution was developed with another provider.
+the solution was developed by another provider.
 
 An example for this was the following observation: When using AES-GCM then
 javax.crypto.CipherInputStream worked sort of with JCE and
@@ -49,10 +49,10 @@ cryptographic libraries based on the bugs found would be biased:
 * Libraries used internally in Google get more attention.
   Serious vulnerabilities in these libraries should be fixed at the time the
   tests are added to Wycheproof.  On the other hand it is also likely that
-  tests find a larger number of bugs in thsese libraries when old versions are
+  tests find a larger number of bugs in these libraries when old versions are
   tested.
 * Tests often check for expected behaviour and compatibility.
-  Excpected behaviour is often defined by a prominent library.
+  Expected behaviour is often defined by a prominent library.
   Pointing out such problems can therefore penalize smaller third party
   libraries.
 * We are working toward covering as many potential vulnerabilities as possible
@@ -71,7 +71,7 @@ We should promote robust interfaces with the goal to simplify
 the use of the library, codereviews of applications using the
 library and testing the library.
 
-* When cryptrographic primitives require randomness then the random
+* When cryptographic primitives require randomness then the random
   numbers should be chosen by the library. It shouldn't be possible
   for a user to provide randomness. If the library itself chooses the
   randomness then it is possible (at least to some degree) to check
diff --git a/java/com/google/security/wycheproof/testcases/AesGcmTest.java b/java/com/google/security/wycheproof/testcases/AesGcmTest.java
index d71b8c2..9f27992 100644
--- a/java/com/google/security/wycheproof/testcases/AesGcmTest.java
+++ b/java/com/google/security/wycheproof/testcases/AesGcmTest.java
@@ -16,13 +16,18 @@
 
 package com.google.security.wycheproof;
 
+import com.google.security.wycheproof.WycheproofRunner.ExcludedTest;
+import com.google.security.wycheproof.WycheproofRunner.ProviderType;
+import com.google.security.wycheproof.WycheproofRunner.SlowTest;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmParameterGenerator;
 import java.security.AlgorithmParameters;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.Arrays;
 import javax.crypto.Cipher;
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.GCMParameterSpec;
@@ -178,6 +183,41 @@ public class AesGcmTest extends TestCase {
     }
   }
 
+  /**
+   * JCE has a dangerous feature: after a doFinal the cipher is typically reinitialized using the
+   * previous IV. This "feature" can easily break AES-GCM usages, because encrypting twice with
+   * the same key and IV leaks the authentication key. Hence any reasonable implementation of
+   * AES-GCM should not allow this. The expected behaviour of OpenJDK can be derived from the tests
+   * in jdk/test/com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java.
+   * OpenJDK does not allow two consecutive initializations for encryption with the same key and IV.
+   *
+   * <p>The test here is weaker than the restrictions in OpenJDK. The only requirement here is that
+   * reusing a Cipher without an explicit init() is caught.
+   *
+   * <p>BouncyCastle 1.52 failed this test
+   *
+   * <p>Conscrypt failed this test
+   */
+  public void testIvReuse() throws Exception {
+    for (GcmTestVector test : getTestVectors()) {
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      cipher.init(Cipher.ENCRYPT_MODE, test.key, test.parameters);
+      cipher.updateAAD(test.aad);
+      byte[] ct1 = cipher.doFinal(test.pt);
+      try {
+        byte[] ct2 = cipher.doFinal(test.pt);
+        fail(
+            "It should not possible to reuse an IV."
+                + " ct1:"
+                + TestUtil.bytesToHex(ct1)
+                + " ct2:"
+                + TestUtil.bytesToHex(ct2));
+      } catch (java.lang.IllegalStateException ex) {
+        // This is expected.
+      }
+    }
+  }
+
   /** Encryption with ByteBuffers. */
   public void testByteBuffer() throws Exception {
     for (GcmTestVector test : getTestVectors()) {
@@ -370,4 +410,62 @@ public class AesGcmTest extends TestCase {
     byte[] output = cipher.doFinal(input);
     assertEquals(input.length + 16, output.length);
   }
+
+  /**
+   * Test AES-GCM wrapped around counter bug which leaks plaintext and authentication key. Let's
+   * consider 12-byte IV, counter = IV || 0^31 || 1. For each encryption block, the last 4 bytes of
+   * the counter is increased by 1. After 2^32 blocks, the counter will be wrapped around causing
+   * counter collision and hence, leaking plaintext and authentication key as explained below. The
+   * library must make a check to make sure that the plaintext's length never exceeds 2^32 - 2
+   * blocks. Note that this is different from usual IV collisions because it happens even if users
+   * use different IVs. <br>
+   * We have: <br>
+   * J0 = IV || 0^31 || 1 <br>
+   * Plaintext: P[0], P[1], P[2], .... <br>
+   * Ciphertext: <br>
+   * C[0] = Enc(K, (J0 + 1) % 2^32) XOR P[0] <br>
+   * C[1] = Enc(K, (J0 + 2) % 2^32) XOR P[1] <br>
+   * C[2] = Enc(K, (J0 + 3) % 2^32) XOR P[2] <br>
+   * ... <br>
+   * C[2^32 - 1] = Enc(K, J0) XOR P[2^32 - 1] <br>
+   * C[2^32] = Enc(K, (J0 + 1)% 2^32) XOR P[2^32] <br>
+   * It means that after 2^32 blocks, the counter is wrapped around causing counter collisions. In
+   * counter mode, once the counter is collided then it's reasonable to assume that the plaintext is
+   * leaked. As the ciphertext is already known to attacker, Enc(K, J0) is leaked. <br>
+   * Now, as the authentication tag T is computed as GHASH(H, {}, C) XOR E(K, J0), the attacker can
+   * learn GHASH(H, {}, C}. It essentially means that the attacker finds a polynomial where H is the
+   * root (see Joux attack http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/Joux_comments.pdf).
+   * Solving polynomial equation in GF(2^128) is enough to extract the authentication key.
+   *
+   * <p>BouncyCastle used to have this bug (CVE-2015-6644).
+   *
+   * <p>OpenJDK8 used to have this bug (http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0c3ed12cdaf5)
+   *
+   * <p>The test is slow as we have to encrypt 2^32 blocks.
+   */
+  // TODO(quannguyen): Is there a faster way to test it?
+  @ExcludedTest(
+    providers = {ProviderType.CONSCRYPT},
+    comment = "Conscrypt doesn't support streaming, would crash")
+  @SlowTest(
+    providers = {ProviderType.BOUNCY_CASTLE, ProviderType.SPONGY_CASTLE, ProviderType.OPENJDK})
+  public void testWrappedAroundCounter() throws Exception {
+    try {
+      byte[] iv = new byte[12];
+      byte[] input = new byte[16];
+      byte[] key = new byte[16];
+      (new SecureRandom()).nextBytes(key);
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      cipher.init(
+          Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new GCMParameterSpec(16 * 8, iv));
+      byte[] output = cipher.update(input);
+      for (long i = 0; i < 4294967296L + 2; i++) {
+        byte[] output1 = cipher.update(input);
+        assertFalse("GCM Wrapped Around Counter" + i, Arrays.equals(output, output1));
+      }
+      fail("Expected Exception");
+    } catch (Exception expected) {
+      System.out.println("testWrappedAroundcounter:" + expected.toString());
+    }
+  }
 }
diff --git a/java/com/google/security/wycheproof/testcases/BigIntegerTest.java b/java/com/google/security/wycheproof/testcases/BigIntegerTest.java
index cd5a992..8173a89 100644
--- a/java/com/google/security/wycheproof/testcases/BigIntegerTest.java
+++ b/java/com/google/security/wycheproof/testcases/BigIntegerTest.java
@@ -50,17 +50,12 @@ public class BigIntegerTest extends TestCase {
         new BigInteger("164280218643672633986221"),
         new BigInteger("318665857834031151167461"),
         new BigInteger("7395010240794120709381"),
-        new BigInteger("164280218643672633986221"),
-        new BigInteger("318665857834031151167461"),
         new BigInteger("2995741773170734841812261"),
         new BigInteger("667636712015520329618581"),
         new BigInteger("3317044064679887385961981"),
         new BigInteger("3110269097300703345712981"),
         new BigInteger("552727880697763694556181"),
-        new BigInteger("360681321802296925566181"),
-        new BigInteger("7395010240794120709381"),
         new BigInteger("3404730287403079539471001"),
-        new BigInteger("164280218643672633986221"),
         // Richarg G.E. Pinch, "Some primality testing algorithms"
         // Some composites that passed Maple V's primality test.
         new BigInteger("10710604680091"),
diff --git a/java/com/google/security/wycheproof/testcases/DhTest.java b/java/com/google/security/wycheproof/testcases/DhTest.java
index 3e9c9e7..84be8f2 100644
--- a/java/com/google/security/wycheproof/testcases/DhTest.java
+++ b/java/com/google/security/wycheproof/testcases/DhTest.java
@@ -358,6 +358,8 @@ public class DhTest extends TestCase {
    * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
    * Diffie-Hellman parameters. Implementations must add additional countermeasures such as the ones
    * proposed in RFC 2785.
+   *
+   * <p> CVE-2016-1000346: BouncyCastle before v.1.56 did not validate the other parties public key.
    */
   public void testSubgroupConfinement() throws Exception {
     KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
diff --git a/java/com/google/security/wycheproof/testcases/DhiesTest.java b/java/com/google/security/wycheproof/testcases/DhiesTest.java
index 17ab513..fbf8054 100644
--- a/java/com/google/security/wycheproof/testcases/DhiesTest.java
+++ b/java/com/google/security/wycheproof/testcases/DhiesTest.java
@@ -35,15 +35,18 @@ import junit.framework.TestCase;
  *
  * @author bleichen@google.com (Daniel Bleichenbacher)
  */
-// Tested providers:
-// BC (not recommended)
-//
 // TODO(bleichen):
 // - maybe again CipherInputStream, CipherOutputStream,
 // - byteBuffer.
 // - Exception handling
 // - Is DHIES using the key derivation function for the key stream?
 // - BouncyCastle knows an algorithm IES. Is this the same as DHIES?
+// - Bouncy fixed a padding oracle bug in version 1.56 (CVE-2016-1000345)
+//   So far we have no test for this bug mainly because this cannot be tested
+//   through the JCA interface. BC does not register and algorithm such as
+//   Cipher.DHIESWITHAES-CBC.
+// - So far only BouncyCastles is tesed because this is the only provider
+//   we use that implements DHIES.
 public class DhiesTest extends TestCase {
 
   // TODO(bleichen): This is the same as DhTest.java
diff --git a/java/com/google/security/wycheproof/testcases/DsaTest.java b/java/com/google/security/wycheproof/testcases/DsaTest.java
index e466900..4d546bb 100644
--- a/java/com/google/security/wycheproof/testcases/DsaTest.java
+++ b/java/com/google/security/wycheproof/testcases/DsaTest.java
@@ -15,7 +15,6 @@
  */
 
 // TODO(bleichen):
-// - add tests for signature malleability and ASN parsing.
 // - add tests for SHA1WithDSA with wrong key
 // - add tests for "alternative" algorithm names
 // - convert tests for deterministic DSA variants.
@@ -29,6 +28,8 @@ package com.google.security.wycheproof;
 
 import com.google.security.wycheproof.WycheproofRunner.ProviderType;
 import com.google.security.wycheproof.WycheproofRunner.SlowTest;
+import java.lang.management.ManagementFactory;
+import java.lang.management.ThreadMXBean;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
@@ -111,7 +112,338 @@ public class DsaTest extends TestCase {
         + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
   };
 
+  /**
+   * The following test vectos are derived from a valid signature by
+   * using alternative BER encoding as well as legacy formats.
+   * Accepting such signatures is in many cases benign. Hence the tests
+   * below will pass if such signatures are accepted as valid.
+   * The test vectors could be used to check for signature malleability.
+   * An example where this kind of signature malleability was a problem is
+   * https://en.bitcoin.it/wiki/Transaction_Malleability
+   */
+  static final String[] MODIFIED_SIGNATURES = {
+    // BER:long form encoding of length
+    "30813d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e02811c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "02811d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // BER:length contains leading 0
+    "3082003d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    "303f0282001c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0282001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // BER:prepending 0's to integer
+    "303f021e00001e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021f000000ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // The Sun provider accepts DSA signatures where a leading 00 has
+    // been omitted in the ASN encoding.
+    "303c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021cade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+  };
+
+  /**
+   * The following test vectors are invalid DSA signatures.
+   * According to {@link java.security.Signature#verify(byte[])} verifying an invalid
+   * signature may either return false or throw a SignatureException.
+   * We expect that a correct implementation of DSA signatures satisfies this contract.
+   * Throwing a RuntimeException instead of a SignatureException could for example
+   * result in a denial of service attack.
+   *
+   * <p>A list of problems that are caught by these signatures:
+   * <li> CVE-2016-5546: OpenJDK8 throwed java.lang.ArrayIndexOutOfBoundsException for
+   * some invalid DSA signatures.
+   * </ul>
+   */
   static final String[] INVALID_SIGNATURES = {
+    // wrong length
+    "303e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021d1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021b1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021e00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021c00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // uint32 overflow in length
+    "3085010000003d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916"
+        + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    "30420285010000001c1e41b479ad576905b960fe14eadb91b0ccf34843dab916"
+        + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    "3042021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0285010000001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    // uint64 overflow in length
+    "308901000000000000003d021c1e41b479ad576905b960fe14eadb91b0ccf348"
+        + "43dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf"
+        + "3365813fe8786236",
+    "3046028901000000000000001c1e41b479ad576905b960fe14eadb91b0ccf348"
+        + "43dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf"
+        + "3365813fe8786236",
+    "3046021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "028901000000000000001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf"
+        + "3365813fe8786236",
+    // length = 2**31 - 1
+    "30847fffffff021c1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "304102847fffffff1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3041021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "02847fffffff00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    // length = 2**32 - 1
+    "3084ffffffff021c1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "30410284ffffffff1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3041021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0284ffffffff00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    // length = 2**64 - 1
+    "3088ffffffffffffffff021c1e41b479ad576905b960fe14eadb91b0ccf34843"
+        + "dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "30450288ffffffffffffffff1e41b479ad576905b960fe14eadb91b0ccf34843"
+        + "dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "3045021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0288ffffffffffffffff00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    // removing sequence
+    "",
+    // appending 0's to sequence
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623600"
+        + "00",
+    // prepending 0's to sequence
+    "303f0000021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // appending unused 0's
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0000021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // appending null value
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623605"
+        + "00",
+    "303f021e1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0500021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021f00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623605"
+        + "00",
+    // including garbage
+    "3042498177303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916"
+        + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    "30412500303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "303f303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "360004deadbeef",
+    "30422221498177021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916"
+        + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    "304122202500021c1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3045221e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd0004deadbeef021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "3042021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "2222498177021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f"
+        + "e8786236",
+    "3041021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "22212500021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3045021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "221f021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "360004deadbeef",
+    // including undefined tags
+    "3045aa00bb00cd00303d021c1e41b479ad576905b960fe14eadb91b0ccf34843"
+        + "dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "3043aa02aabb303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab9"
+        + "16173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf336581"
+        + "3fe8786236",
+    "30452224aa00bb00cd00021c1e41b479ad576905b960fe14eadb91b0ccf34843"
+        + "dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "30432222aa02aabb021c1e41b479ad576905b960fe14eadb91b0ccf34843dab9"
+        + "16173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf336581"
+        + "3fe8786236",
+    "3045021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "2225aa00bb00cd00021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf33"
+        + "65813fe8786236",
+    "3043021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "2223aa02aabb021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf336581"
+        + "3fe8786236",
+    // changing tag value
+    "2e3d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "323d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "ff3d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d001c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d041c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303dff1c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "041d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "ff1d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // dropping value of sequence
+    "3000",
+    // using composition
+    "3041300102303c1c1e41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3041222002011e021b41b479ad576905b960fe14eadb91b0ccf34843dab91617"
+        + "3bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    "3041021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "2221020100021cade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8"
+        + "786236",
+    // truncate sequence
+    "303c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862",
+    "303c1c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd02"
+        + "1d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // indefinite length with no delimiter
+    "3080021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // prepend empty sequence
+    "303f3000021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // append empty sequence
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623630"
+        + "00",
+    // sequence of sequence
+    "303f303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8"
+        + "c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    // truncated sequence
+    "301e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd",
+    // repeat element in sequence
+    "305c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623602"
+        + "1d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // removing integer
+    "301f021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // appending 0's to integer
+    "303f021e1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "0000021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862"
+        + "36",
+    "303f021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021f00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe878623600"
+        + "00",
+    // dropping value of integer
+    "30210200021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "3020021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd0200",
+    // modify first byte of integer
+    "303d021c1f41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // modify last byte of integer
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cc"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786237",
+    // truncate integer
+    "303c021b1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c902"
+        + "1d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303c021b41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd02"
+        + "1d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021c00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862",
+    // leading ff in integer
+    "303e021dff1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021eff00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    // infinity
+    "3022090180021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "3021021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd090180",
+    // Vectors where r or s have been modified e.g. by adding or subtracting the order of the
+    // group and hence violate the range check for r and s required by DSA.
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d0168dcf02f57b0caef7ddc183bee1ca94ee09c1a02ee4b0200a54dcb93",
+    "303c021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021cf2efc2e24cbedb2fc00c236c5b2d1a430236b59b7880007f2ba2f8d9",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021dff5219a6772dc82cf0610be22bdb5b1e370e969830cc9a7ec017879dca",
+    "303d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd"
+        + "021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021d00d9384b2032d060e59848f87cb4535936bc25fa77959e96d7f88e33"
+        + "2a021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021d00d9384b2032d060e59848f87cb4535936bc25fa77959e96d7f88e33"
+        + "2a021d0168dcf02f57b0caef7ddc183bee1ca94ee09c1a02ee4b0200a54dcb93",
+    "303d021d00d9384b2032d060e59848f87cb4535936bc25fa77959e96d7f88e33"
+        + "2a021cf2efc2e24cbedb2fc00c236c5b2d1a430236b59b7880007f2ba2f8d9",
+    "303e021d00d9384b2032d060e59848f87cb4535936bc25fa77959e96d7f88e33"
+        + "2a021dff5219a6772dc82cf0610be22bdb5b1e370e969830cc9a7ec017879dca",
+    "303e021d00d9384b2032d060e59848f87cb4535936bc25fa77959e96d7f88e33"
+        + "2a021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021dff634b1dd327de7125da7903ad2163ca2addc096101fd395567ee360"
+        + "70021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021dff634b1dd327de7125da7903ad2163ca2addc096101fd395567ee360"
+        + "70021d0168dcf02f57b0caef7ddc183bee1ca94ee09c1a02ee4b0200a54dcb93",
+    "303d021dff634b1dd327de7125da7903ad2163ca2addc096101fd395567ee360"
+        + "70021cf2efc2e24cbedb2fc00c236c5b2d1a430236b59b7880007f2ba2f8d9",
+    "303e021dff634b1dd327de7125da7903ad2163ca2addc096101fd395567ee360"
+        + "70021dff5219a6772dc82cf0610be22bdb5b1e370e969830cc9a7ec017879dca",
+    "303e021dff634b1dd327de7125da7903ad2163ca2addc096101fd395567ee360"
+        + "70021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021ce1be4b8652a896fa469f01eb15246e4f330cb7bc2546e9e8c4473633"
+        + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303d021ce1be4b8652a896fa469f01eb15246e4f330cb7bc2546e9e8c4473633"
+        + "021d0168dcf02f57b0caef7ddc183bee1ca94ee09c1a02ee4b0200a54dcb93",
+    "303c021ce1be4b8652a896fa469f01eb15246e4f330cb7bc2546e9e8c4473633"
+        + "021cf2efc2e24cbedb2fc00c236c5b2d1a430236b59b7880007f2ba2f8d9",
+    "303d021ce1be4b8652a896fa469f01eb15246e4f330cb7bc2546e9e8c4473633"
+        + "021dff5219a6772dc82cf0610be22bdb5b1e370e969830cc9a7ec017879dca",
+    "303d021ce1be4b8652a896fa469f01eb15246e4f330cb7bc2546e9e8c4473633"
+        + "021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021d011e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
+    "303e021d011e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d0168dcf02f57b0caef7ddc183bee1ca94ee09c1a02ee4b0200a54dcb93",
+    "303d021d011e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021cf2efc2e24cbedb2fc00c236c5b2d1a430236b59b7880007f2ba2f8d9",
+    "303e021d011e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021dff5219a6772dc82cf0610be22bdb5b1e370e969830cc9a7ec017879dca",
+    "303e021d011e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9"
+        + "cd021d01ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236",
     // Signatures with special case values for r and s. E.g. r=1, s=0 are values that can lead to
     // forgeries if the DSA implementation does not check boundaries and computes s^(-1) == 0.
     "3022020100021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3",
@@ -346,9 +678,10 @@ public class DsaTest extends TestCase {
       String message,
       String algorithm,
       String signatureType,
-      boolean isValid)
+      boolean isValidDER,
+      boolean isValidBER)
       throws Exception {
-    byte[] messageBytes = "Hello".getBytes("UTF-8");
+    byte[] messageBytes = message.getBytes("UTF-8");
     Signature verifier = Signature.getInstance(algorithm);
     KeyFactory kf = KeyFactory.getInstance("DSA");
     PublicKey pub = kf.generatePublic(key);
@@ -371,10 +704,10 @@ public class DsaTest extends TestCase {
         errors++;
         continue;
       }
-      if (isValid && !verified) {
+      if (isValidDER && !verified) {
         System.out.println(signatureType + " was not verified:" + signature);
         errors++;
-      } else if (!isValid && verified) {
+      } else if (!isValidBER && verified) {
         System.out.println(signatureType + " was verified:" + signature);
         errors++;
       }
@@ -384,12 +717,19 @@ public class DsaTest extends TestCase {
 
   public void testValidSignatures() throws Exception {
     testVectors(
-        VALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Valid DSA signature", true);
+        VALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Valid DSA signature", true, true);
+  }
+
+  public void testModifiedSignatures() throws Exception {
+    testVectors(
+        MODIFIED_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Modified DSA signature",
+        false, true);
   }
 
   public void testInvalidSignatures() throws Exception {
     testVectors(
-        INVALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Invalid DSA signature", false);
+        INVALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Invalid DSA signature",
+        false, false);
   }
 
   // Extract the integer r from a DSA signature.
@@ -493,6 +833,55 @@ public class DsaTest extends TestCase {
     System.out.println("s:" + extractS(signature).toString());
   }
 
+  public void testKeyGeneration(int keysize) throws Exception {
+    KeyPairGenerator generator = KeyPairGenerator.getInstance("DSA");
+    generator.initialize(keysize);
+    KeyPair keyPair = generator.generateKeyPair();
+    DSAPrivateKey priv = (DSAPrivateKey) keyPair.getPrivate();
+    DSAParams params = priv.getParams();
+    assertEquals(keysize, params.getP().bitLength());
+    // The NIST standard does not fully specify the size of q that
+    // must be used for a given key size. Hence there are differences.
+    // For example if keysize = 2048, then OpenSSL uses 256 bit q's by default,
+    // but the SUN provider uses 224 bits. Both are acceptable sizes.
+    // The tests below simply asserts that the size of q does not decrease the
+    // overall security of the DSA.
+    int qsize = params.getQ().bitLength();
+    switch (keysize) {
+      case 1024:
+        assertTrue("Invalid qsize for 1024 bit key:" + qsize, qsize >= 160);
+        break;
+      case 2048:
+        assertTrue("Invalid qsize for 2048 bit key:" + qsize, qsize >= 224);
+        break;
+      case 3072:
+        assertTrue("Invalid qsize for 3072 bit key:" + qsize, qsize >= 256);
+        break;
+      default:
+        fail("Invalid key size:" + keysize);
+    }
+    // Check the length of the private key.
+    // For example GPG4Browsers or the KJUR library derived from it use
+    // q.bitCount() instead of q.bitLength() to determine the size of the private key
+    // and hence would generate keys that are much too small.
+    assertTrue(priv.getX().bitLength() >= qsize - 32);
+  }
+
+  /**
+   * Tests the key generation for DSA.
+   *
+   * <p>Problems found:
+   * <ul>
+   * <li> CVE-2016-1000343 BouncyCastle before v.1.56 always generated DSA keys with
+   * a 160-bit q.
+   * </ul>
+   */
+  @SlowTest(providers = {ProviderType.BOUNCY_CASTLE, ProviderType.SPONGY_CASTLE})
+  public void testKeyGenerationAll() throws Exception {
+    testKeyGeneration(1024);
+    testKeyGeneration(2048);
+  }
+
   /**
    * Checks whether the one time key k in DSA is biased. For example the SUN provider fell for this
    * test until April 2016.
@@ -611,6 +1000,129 @@ public class DsaTest extends TestCase {
   }
 
   /**
+   * This test checks for potential of a timing attack. The test generates a number of signatures,
+   * selects a fraction of them with a small timing and then compares the values k for the selected
+   * signatures with a normal distribution. The test fails if these ks are much smaller than
+   * expected. An implementation flaw that can lead to a test failure is to compute the signature
+   * with a modular exponentiation with a runtime that depend on the length of the exponent.
+   *
+   * <p>A failing test simply means that the timing can be used to get information about k. Further
+   * analysis is necessary to determine if the bias is exploitable and how many timings are
+   * necessary for an attack. A passing test does not mean that the implementation is secure against
+   * timing attacks. The test only catches relatively big timing differences. It requires high
+   * confidence to fail. Noise on the test machine can prevent that a relation between timing and k
+   * can be detected.
+   *
+   * <p>Claims of what is exploitable: http://www.hpl.hp.com/techreports/1999/HPL-1999-90.pdf 30
+   * signatures are sufficient to find the private key if the attacker knows 8 bits of each k.
+   * http://eprint.iacr.org/2004/277.pdf 27 signatures are sufficient if 8 bits of each k is known.
+   * Our own old experiments (using 1GB memory on a Pentium-4? CPU): 2^11 signatures are sufficient
+   * with a 3 bit leakage. 2^15 signatures are sufficient with a 2 bit leakage. 2^24 signatures are
+   * sufficient with a 1 bit leakage. Estimate for biased generation in the NIST standard: e.g. 2^22
+   * signatures, 2^40 memory, 2^64 time
+   *
+   * <p><b>Sample output for the SUN provider:</b> <code>
+   * count:50000 cutoff:4629300 relative average:0.9992225872624547 sigmas:0.3010906585642381
+   * count:25000 cutoff:733961 relative average:0.976146066585879 sigmas:6.532668708070148
+   * count:12500 cutoff:688305 relative average:0.9070352192339134 sigmas:18.00255238454385
+   * count:6251 cutoff:673971 relative average:0.7747148791368986 sigmas:30.850903417893825
+   * count:3125 cutoff:667045 relative average:0.5901994097874541 sigmas:39.67877152897901
+   * count:1563 cutoff:662088 relative average:0.4060286694971057 sigmas:40.67294313795137
+   * count:782 cutoff:657921 relative average:0.2577955312387898 sigmas:35.94906247333319
+   * count:391 cutoff:653608 relative average:0.1453438859272699 sigmas:29.271192100879457
+   * count:196 cutoff:649280 relative average:0.08035497211567771 sigmas:22.300206785132406
+   * count:98 cutoff:645122 relative average:0.05063589092661368 sigmas:16.27820353139225
+   * count:49 cutoff:641582 relative average:0.018255560447883384 sigmas:11.903018745467488
+   * count:25 cutoff:638235 relative average:0.009082660721102722 sigmas:8.581595888660086
+   * count:13 cutoff:633975 relative average:0.0067892346039088326 sigmas:6.20259924188633
+   * </code>
+   *
+   * <p><b>What this shows:</b> The first line uses all 50'000 signatures. The average k of these
+   * signatures is close to the expected value q/2. Being more selective gives us signatures with a
+   * more biased k. For example, the 196 signatures with the fastest timing have about a 3-bit bias.
+   * From this we expect that 2^19 signatures and timings are sufficient to find the private key.
+   *
+   * <p>A list of problems caught by this test:
+   * <ul>
+   * <li> CVE-2016-5548 OpenJDK8's DSA is vulnerable to timing attacks.
+   * <li> CVE-2016-1000341 BouncyCastle before v 1.56 is vulnernerable to timing attacks.
+   * </ul>
+   */
+  @SlowTest(providers = {ProviderType.BOUNCY_CASTLE, ProviderType.OPENJDK,
+    ProviderType.SPONGY_CASTLE})
+  public void testTiming() throws Exception {
+    ThreadMXBean bean = ManagementFactory.getThreadMXBean();
+    if (!bean.isCurrentThreadCpuTimeSupported()) {
+      System.out.println("getCurrentThreadCpuTime is not supported. Skipping");
+      return;
+    }
+    String hashAlgorithm = "SHA-1";
+    String message = "Hello";
+    byte[] messageBytes = message.getBytes("UTF-8");
+    byte[] digest = MessageDigest.getInstance(hashAlgorithm).digest(messageBytes);
+    BigInteger h = new BigInteger(1, digest);
+    KeyPairGenerator generator = java.security.KeyPairGenerator.getInstance("DSA");
+    generator.initialize(1024);
+    KeyPair keyPair = generator.generateKeyPair();
+    DSAPrivateKey priv = (DSAPrivateKey) keyPair.getPrivate();
+    Signature signer = Signature.getInstance("SHA1WITHDSA");
+    signer.initSign(priv);
+    // The timings below are quite noisy. Thus we need a large number of samples.
+    int samples = 50000;
+    long[] timing = new long[samples];
+    BigInteger[] k = new BigInteger[samples];
+    for (int i = 0; i < samples; i++) {
+      long start = bean.getCurrentThreadCpuTime();
+      signer.update(messageBytes);
+      byte[] signature = signer.sign();
+      timing[i] = bean.getCurrentThreadCpuTime() - start;
+      k[i] = extractK(signature, h, priv, false);
+    }
+    long[] sorted = Arrays.copyOf(timing, timing.length);
+    Arrays.sort(sorted);
+    // Here we are only interested in roughly the 8 most significant bits of the ks.
+    // Hence, using double is sufficiently precise.
+    double q = priv.getParams().getQ().doubleValue();
+    double expectedAverage = q / 2;
+    double maxSigmas = 0;
+    System.out.println("testTiming: SHA1WITHDSA");
+    for (int idx = samples - 1; idx > 10; idx /= 2) {
+      long cutoff = sorted[idx];
+      int count = 0;
+      double total = 0;
+      for (int i = 0; i < samples; i++) {
+        if (timing[i] <= cutoff) {
+          total += k[i].doubleValue();
+          count += 1;
+        }
+      }
+      double expectedStdDev = q / Math.sqrt(12 * count);
+      double average = total / count;
+      // Number of standard deviations that the average is away from
+      // the expected value:
+      double sigmas = (expectedAverage - average) / expectedStdDev;
+      if (sigmas > maxSigmas) {
+        maxSigmas = sigmas;
+      }
+      System.out.println(
+          "count:"
+              + count
+              + " cutoff:"
+              + cutoff
+              + " relative average:"
+              + (average / expectedAverage)
+              + " sigmas:"
+              + sigmas);
+    }
+    // Checks if the signatures with a small timing have a biased k.
+    // We use 7 standard deviations, so that the probability of a false positive is smaller
+    // than 10^{-10}.
+    if (maxSigmas >= 7) {
+      fail("Signatures with short timing have a biased k");
+    }
+  }
+
+  /**
    * DSA does not allow encryption. This test verifies that a provider does not implement an ad hoc
    * scheme that attempts to turn DSA into a public key encryption scheme.
    */
diff --git a/java/com/google/security/wycheproof/testcases/EcdhTest.java b/java/com/google/security/wycheproof/testcases/EcdhTest.java
index 4094f41..8bfe03f 100644
--- a/java/com/google/security/wycheproof/testcases/EcdhTest.java
+++ b/java/com/google/security/wycheproof/testcases/EcdhTest.java
@@ -508,301 +508,322 @@ public class EcdhTest extends TestCase {
           new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16));
 
   public static final EcPublicKeyTestVector[] EC_MODIFIED_PUBLIC_KEYS = {
-    // Modified keys
-    new EcPublicKeyTestVector(
-        "public point not on curve",
-        "3059301306072a8648ce3d020106082a8648ce3d03010703420004cdeb39edd0"
-            + "3e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b84"
-            + "29598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebaca",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebaca", 16)),
-    new EcPublicKeyTestVector(
-        "public point = (0,0)",
-        "3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000"
-            + "0000000000000000000000000000000000000000000000000000000000000000"
-            + "000000000000000000000000000000000000000000000000000000",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("0"),
-        new BigInteger("0")),
-    new EcPublicKeyTestVector(
-        "order = 1",
-        "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f502010102010103420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("01", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "order = 26959946660873538060741835960514744168612397095220107664" + "918121663170",
-        "3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5021d00ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac202010103420004cdeb39edd03e2b1a11a5e134ec"
-            + "99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb85c"
-            + "3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "generator = (0,0)",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b04410400000000000000000000000000000000000000"
-            + "0000000000000000000000000000000000000000000000000000000000000000"
-            + "00000000000000000000000000022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("0"),
-        new BigInteger("0"),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "generator not on curve",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f7022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f7", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "cofactor = 2",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc63255102010203420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        2,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "cofactor = None",
-        "308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc63255103420004cdeb39edd03e2b1a11a5e134"
-            + "ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb8"
-            + "5c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        null,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "modified prime",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200"
-            + "e8bbc1453044042002f6efa55976c9cb06ff16bb629c0a8d4d5143b40084b1a1"
-            + "cc0e4dff17443eb704205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441040000000000000000000006597fa94b1fd90000"
-            + "000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec9"
-            + "5ba9b8fa95a3ad24bdf9fff414022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc63255102010103420004000000000000000000"
-            + "0006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a956279"
-            + "22eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414",
-        new BigInteger("fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200e8bbc145", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("06597fa94b1fd9000000000000000000000000000002", 16),
-        new BigInteger("1b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414", 16),
-        1,
-        new BigInteger("06597fa94b1fd9000000000000000000000000000002", 16),
-        new BigInteger("1b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414", 16)),
-    new EcPublicKeyTestVector(
-        "using secp224r1",
-        "304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef"
-            + "89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611"
-            + "d5b84ba3d91dfe1a480825bcc4af3bcf",
-        new BigInteger("ffffffffffffffffffffffffffffffff000000000000000000000001", 16),
-        new BigInteger("ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d", 16),
-        new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffffffffffe", 16),
-        new BigInteger("b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4", 16),
-        new BigInteger("b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21", 16),
-        new BigInteger("bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", 16),
-        1,
-        new BigInteger("074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1", 16),
-        new BigInteger("c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf", 16)),
-    new EcPublicKeyTestVector(
-        "a = 0",
-        "308201143081cd06072a8648ce3d02013081c1020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30250401000420f104880c3980129c7efa19b6b0cb04e547b8d0fc0b"
-            + "95f4946496dd4ac4a7c440044104cdeb39edd03e2b1a11a5e134ec99d5f25f21"
-            + "673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb85c3303ddb155"
-            + "3c3b761c2caacca71606ba9ebac8022100ffffffff00000000ffffffffffffff"
-            + "ffbce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a"
-            + "11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c"
-            + "0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("0"),
-        new BigInteger("f104880c3980129c7efa19b6b0cb04e547b8d0fc0b95f4946496dd4ac4a7c440", 16),
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    // Invalid keys
-    new EcPublicKeyTestVector(
-        "order = -1157920892103562487626974469494075735299969552241357603"
-            + "42422259061068512044369",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f50221ff00000000ffffffff0000000000000000"
-            + "4319055258e8617b0c46353d039cdaaf02010103420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger(
-            "-115792089210356248762697446949407573529996955224135760342422259" + "061068512044369"),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "order = 0",
-        "308201123081cb06072a8648ce3d02013081bf020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5020002010103420004cdeb39edd03e2b1a11a5"
-            + "e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49"
-            + "bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("0"),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "cofactor = -1",
-        "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc6325510201ff03420004cdeb39edd03e2b1a11"
-            + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
-            + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        -1,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
-    new EcPublicKeyTestVector(
-        "cofactor = 0",
-        "308201323081eb06072a8648ce3d02013081df020101302c06072a8648ce3d01"
-            + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
-            + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
-            + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
-            + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
-            + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
-            + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
-            + "bce6faada7179e84f3b9cac2fc632551020003420004cdeb39edd03e2b1a11a5"
-            + "e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49"
-            + "bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
-        new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
-        new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-        new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-        new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
-        new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
-        new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
-        0,
-        new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
-        new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      // Modified keys
+      new EcPublicKeyTestVector(
+          "public point not on curve",
+          "3059301306072a8648ce3d020106082a8648ce3d03010703420004cdeb39edd0"
+              + "3e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b84"
+              + "29598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebaca",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebaca", 16)),
+      new EcPublicKeyTestVector(
+          "public point = (0,0)",
+          "3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000"
+              + "0000000000000000000000000000000000000000000000000000000000000000"
+              + "000000000000000000000000000000000000000000000000000000",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("0"),
+          new BigInteger("0")),
+      new EcPublicKeyTestVector(
+          "order = 1",
+          "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f502010102010103420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("01", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "order = 26959946660873538060741835960514744168612397095220107664918121663170",
+          "3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f5021d00ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac202010103420004cdeb39edd03e2b1a11a5e134ec"
+              + "99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb85c"
+              + "3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "generator = (0,0)",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b04410400000000000000000000000000000000000000"
+              + "0000000000000000000000000000000000000000000000000000000000000000"
+              + "00000000000000000000000000022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("0"),
+          new BigInteger("0"),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "generator not on curve",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f7022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f7", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "cofactor = 2",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010203420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          2,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "cofactor = None",
+          "308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255103420004cdeb39edd03e2b1a11a5e134"
+              + "ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb8"
+              + "5c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          null,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "modified prime",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200"
+              + "e8bbc1453044042002f6efa55976c9cb06ff16bb629c0a8d4d5143b40084b1a1"
+              + "cc0e4dff17443eb704205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441040000000000000000000006597fa94b1fd90000"
+              + "000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec9"
+              + "5ba9b8fa95a3ad24bdf9fff414022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010103420004000000000000000000"
+              + "0006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a956279"
+              + "22eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414",
+          new BigInteger("fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200e8bbc145", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("06597fa94b1fd9000000000000000000000000000002", 16),
+          new BigInteger("1b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414", 16),
+          1,
+          new BigInteger("06597fa94b1fd9000000000000000000000000000002", 16),
+          new BigInteger("1b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414", 16)),
+      new EcPublicKeyTestVector(
+          "using secp224r1",
+          "304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef"
+              + "89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611"
+              + "d5b84ba3d91dfe1a480825bcc4af3bcf",
+          new BigInteger("ffffffffffffffffffffffffffffffff000000000000000000000001", 16),
+          new BigInteger("ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d", 16),
+          new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffffffffffe", 16),
+          new BigInteger("b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4", 16),
+          new BigInteger("b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21", 16),
+          new BigInteger("bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", 16),
+          1,
+          new BigInteger("074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1", 16),
+          new BigInteger("c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf", 16)),
+      new EcPublicKeyTestVector(
+          "a = 0",
+          "308201143081cd06072a8648ce3d02013081c1020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30250401000420f104880c3980129c7efa19b6b0cb04e547b8d0fc0b"
+              + "95f4946496dd4ac4a7c440044104cdeb39edd03e2b1a11a5e134ec99d5f25f21"
+              + "673d403f3ecb47bd1fa676638958ea58493b8429598c0b49bbb85c3303ddb155"
+              + "3c3b761c2caacca71606ba9ebac8022100ffffffff00000000ffffffffffffff"
+              + "ffbce6faada7179e84f3b9cac2fc63255102010103420004cdeb39edd03e2b1a"
+              + "11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c"
+              + "0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("0"),
+          new BigInteger("f104880c3980129c7efa19b6b0cb04e547b8d0fc0b95f4946496dd4ac4a7c440", 16),
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "new curve with generator of order 3 that is also on secp256r1",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff3044042046dc879a5c2995d0e6f682468ea95791b7bbd0225cfdb251"
+              + "3fb10a737afece170420bea6c109251bfe4acf2eeda7c24c4ab70a1473335dec"
+              + "28b244d4d823d15935e2044104701c05255026aa4630b78fc6b769e388059ab1"
+              + "443cbdd1f8348bedc3be589dc34cfdab998ad27738ae382aa013986ade0f4859"
+              + "2a9a1ae37ca61d25ec5356f1bd022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010103420004701c05255026aa4630"
+              + "b78fc6b769e388059ab1443cbdd1f8348bedc3be589dc3b3025465752d88c851"
+              + "c7d55fec679521f0b7a6d665e51c8359e2da13aca90e42",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("46dc879a5c2995d0e6f682468ea95791b7bbd0225cfdb2513fb10a737afece17", 16),
+          new BigInteger("bea6c109251bfe4acf2eeda7c24c4ab70a1473335dec28b244d4d823d15935e2", 16),
+          new BigInteger("701c05255026aa4630b78fc6b769e388059ab1443cbdd1f8348bedc3be589dc3", 16),
+          new BigInteger("4cfdab998ad27738ae382aa013986ade0f48592a9a1ae37ca61d25ec5356f1bd", 16),
+          1,
+          new BigInteger("701c05255026aa4630b78fc6b769e388059ab1443cbdd1f8348bedc3be589dc3", 16),
+          new BigInteger("b3025465752d88c851c7d55fec679521f0b7a6d665e51c8359e2da13aca90e42", 16)),
+      // Invalid keys
+      new EcPublicKeyTestVector(
+          "order = -1157920892103562487626974469494075735299969552241357603"
+              + "42422259061068512044369",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f50221ff00000000ffffffff0000000000000000"
+              + "4319055258e8617b0c46353d039cdaaf02010103420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger(
+              "-115792089210356248762697446949407573529996955224135760342422259061068512044369"),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "order = 0",
+          "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f502010002010103420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("0"),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "cofactor = -1",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc6325510201ff03420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          -1,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
+      new EcPublicKeyTestVector(
+          "cofactor = 0",
+          "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d01"
+              + "01022100ffffffff00000001000000000000000000000000ffffffffffffffff"
+              + "ffffffff30440420ffffffff00000001000000000000000000000000ffffffff"
+              + "fffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53"
+              + "b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d"
+              + "812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33"
+              + "576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffff"
+              + "bce6faada7179e84f3b9cac2fc63255102010003420004cdeb39edd03e2b1a11"
+              + "a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958ea58493b8429598c0b"
+              + "49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8",
+          new BigInteger("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16),
+          new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+          new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+          new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+          new BigInteger("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", 16),
+          new BigInteger("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", 16),
+          0,
+          new BigInteger("cdeb39edd03e2b1a11a5e134ec99d5f25f21673d403f3ecb47bd1fa676638958", 16),
+          new BigInteger("ea58493b8429598c0b49bbb85c3303ddb1553c3b761c2caacca71606ba9ebac8", 16)),
   };
 
   /** Checks that key agreement using ECDH works. */
@@ -946,6 +967,16 @@ public class EcdhTest extends TestCase {
     }
   }
 
+  public void testModifiedPublic() throws Exception {
+    testModifiedPublic("ECDH");
+    testModifiedPublic("ECDHC");
+  }
+
+  public void testModifiedPublicSpec() throws Exception {
+    testModifiedPublicSpec("ECDH");
+    testModifiedPublicSpec("ECDHC");
+  }
+
   public void testDistinctCurves(String algorithm, ECPrivateKey priv, ECPublicKey pub)
       throws Exception {
     KeyAgreement kaA;
@@ -1002,41 +1033,6 @@ public class EcdhTest extends TestCase {
   }
 
   /**
-   * This test tries to catch implementations that verify that the point of the public key is on the
-   * curve defined by the private key, but fails to verify that public key and private key use the
-   * same curve.
-   *
-   * <p>Bouncycastle v.1.53 fails this test. I.e. this version only checks that the shared secret is
-   * on the curve, but does not check whether the two curves are the same. Currently the test fails
-   * with a NullPointerException (possibly because of unexpected points at infinity) and it is
-   * unclear if the bug is exploitable.
-   */
-  // TODO(bleichen): This can be merged with testModifiedPublic once this is fixed.
-  public void testDistinctCurvesSmallSubGroup() throws Exception {
-    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
-    ECGenParameterSpec ecSpec256 = new ECGenParameterSpec("secp256r1");
-    keyGen.initialize(ecSpec256);
-    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
-    // Get public key for a group of order 3. I.e., (W, -W, infinity) where W is the public key
-    // point. Since W ,-W and infinity are points on secp256r1, implementations fail if they only
-    // check whether points are on the curve but fail to compare the parameters of the curve.
-    ECPublicKeySpec weak = EcUtil.getWeakPublicKey(EcUtil.getNistP256Params());
-    KeyFactory kf = KeyFactory.getInstance("EC");
-    ECPublicKey weakPub;
-    try {
-      weakPub = (ECPublicKey) kf.generatePublic(weak);
-    } catch (GeneralSecurityException ex) {
-      // The provider does not support non-standard curves or did a validity check.
-      // Both would be correct.
-      System.out.println("Skipping testDistinctCurvesSmallSubGroup: can't forge weak public key.");
-      return;
-    }
-    for (String algorithm : ECDH_VARIANTS) {
-      testDistinctCurves(algorithm, priv, weakPub);
-    }
-  }
-
-  /**
    * This test modifies the order of group in the public key. A severe bug would be an
    * implementation that leaks information whether the private key is larger than the order given in
    * the public key. Also a severe bug would be to reduce the private key modulo the order given in
diff --git a/java/com/google/security/wycheproof/testcases/EcdsaTest.java b/java/com/google/security/wycheproof/testcases/EcdsaTest.java
index 37cfa82..92058a7 100644
--- a/java/com/google/security/wycheproof/testcases/EcdsaTest.java
+++ b/java/com/google/security/wycheproof/testcases/EcdsaTest.java
@@ -18,6 +18,8 @@ package com.google.security.wycheproof;
 
 import com.google.security.wycheproof.WycheproofRunner.ProviderType;
 import com.google.security.wycheproof.WycheproofRunner.SlowTest;
+import java.lang.management.ManagementFactory;
+import java.lang.management.ThreadMXBean;
 import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyFactory;
@@ -54,10 +56,10 @@ public class EcdsaTest extends TestCase {
   static final String CURVE = "secp256r1";
   static final BigInteger PubX =
       new BigInteger(
-          "3390396496586153202365024500890309020181905168626402195853036609" + "0984128098564");
+          "33903964965861532023650245008903090201819051686264021958530366090984128098564");
   static final BigInteger PubY =
       new BigInteger(
-          "1135421298983937257390683162600855221890652900790509030911087400" + "65052129055287");
+          "113542129898393725739068316260085522189065290079050903091108740065052129055287");
 
   // Valid signatures for MESSAGE
   static final String[] VALID_SIGNATURES = {
@@ -67,82 +69,387 @@ public class EcdsaTest extends TestCase {
   };
 
   /**
-   * Test vectors with invalid signatures. The motivation for these test vectors are previously
-   * broken implementations. - The implementation of DSA in gpg4browsers accepted signatures with
-   * r=1 and s=q as valid. Similar bugs in ECDSA are thinkable, hence the test vectors contain a
-   * number of tests with edge case integers. - CVE-2013-2944: strongSwan 5.0.4 accepts invalid
-   * ECDSA signatures when openssl is used. (Not sure if the following interpretation is correct,
-   * because of missing details). OpenSSLs error codes are easy to misinterpret. For many functions
-   * the result can be 0 (verification failed), 1 (verification succeded) or -1 (invalid format). A
-   * simple if (result) { ... } will be incorrect in such situations. The test vectors below contain
-   * incorrectly encoded signatures. - careless ASN parsing. For example SunEC throws various run
-   * time exceptions when the ASN encoding is broken. NOTE(bleichen): The following test vectors
-   * were generated with some python code. New test vectors should best be done by extending this
-   * code.
+   * The following test vectors contain a valid signature that use alternative BER encoding.
+   * Whether such signatures are accepted as valid or rejected depends on the implementation.
+   * Allowing alternative BER encodings is in many cases benign. However, there are cases where this
+   * kind of signature malleability was a problem. See for example
+   * https://en.bitcoin.it/wiki/Transaction_Malleability
    */
+  // NOTE(bleichen): The following test vectors were generated with some python code.
+  //   New test vectors should best be done by extending this code. Some of the signatures
+  //   can be moved to INVALID_SIGNATURES, when b/31572415 is fixed.
+  static final String[] MODIFIED_SIGNATURES = {
+    // BER:long form encoding of length
+    "308145022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d"
+        + "491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e762"
+        + "85cd59f43260ecce",
+    "304602812100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d"
+        + "491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e762"
+        + "85cd59f43260ecce",
+    "3046022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f028120747291dd2f3f44af7ace68ea33431d6f94e418c106a6e762"
+        + "85cd59f43260ecce",
+    // BER:length contains leading 0
+    "30820045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    "30470282002100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f02820020747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // BER:prepending 0's to integer
+    "30470223000000b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f02220000747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // NOTE (bleichen): belongs into INVALID_SIGNATURES. We only keep these
+    //  sigantures here because of b/31572415.
+    // length = 2**31 - 1
+    "30847fffffff022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304902847fffffff00b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "3049022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f02847fffffff747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+  };
+
+  /**
+   * Test vectors with invalid signatures. 
+   * The motivation for these test vectors are previously broken implementations. E.g.
+   * <ul>
+   * <li> The implementation of DSA in gpg4browsers accepted signatures with r=1 and s=q as valid.
+   *     Similar bugs in ECDSA are thinkable, hence the test vectors contain a number of tests with
+   *     edge case integers.
+   * <li> CVE-2013-2944: strongSwan 5.0.4 accepts invalid ECDSA signatures when openssl is used.
+   *      (Not sure if the following interpretation is correct, because of missing details).
+   *      OpenSSLs error codes are easy to misinterpret. For many functions
+   *      the result can be 0 (verification failed), 1 (verification succeded)
+   *      or -1 (invalid format). A simple <code>if (result) { ... }</code> will be incorrect in
+   *      such situations. The test vectors below contain incorrectly encoded signatures.
+   * </ul>
+   * <p> {@link java.security.Signature#verify(byte[])} should either return false or throw a
+   * SignatureException. Other behaviour such as throwing a RuntimeException might allow a denial 
+   * of service attack:
+   * <ul>
+   * <li> CVE-2016-5546: OpenJDK8 throwed an OutOfmemoryError on some signatures.
+   * </ul>
+   * Some of the test vectors were derived from a valid signature by corrupting the DER encoding.
+   * If providers accepts such modified signatures for legacy purpose, then these signatures
+   * should be moved to MODIFIED_SIGNATURES.
+   */
+  // NOTE(bleichen): The following test vectors were generated with some python code. New test
+  // vectors should best be done by extending the python code.
   static final String[] INVALID_SIGNATURES = {
-    // missing argument
-    "30220220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd59f4" + "3260ecce",
-    "3023022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49" + "1b39fd2c3f",
-    "",
-    // empty
-    "302402000220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd" + "59f43260ecce",
-    "3025022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49" + "1b39fd2c3f0200",
-    "3000",
-    // integer overflows
+    // wrong length
+    "3046022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3044022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022200b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022000b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0221747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f021f747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    // uint32 overflow in length
+    "30850100000045022100b7babae9332b54b8a3a05b7004579821a887a1b21465"
+        + "f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c1"
+        + "06a6e76285cd59f43260ecce",
     "304a0285010000002100b7babae9332b54b8a3a05b7004579821a887a1b21465"
         + "f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c1"
         + "06a6e76285cd59f43260ecce",
-    "304e028901000000000000002100b7babae9332b54b8a3a05b7004579821a887"
-        + "a1b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f"
-        + "94e418c106a6e76285cd59f43260ecce",
     "304a022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
         + "1b39fd2c3f02850100000020747291dd2f3f44af7ace68ea33431d6f94e418c1"
         + "06a6e76285cd59f43260ecce",
-    "304e022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
-        + "1b39fd2c3f0289010000000000000020747291dd2f3f44af7ace68ea33431d6f"
-        + "94e418c106a6e76285cd59f43260ecce",
-    "30850100000045022100b7babae9332b54b8a3a05b7004579821a887a1b21465"
-        + "f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c1"
-        + "06a6e76285cd59f43260ecce",
+    // uint64 overflow in length
     "3089010000000000000045022100b7babae9332b54b8a3a05b7004579821a887"
         + "a1b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f"
         + "94e418c106a6e76285cd59f43260ecce",
+    "304e028901000000000000002100b7babae9332b54b8a3a05b7004579821a887"
+        + "a1b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f"
+        + "94e418c106a6e76285cd59f43260ecce",
+    "304e022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0289010000000000000020747291dd2f3f44af7ace68ea33431d6f"
+        + "94e418c106a6e76285cd59f43260ecce",
+    // length = 2**32 - 1
+    "3084ffffffff022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "30490284ffffffff00b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "3049022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0284ffffffff747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    // length = 2**64 - 1
+    "3088ffffffffffffffff022100b7babae9332b54b8a3a05b7004579821a887a1"
+        + "b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "304d0288ffffffffffffffff00b7babae9332b54b8a3a05b7004579821a887a1"
+        + "b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "304d022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0288ffffffffffffffff747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    // removing sequence
+    "",
+    // appending 0's to sequence
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0000",
+    // prepending 0's to sequence
+    "30470000022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // appending unused 0's
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0000",
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f00000220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // appending null value
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0500",
+    "3047022300b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f05000220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0222747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0500",
+    // including garbage
+    "304949803045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304925003045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "30473045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce0004deadbeef",
+    "304922254980022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304922252500022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304d2223022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0004deadbeef0220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "3049022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f222449800220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "3049022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f222425000220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304d022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f22220220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce0004deadbeef",
+    // including undefined tags
+    "304daa00bb00cd003045022100b7babae9332b54b8a3a05b7004579821a887a1"
+        + "b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "304baa02aabb3045022100b7babae9332b54b8a3a05b7004579821a887a1b214"
+        + "65f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418"
+        + "c106a6e76285cd59f43260ecce",
+    "304d2229aa00bb00cd00022100b7babae9332b54b8a3a05b7004579821a887a1"
+        + "b21465f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "304b2227aa02aabb022100b7babae9332b54b8a3a05b7004579821a887a1b214"
+        + "65f7db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418"
+        + "c106a6e76285cd59f43260ecce",
+    "304d022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f2228aa00bb00cd000220747291dd2f3f44af7ace68ea33431d6f94"
+        + "e418c106a6e76285cd59f43260ecce",
+    "304b022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f2226aa02aabb0220747291dd2f3f44af7ace68ea33431d6f94e418"
+        + "c106a6e76285cd59f43260ecce",
+    // changing tag value
+    "2e45022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3245022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "ff45022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045002100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045042100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045ff2100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0020747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0420747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3fff20747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    // dropping value of sequence
+    "3000",
+    // using composition
+    "304930010230442100b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "304922250201000220b7babae9332b54b8a3a05b7004579821a887a1b21465f7"
+        + "db8a3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    "3049022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f2224020174021f7291dd2f3f44af7ace68ea33431d6f94e418c106"
+        + "a6e76285cd59f43260ecce",
+    // truncate sequence
+    "3044022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ec",
+    "30442100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d491b"
+        + "39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd"
+        + "59f43260ecce",
+    // prepend empty sequence
+    "30473000022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // append empty sequence
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce3000",
+    // sequence of sequence
+    "30473045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a"
+        + "3d491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // truncated sequence
+    "3023022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d491b39fd2c3f",
+    // repeat element in sequence
+    "3067022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    // removing integer
+    "30220220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd59f43260ecce",
+    // appending 0's to integer
+    "3047022300b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f00000220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e7"
+        + "6285cd59f43260ecce",
+    "3047022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0222747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce0000",
+    // dropping value of integer
+    "302402000220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd59f43260ecce",
+    "3025022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d491b39fd2c3f0200",
+    // modify first byte of integer
+    "3045022101b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220757291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    // modify last byte of integer
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3e0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260eccf",
+    // truncate integer
+    "3044022000b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd"
+        + "59f43260ecce",
+    "30440220b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d491b"
+        + "39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd"
+        + "59f43260ecce",
+    "3044022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f021f747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ec",
+    "3044022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f021f7291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd"
+        + "59f43260ecce",
+    // leading ff in integer
+    "30460222ff00b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d"
+        + "491b39fd2c3f0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e762"
+        + "85cd59f43260ecce",
+    "3046022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f0221ff747291dd2f3f44af7ace68ea33431d6f94e418c106a6e762"
+        + "85cd59f43260ecce",
     // infinity
-    "30250901800220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285" + "cd59f43260ecce",
-    "3026022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49" + "1b39fd2c3f090180",
-    // Signatures with special case values for r and s (such as 0 and 1).
-    // Such values often uncover implementation errors.
-    "300402000200",
-    "30050200020101",
-    "300502000201ff",
-    "30250200022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3" + "b9cac2fc632551",
-    "30250200022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3" + "b9cac2fc632550",
-    "30250200022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3" + "b9cac2fc632552",
-    "30250200022100ffffffff00000001000000000000000000000000ffffffffff" + "ffffffffffffff",
-    "30250200022100ffffffff000000010000000000000000000000010000000000" + "00000000000000",
-    "30070200090380fe01",
-    "30050201010200",
+    "30250901800220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd59f43260ecce",
+    "3026022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d491b39fd2c3f090180",
+    // Vectors where r or s have been modified e.g. by adding or subtracting the order of the
+    // group or field and hence violate the range check for r and s required by ECDSA.
+    "30450221ff48454516ccd4ab475c5fa48ffba867de57785e4deb9a082475c2b6"
+        + "e4c602d3c10220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022101b7babae8332b54b9a3a05b7004579821656e9c5fbb7d96607df713"
+        + "de366051900220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3044022048454515ccd4ab485c5fa48ffba867de145f58fb92b1a6a9697c81a7"
+        + "c265f9120220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285cd"
+        + "59f43260ecce",
+    "3045022101b7babae8332b54b9a3a05b7004579821a887a1b31465f7db8a3d49"
+        + "1b39fd2c3e0220747291dd2f3f44af7ace68ea33431d6f94e418c106a6e76285"
+        + "cd59f43260ecce",
+    "3045022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f02208b8d6e22d0c0bb5085319715ccbce2906b1be73ef959189d7a"
+        + "32a60bcd9f1332",
+    "3046022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f022101747291dc2f3f44b07ace68ea33431d6f51cb136eadbe85e7"
+        + "798724b72ec4121f",
+    "3046022100b7babae9332b54b8a3a05b7004579821a887a1b21465f7db8a3d49"
+        + "1b39fd2c3f022101747291dc2f3f44b07ace68ea33431d6f94e418c206a6e762"
+        + "85cd59f43260eccd",
+    // Signatures with special case values for r and s (such as 0 and 1). Such values often
+    // uncover implementation errors.
+    "3006020100020100",
+    "3006020100020101",
+    "30060201000201ff",
+    "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+    "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550",
+    "3026020100022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552",
+    "3026020100022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+    "3026020100022100ffffffff00000001000000000000000000000001000000000000000000000000",
+    "3008020100090380fe01",
+    "3006020101020100",
     "3006020101020101",
     "30060201010201ff",
-    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632551",
-    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632550",
-    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632552",
-    "3026020101022100ffffffff00000001000000000000000000000000ffffffff" + "ffffffffffffffff",
-    "3026020101022100ffffffff0000000100000000000000000000000100000000" + "0000000000000000",
+    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550",
+    "3026020101022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552",
+    "3026020101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+    "3026020101022100ffffffff00000001000000000000000000000001000000000000000000000000",
     "3008020101090380fe01",
-    "30050201ff0200",
+    "30060201ff020100",
     "30060201ff020101",
     "30060201ff0201ff",
-    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632551",
-    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632550",
-    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84" + "f3b9cac2fc632552",
-    "30260201ff022100ffffffff00000001000000000000000000000000ffffffff" + "ffffffffffffffff",
-    "30260201ff022100ffffffff0000000100000000000000000000000100000000" + "0000000000000000",
+    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550",
+    "30260201ff022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552",
+    "30260201ff022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+    "30260201ff022100ffffffff00000001000000000000000000000001000000000000000000000000",
     "30080201ff090380fe01",
-    "3025022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325510200",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632551020101",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325510201ff",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020100",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510201ff",
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84"
         + "f3b9cac2fc632551",
@@ -158,10 +465,11 @@ public class EcdsaTest extends TestCase {
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632551022100ffffffff0000000100000000000000000000000100000000"
         + "0000000000000000",
-    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632551090380fe01",
-    "3025022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325500200",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632550020101",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325500201ff",
+    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
+        + "c2fc632551090380fe01",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550020100",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550020101",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325500201ff",
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632550022100ffffffff00000000ffffffffffffffffbce6faada7179e84"
         + "f3b9cac2fc632551",
@@ -177,10 +485,11 @@ public class EcdsaTest extends TestCase {
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632550022100ffffffff0000000100000000000000000000000100000000"
         + "0000000000000000",
-    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632550090380fe01",
-    "3025022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325520200",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632552020101",
-    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc6325520201ff",
+    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
+        + "c2fc632550090380fe01",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552020100",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552020101",
+    "3026022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325520201ff",
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632552022100ffffffff00000000ffffffffffffffffbce6faada7179e84"
         + "f3b9cac2fc632551",
@@ -196,10 +505,11 @@ public class EcdsaTest extends TestCase {
     "3046022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
         + "c2fc632552022100ffffffff0000000100000000000000000000000100000000"
         + "0000000000000000",
-    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca" + "c2fc632552090380fe01",
-    "3025022100ffffffff00000001000000000000000000000000ffffffffffffff" + "ffffffffff0200",
-    "3026022100ffffffff00000001000000000000000000000000ffffffffffffff" + "ffffffffff020101",
-    "3026022100ffffffff00000001000000000000000000000000ffffffffffffff" + "ffffffffff0201ff",
+    "3028022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9ca"
+        + "c2fc632552090380fe01",
+    "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff020100",
+    "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff020101",
+    "3026022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0201ff",
     "3046022100ffffffff00000001000000000000000000000000ffffffffffffff"
         + "ffffffffff022100ffffffff00000000ffffffffffffffffbce6faada7179e84"
         + "f3b9cac2fc632551",
@@ -215,10 +525,11 @@ public class EcdsaTest extends TestCase {
     "3046022100ffffffff00000001000000000000000000000000ffffffffffffff"
         + "ffffffffff022100ffffffff0000000100000000000000000000000100000000"
         + "0000000000000000",
-    "3028022100ffffffff00000001000000000000000000000000ffffffffffffff" + "ffffffffff090380fe01",
-    "3025022100ffffffff0000000100000000000000000000000100000000000000" + "00000000000200",
-    "3026022100ffffffff0000000100000000000000000000000100000000000000" + "0000000000020101",
-    "3026022100ffffffff0000000100000000000000000000000100000000000000" + "00000000000201ff",
+    "3028022100ffffffff00000001000000000000000000000000ffffffffffffff"
+        + "ffffffffff090380fe01",
+    "3026022100ffffffff00000001000000000000000000000001000000000000000000000000020100",
+    "3026022100ffffffff00000001000000000000000000000001000000000000000000000000020101",
+    "3026022100ffffffff000000010000000000000000000000010000000000000000000000000201ff",
     "3046022100ffffffff0000000100000000000000000000000100000000000000"
         + "0000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84"
         + "f3b9cac2fc632551",
@@ -234,7 +545,8 @@ public class EcdsaTest extends TestCase {
     "3046022100ffffffff0000000100000000000000000000000100000000000000"
         + "0000000000022100ffffffff0000000100000000000000000000000100000000"
         + "0000000000000000",
-    "3028022100ffffffff0000000100000000000000000000000100000000000000" + "0000000000090380fe01",
+    "3028022100ffffffff0000000100000000000000000000000100000000000000"
+        + "0000000000090380fe01",
   };
 
   /**
@@ -295,7 +607,8 @@ public class EcdsaTest extends TestCase {
       String message,
       String algorithm,
       String signatureType,
-      boolean isValid)
+      boolean isValidDER,
+      boolean isValidBER)
       throws Exception {
     byte[] messageBytes = message.getBytes("UTF-8");
     Signature verifier = Signature.getInstance(algorithm);
@@ -314,11 +627,11 @@ public class EcdsaTest extends TestCase {
         // We don't flag these cases and simply consider the signature as invalid.
         verified = false;
       }
-      //
-      if (isValid && !verified) {
+      if (!verified && isValidDER) {
         System.out.println(signatureType + " was not verified:" + signature);
         errors++;
-      } else if (!isValid && verified) {
+      }
+      if (verified && !isValidBER) {
         System.out.println(signatureType + " was verified:" + signature);
         errors++;
       }
@@ -328,7 +641,19 @@ public class EcdsaTest extends TestCase {
 
   public void testValidSignatures() throws Exception {
     testVectors(
-        VALID_SIGNATURES, publicKey1(), "Hello", "SHA256WithECDSA", "Valid ECDSA signature", true);
+        VALID_SIGNATURES, publicKey1(), "Hello", "SHA256WithECDSA", "Valid ECDSA signature",
+        true, true);
+  }
+
+  public void testModifiedSignatures() throws Exception {
+    testVectors(
+        MODIFIED_SIGNATURES,
+        publicKey1(),
+        "Hello",
+        "SHA256WithECDSA",
+        "Modified ECDSA signature",
+        false,
+        true);
   }
 
   public void testInvalidSignatures() throws Exception {
@@ -338,6 +663,7 @@ public class EcdsaTest extends TestCase {
         "Hello",
         "SHA256WithECDSA",
         "Invalid ECDSA signature",
+        false,
         false);
   }
 
@@ -459,4 +785,118 @@ public class EcdsaTest extends TestCase {
     testBias("SHA512WithECDSA", "secp521r1", EcUtil.getNistP521Params());
     testBias("SHA256WithECDSA", "brainpoolP256r1", EcUtil.getBrainpoolP256r1Params());
   }
+
+  /**
+   * Tests for a potential timing attack. This test checks if there is a correlation between the
+   * timing of signature generation and the size of the one-time key k. This is for example the case
+   * if a double and add method is used for the point multiplication. The test fails if such a
+   * correlation can be shown with high confidence. Further analysis will be necessary to determine
+   * how easy it is to exploit the bias in a timing attack.
+   */
+  // TODO(bleichen): Determine if there are exploitable providers.
+  //
+  // SunEC currently fails this test. Since ECDSA typically is used with EC groups whose order
+  // is 224 bits or larger, it is unclear whether the same attacks that apply to DSA are practical.
+  //
+  // The ECDSA implementation in BouncyCastle leaks information about k through timing too.
+  // The test has not been optimized to detect this bias. It would require about 5'000'000 samples,
+  // which is too much for a simple unit test.
+  //
+  // BouncyCastle uses FixedPointCombMultiplier for ECDSA. This is a method using
+  // precomputation. The implementation is not constant time, since the precomputation table
+  // contains the point at infinity and adding this point is faster than ordinary point additions.
+  // The timing leak only has a small correlation to the size of k and at the moment it is is very
+  // unclear if the can be exploited. (Randomizing the precomputation table by adding the same
+  // random point to each element in the table and precomputing the necessary offset to undo the
+  // precomputation seems much easier than analyzing this.)
+  public void testTiming(String algorithm, String curve, ECParameterSpec ecParams)
+      throws Exception {
+    ThreadMXBean bean = ManagementFactory.getThreadMXBean();
+    if (!bean.isCurrentThreadCpuTimeSupported()) {
+      System.out.println("getCurrentThreadCpuTime is not supported. Skipping");
+      return;
+    }
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    try {
+      keyGen.initialize(ecParams);
+    } catch (InvalidAlgorithmParameterException ex) {
+      System.out.println("This provider does not support curve:" + curve);
+      return;
+    }
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    String message = "Hello";
+    String hashAlgorithm = getHashAlgorithm(algorithm);
+    byte[] messageBytes = message.getBytes("UTF-8");
+    byte[] digest = MessageDigest.getInstance(hashAlgorithm).digest(messageBytes);
+    BigInteger h = new BigInteger(1, digest);
+    Signature signer = Signature.getInstance(algorithm);
+    signer.initSign(priv);
+    // The number of samples used for the test. This number is a bit low.
+    // I.e. it just barely detects that SunEC leaks information about the size of k.
+    int samples = 50000;
+    long[] timing = new long[samples];
+    BigInteger[] k = new BigInteger[samples];
+    for (int i = 0; i < samples; i++) {
+      long start = bean.getCurrentThreadCpuTime();
+      signer.update(messageBytes);
+      byte[] signature = signer.sign();
+      timing[i] = bean.getCurrentThreadCpuTime() - start;
+      k[i] = extractK(signature, h, priv);
+    }
+    long[] sorted = Arrays.copyOf(timing, timing.length);
+    Arrays.sort(sorted);
+    double n = priv.getParams().getOrder().doubleValue();
+    double expectedAverage = n / 2;
+    double maxSigma = 0;
+    System.out.println("testTiming algorithm:" + algorithm);
+    for (int idx = samples - 1; idx > 10; idx /= 2) {
+      long cutoff = sorted[idx];
+      int count = 0;
+      BigInteger total = BigInteger.ZERO;
+      for (int i = 0; i < samples; i++) {
+        if (timing[i] <= cutoff) {
+          total = total.add(k[i]);
+          count += 1;
+        }
+      }
+      double expectedStdDev = n / Math.sqrt(12 * count);
+      double average = total.doubleValue() / count;
+      // Number of standard deviations that the average is away from
+      // the expected value:
+      double sigmas = (expectedAverage - average) / expectedStdDev;
+      if (sigmas > maxSigma) {
+        maxSigma = sigmas;
+      }
+      System.out.println(
+          "count:"
+              + count
+              + " cutoff:"
+              + cutoff
+              + " relative average:"
+              + (average / expectedAverage)
+              + " sigmas:"
+              + sigmas);
+    }
+    // Checks if the signatures with a small timing have a biased k.
+    // We use 7 standard deviations, so that the probability of a false positive is smaller
+    // than 10^{-10}.
+    if (maxSigma >= 7) {
+      fail("Signatures with short timing have a biased k");
+    }
+  }
+
+  @SlowTest(providers = {ProviderType.BOUNCY_CASTLE, ProviderType.CONSCRYPT, ProviderType.OPENJDK,
+    ProviderType.SPONGY_CASTLE})
+  public void testTimingAll() throws Exception {
+    testTiming("SHA256WithECDSA", "secp256r1", EcUtil.getNistP256Params());
+    // TODO(bleichen): crypto libraries sometimes use optimized code for curves that are frequently
+    //   used. Hence it would make sense to test distinct curves. But at the moment testing many
+    //   curves is not practical since one test alone is already quite time consuming.
+    // testTiming("SHA224WithECDSA", "secp224r1", EcUtil.getNistP224Params());
+    // testTiming("SHA384WithECDSA", "secp384r1", EcUtil.getNistP384Params());
+    // testTiming("SHA512WithECDSA", "secp521r1", EcUtil.getNistP521Params());
+    // testTiming("SHA256WithECDSA", "brainpoolP256r1", EcUtil.getBrainpoolP256r1Params());
+  }
 }
diff --git a/java/com/google/security/wycheproof/testcases/EciesTest.java b/java/com/google/security/wycheproof/testcases/EciesTest.java
index 534a224..791d6ea 100644
--- a/java/com/google/security/wycheproof/testcases/EciesTest.java
+++ b/java/com/google/security/wycheproof/testcases/EciesTest.java
@@ -142,31 +142,16 @@ public class EciesTest extends TestCase {
   }
 
   /**
-   * Check the length of the ciphertext. TODO(bleichen): This is more an explanation what is going
-   * on than a test. Maybe remove this later.
+   * Tries to decrypt ciphertexts where the symmetric part has been randomized.
+   * If this randomization leads to distinguishable exceptions then this may indicate that the
+   * implementation is vulnerable to a padding attack.
+   *
+   * Problems detected:
+   * <ul>
+   * <li> CVE-2016-1000345 BouncyCastle before v.1.56 is vulnerable to a padding oracle attack.
+   * </ul>
    */
   @SuppressWarnings("InsecureCipherMode")
-  public void testCiphertextLength() throws Exception {
-    String algorithm = "ECIESwithAES-CBC";
-    final int messageLength = 40;
-    final int coordinateSize = 32;
-    byte[] message = new byte[messageLength];
-    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
-    KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
-    kf.initialize(ecSpec);
-    KeyPair keyPair = kf.generateKeyPair();
-    PublicKey pub = keyPair.getPublic();
-    Cipher ecies = Cipher.getInstance(algorithm);
-    ecies.init(Cipher.ENCRYPT_MODE, pub);
-    byte[] ciphertext = ecies.doFinal(message);
-    assertEquals(
-        expectedCiphertextLength(algorithm, coordinateSize, messageLength), ciphertext.length);
-  }
-
-  // Tries to decrypt ciphertexts where the symmetric part has been
-  // randomized. Distinguishable exceptions mean that a padding attack
-  // may be possible.
-  @SuppressWarnings("InsecureCipherMode")
   public void testExceptions(String algorithm) throws Exception {
     Cipher ecies;
     try {
@@ -317,8 +302,7 @@ public class EciesTest extends TestCase {
    *
    * <p>This test tries to verify this.
    */
-  /* TODO(bleichen): There's no point to run this test as long as not even the previous basic
-        test fails.
+  /* TODO(bleichen): There's no point to run this test as long as the previous basic test fails.
    public void testByteBufferAlias() throws Exception {
      byte[] message = "Hello".getBytes("UTF-8");
      String algorithm = "ECIESWithAES-CBC";
diff --git a/java/com/google/security/wycheproof/testcases/RsaKeyTest.java b/java/com/google/security/wycheproof/testcases/RsaKeyTest.java
index 26480b6..b761dae 100644
--- a/java/com/google/security/wycheproof/testcases/RsaKeyTest.java
+++ b/java/com/google/security/wycheproof/testcases/RsaKeyTest.java
@@ -23,6 +23,7 @@ import java.security.KeyPairGenerator;
 import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
 import junit.framework.TestCase;
 
@@ -53,6 +54,1344 @@ public class RsaKeyTest extends TestCase {
         + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
         + "0001";
 
+  /**
+   * Encodings of the public key from ENCODED_PUBLIC_KEY with modifications.
+   * This list so far has just a simple purpose: it is used to check whether parsing the key
+   * leads to some unexpected exceptions. I.e. it should not be possible to crash an
+   * application with an modified public key.
+   */
+  public static final String[] MODIFIED_PUBLIC_KEY = {
+    // length contains leading 0
+    "3082009f300d06092a864886f70d010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "3081a13082000d06092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f068200092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f06092a864886f70d0101010582000003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d01010105000382008d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "30819f300d06092a864886f70d010101050003818d3082008902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101050003818d30818a0282008100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02820003"
+        + "010001",
+    // wrong length
+    "30a0300d06092a864886f70d010101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "309e300d06092a864886f70d010101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819f300e06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300c06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d060a2a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06082a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101050103818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819e300d06092a864886f70d0101010500038e0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d0101010500038c0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819d300d06092a864886f70d010101050003818b308a02818100ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819d300d06092a864886f70d010101050003818b308802818100ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819d300d06092a864886f70d010101050003818b308188028200ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819d300d06092a864886f70d010101050003818b308188028000ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02040100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02020100"
+        + "01",
+    // uint32 overflow in length
+    "3085010000009f300d06092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a43085010000000d06092a864886f70d010101050003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a43012068501000000092a864886f70d010101050003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a4301206092a864886f70d0101010585010000000003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a3300d06092a864886f70d01010105000385010000008d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a2300d06092a864886f70d01010105000381903085010000008902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "0203010001",
+    "3081a2300d06092a864886f70d010101050003819030818d0285010000008100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02850100"
+        + "000003010001",
+    // uint64 overflow in length
+    "308901000000000000009f300d06092a864886f70d010101050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a8308901000000000000000d06092a864886f70d010101050003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    "3081a8301606890100000000000000092a864886f70d010101050003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    "3081a8301606092a864886f70d010101058901000000000000000003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    "3081a7300d06092a864886f70d0101010500038901000000000000008d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a6300d06092a864886f70d01010105000381943089010000000000000089"
+        + "02818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a6300d06092a864886f70d01010105000381943081910289010000000000"
+        + "00008100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a7300d06092a864886f70d010101050003819530819202818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02890100"
+        + "00000000000003010001",
+    // length = 2**32 - 1
+    "3084ffffffff300d06092a864886f70d010101050003818d0030818902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "0203010001",
+    "3081a33084ffffffff06092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a330110684ffffffff2a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a3301106092a864886f70d0101010584ffffffff03818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a2300d06092a864886f70d01010105000384ffffffff0030818902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "0203010001",
+    "3081a1300d06092a864886f70d010101050003818f3084ffffffff02818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300d06092a864886f70d010101050003818f30818c0284ffffffff00ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a2300d06092a864886f70d010101050003819030818d02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0284ffff"
+        + "ffff010001",
+    // length = 2**64 - 1
+    "3088ffffffffffffffff300d06092a864886f70d010101050003818d00308189"
+        + "02818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a73088ffffffffffffffff06092a864886f70d010101050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a730150688ffffffffffffffff2a864886f70d010101050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a7301506092a864886f70d0101010588ffffffffffffffff03818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a6300d06092a864886f70d01010105000388ffffffffffffffff00308189"
+        + "02818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a5300d06092a864886f70d01010105000381933088ffffffffffffffff02"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a5300d06092a864886f70d01010105000381933081900288ffffffffffff"
+        + "ffff00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a6300d06092a864886f70d010101050003819430819102818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0288ffff"
+        + "ffffffffffff010001",
+    // removing sequence
+    "",
+    "30819003818d0030818902818100ab9014dc47d44b6d260fc1fef9ab022042fd"
+        + "9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb1"
+        + "67d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e"
+        + "043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31"
+        + "dad83563f3a315acf9a0b351a23f0203010001",
+    // appending 0's to sequence
+    "3081a1300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00010000",
+    "3081a1300f06092a864886f70d0101010500000003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "010000",
+    // prepending 0's to sequence
+    "3081a10000300d06092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f000006092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b000002818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    // appending unused 0's
+    "30819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00010000",
+    "3081a1300d06092a864886f70d0101010500000003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f06092a864886f70d0101010000050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d010101050003818e30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "010000",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f00000203"
+        + "010001",
+    // appending null value
+    "3081a1300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00010500",
+    "3081a1300f06092a864886f70d0101010500050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f060b2a864886f70d0101010500050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f06092a864886f70d0101010502050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300d06092a864886f70d010101050003818f0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00010500",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "010500",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818300ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f05000203"
+        + "010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02050100"
+        + "010500",
+    // including garbage
+    "3081a4498030819f300d06092a864886f70d010101050003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a4250030819f300d06092a864886f70d010101050003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a230819f300d06092a864886f70d010101050003818d0030818902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "02030100010004deadbeef",
+    "3081a330114980300d06092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a330112500300d06092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a7300f300d06092a864886f70d01010105000004deadbeef03818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a33011260d498006092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a33011260d250006092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a73015260b06092a864886f70d0101010004deadbeef050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a3301106092a864886f70d01010125044980050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a3301106092a864886f70d01010125042500050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a7301506092a864886f70d010101250205000004deadbeef03818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a4300d06092a864886f70d0101010500238192498003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a4300d06092a864886f70d0101010500238192250003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a8300d06092a864886f70d010101050023819003818d0030818902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "02030100010004deadbeef",
+    "3081a3300d06092a864886f70d010101050003819130818e4980308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e2500308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a7300d06092a864886f70d010101050003819530818c30818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "030100010004deadbeef",
+    "3081a3300d06092a864886f70d010101050003819130818e2281864980028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e2281862500028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a7300d06092a864886f70d010101050003819530819222818402818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f00"
+        + "04deadbeef0203010001",
+    "3081a2300d06092a864886f70d010101050003819030818d02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f22074980"
+        + "0203010001",
+    "3081a2300d06092a864886f70d010101050003819030818d02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f22072500"
+        + "0203010001",
+    "3081a6300d06092a864886f70d010101050003819430819102818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f22050203"
+        + "0100010004deadbeef",
+    // including undefined tags
+    "3081a8aa00bb00cd0030819f300d06092a864886f70d010101050003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    "3081a6aa02aabb30819f300d06092a864886f70d010101050003818d00308189"
+        + "02818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a73015aa00bb00cd00300d06092a864886f70d010101050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a53013aa02aabb300d06092a864886f70d010101050003818d0030818902"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a730152611aa00bb00cd0006092a864886f70d010101050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a53013260faa02aabb06092a864886f70d010101050003818d0030818902"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a7301506092a864886f70d0101012508aa00bb00cd00050003818d003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a5301306092a864886f70d0101012506aa02aabb050003818d0030818902"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a8300d06092a864886f70d0101010500238196aa00bb00cd0003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    "3081a6300d06092a864886f70d0101010500238194aa02aabb03818d00308189"
+        + "02818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6"
+        + "e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f1"
+        + "09fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562"
+        + "517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0"
+        + "b351a23f0203010001",
+    "3081a7300d06092a864886f70d0101010500038195308192aa00bb00cd003081"
+        + "8902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a5300d06092a864886f70d0101010500038193308190aa02aabb30818902"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a7300d06092a864886f70d010101050003819530819222818aaa00bb00cd"
+        + "0002818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100c"
+        + "b6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0"
+        + "f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b5"
+        + "62517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9"
+        + "a0b351a23f0203010001",
+    "3081a5300d06092a864886f70d0101010500038193308190228188aa02aabb02"
+        + "818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1"
+        + "d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109"
+        + "fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b56251"
+        + "7e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b3"
+        + "51a23f0203010001",
+    "3081a6300d06092a864886f70d010101050003819430819102818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f220baa00"
+        + "bb00cd000203010001",
+    "3081a4300d06092a864886f70d010101050003819230818f02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f2209aa02"
+        + "aabb0203010001",
+    // changing tag value
+    "2e819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "32819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "ff819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f2e0d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f320d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819fff0d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d04092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d08092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300dff092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101030003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101070003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101ff0003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101050001818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101050005818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d0101010500ff818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819e300d06092a864886f70d010101050003818c2e818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c32818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818cff818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818900818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818904818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c308189ff818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f00030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f04030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23fff030100"
+        + "01",
+    // dropping value of sequence
+    "3000",
+    "308192300003818d0030818902818100ab9014dc47d44b6d260fc1fef9ab0220"
+        + "42fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b"
+        + "2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfa"
+        + "e42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa7551556"
+        + "3f31dad83563f3a315acf9a0b351a23f0203010001",
+    // using composition
+    "3081a430013030819e0d06092a864886f70d010101050003818d003081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a33011300106300c092a864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a33011260d06012a0608864886f70d010101050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a4300d06092a864886f70d010101050023819203010003818c3081890281"
+        + "8100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4"
+        + "edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb"
+        + "5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e"
+        + "6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351"
+        + "a23f0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e3001023081888181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e2281860201000281"
+        + "80ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    "3081a2300d06092a864886f70d010101050003819030818d02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f22070201"
+        + "0102020001",
+    // truncate sequence
+    "30819e300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00",
+    "30819e0d06092a864886f70d010101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300c06092a864886f70d0101010503818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300c092a864886f70d010101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819d300d06092a864886f70d010101050003818b30818802818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100",
+    "30819d300d06092a864886f70d010101050003818b308188818100ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    // prepend empty sequence
+    "3081a13000300d06092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300f300006092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b300002818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    // append empty sequence
+    "3081a1300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00013000",
+    "3081a1300f06092a864886f70d0101010500300003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "013000",
+    // sequence of sequence
+    "3081a230819f300d06092a864886f70d010101050003818d0030818902818100"
+        + "ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9"
+        + "8590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26"
+        + "c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6feb"
+        + "e1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f"
+        + "0203010001",
+    "3081a1300f300d06092a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    "3081a1300d06092a864886f70d010101050003818f30818c30818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    // truncated sequence
+    "300f300d06092a864886f70d0101010500",
+    "30819d300b06092a864886f70d01010103818d0030818902818100ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "308199300d06092a864886f70d010101050003818730818402818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f",
+    // repeat element in sequence
+    "3082012f300d06092a864886f70d010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "01000103818d0030818902818100ab9014dc47d44b6d260fc1fef9ab022042fd"
+        + "9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb1"
+        + "67d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e"
+        + "043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31"
+        + "dad83563f3a315acf9a0b351a23f0203010001",
+    "3081a3300d06092a864886f70d010101050003819130818e02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "010203010001",
+    // long form encoding of length
+    "3081a030810d06092a864886f70d010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "3081a0300e0681092a864886f70d010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "3081a0300e06092a864886f70d01010105810003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "30819f300d06092a864886f70d010101050003818d30818a02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02810301"
+        + "0001",
+    // removing oid
+    "3081943002050003818d0030818902818100ab9014dc47d44b6d260fc1fef9ab"
+        + "022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5ef"
+        + "b40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e17367"
+        + "9cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa755"
+        + "15563f31dad83563f3a315acf9a0b351a23f0203010001",
+    // appending 0's to oid
+    "3081a1300f060b2a864886f70d0101010000050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    // prepending 0's to oid
+    "3081a1300f060b00002a864886f70d010101050003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    // dropping value of oid
+    "30819630040600050003818d0030818902818100ab9014dc47d44b6d260fc1fe"
+        + "f9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00a"
+        + "c5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e1"
+        + "73679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240a"
+        + "a75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    // modify first byte of oid
+    "30819f300d06092b864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    // modify last byte of oid
+    "30819f300d06092a864886f70d010100050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    // truncate oid
+    "30819e300c06082a864886f70d0101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300c0608864886f70d010101050003818d0030818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    // wrong oid
+    "30819b300906052b0e03021a050003818d0030818902818100ab9014dc47d44b"
+        + "6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c1"
+        + "7fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff51"
+        + "7cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fd"
+        + "fc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819f300d0609608648016503040201050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    // longer oid
+    "3081a0300e060a2a864886f70d01010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    // oid with modified node
+    "30819f300d06092a864886f70d010111050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "3081a33011060d2a864886f70d01018880808001050003818d00308189028181"
+        + "00ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4ed"
+        + "c98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a"
+        + "26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6f"
+        + "ebe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2"
+        + "3f0203010001",
+    // large integer in oid
+    "3081a8301606122a864886f70d010182808080808080808001050003818d0030"
+        + "818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c5410"
+        + "0cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4"
+        + "d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984"
+        + "b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315ac"
+        + "f9a0b351a23f0203010001",
+    // oid with invalid node
+    "3081a0300e060a2a864886f70d010101e0050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "3081a0300e060a2a80864886f70d010101050003818d0030818902818100ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    // appending 0's to null
+    "3081a1300f06092a864886f70d0101010502000003818d0030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    // appending 0's to bit string
+    "3081a1300d06092a864886f70d010101050003818f0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00010000",
+    // prepending 0's to bit string
+    "3081a1300d06092a864886f70d010101050003818f00000030818902818100ab"
+        + "9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc985"
+        + "90467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2"
+        + "f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1"
+        + "f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02"
+        + "03010001",
+    // modify first byte of bit string
+    "30819f300d06092a864886f70d010101050003818d0130818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    // modify last byte of bit string
+    "30819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0000",
+    // truncate bit string
+    "30819e300d06092a864886f70d010101050003818c0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "00",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    // removing integer
+    "3018300d06092a864886f70d0101010500030730050203010001",
+    // appending 0's to integer
+    "3081a0300d06092a864886f70d010101050003818e30818b02818300ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f00000203"
+        + "010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02050100"
+        + "010000",
+    // prepending 0's to integer
+    "3081a0300d06092a864886f70d010101050003818e30818b028183000000ab90"
+        + "14dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590"
+        + "467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8"
+        + "823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f7"
+        + "2295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203"
+        + "010001",
+    "3081a0300d06092a864886f70d010101050003818e30818b02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02050000"
+        + "010001",
+    // dropping value of integer
+    "301a300d06092a864886f70d01010105000309300702000203010001",
+    "30819b300d06092a864886f70d010101050003818930818602818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0200",
+    // modify first byte of integer
+    "30819e300d06092a864886f70d010101050003818c30818902818101ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030000"
+        + "01",
+    // modify last byte of integer
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23e02030100"
+        + "01",
+    "30819e300d06092a864886f70d010101050003818c30818902818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02030100"
+        + "00",
+    // truncate integer
+    "30819d300d06092a864886f70d010101050003818b30818802818000ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a20203010001",
+    "30819d300d06092a864886f70d010101050003818b308188028180ab9014dc47"
+        + "d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d05"
+        + "02c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236"
+        + "ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295db"
+        + "c3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001",
+    "30819d300d06092a864886f70d010101050003818b30818802818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02020100",
+    "30819d300d06092a864886f70d010101050003818b30818802818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f02020001",
+    // leading ff in integer
+    "30819f300d06092a864886f70d010101050003818d30818a028182ff00ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020301"
+        + "0001",
+    "30819f300d06092a864886f70d010101050003818d30818a02818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0204ff01"
+        + "0001",
+    // infinity
+    "301b300d06092a864886f70d0101010500030a30080901800203010001",
+    "30819c300d06092a864886f70d010101050003818a30818702818100ab9014dc"
+        + "47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d"
+        + "0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f88232"
+        + "36ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295"
+        + "dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f090180",
+    // n=0
+    "301c300d06092a864886f70d0101010500030b0030080201000203010001",
+    // negative n
+    "30819f300d06092a864886f70d010101050003818d00308189028181ff546feb"
+        + "23b82bb492d9f03e010654fddfbd026a99162849f3abeff3491e2b12367a6fb9"
+        + "82fafd3e8031962ff53a104bf4d34e98275bb546c28c3b2f0ef604a5d93d077d"
+        + "cdc900ae8307bbed1e8c9863051bd1fbc490137e06267b4a9dae8190141e08dd"
+        + "6a243c0203e62cdbf558aaeaa9c0ce2527ca9c0c5cea53065f4cae5dc1020301"
+        + "0001",
+    // e=0
+    "30819d300d06092a864886f70d010101050003818b0030818702818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020100",
+    // e=1
+    "30819d300d06092a864886f70d010101050003818b0030818702818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020101",
+    // e=2
+    "30819d300d06092a864886f70d010101050003818b0030818702818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f020102",
+    // negative e
+    "30819f300d06092a864886f70d010101050003818d0030818902818100ab9014"
+        + "dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc9859046"
+        + "7d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f882"
+        + "3236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f722"
+        + "95dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203fe"
+        + "ffff",
+  };
+
   private void checkPrivateCrtKey(RSAPrivateCrtKey key, int expectedKeySize) throws Exception {
     BigInteger p = key.getPrimeP();
     BigInteger q = key.getPrimeQ();
@@ -136,4 +1475,39 @@ public class RsaKeyTest extends TestCase {
                  "X.509", pub.getFormat());
     assertEquals(ENCODED_PUBLIC_KEY, TestUtil.bytesToHex(pub.getEncoded()));
   }
+
+  /**
+   * Parses a list of modified encodings of an RSA public key.
+   * Expects that any modification either results in an InvalidKeySpecException
+   * or an altered PublicKey.
+   * This test has mostly "defense in depth" characteristic, since applications should
+   * never accept unauthenticated public keys.
+   */
+  public void testModifiedPublicKeyDecoding() throws Exception {
+    KeyFactory kf = KeyFactory.getInstance("RSA");
+    int cnt = 0;
+    for (String encoded : MODIFIED_PUBLIC_KEY) {
+      X509EncodedKeySpec spec = new X509EncodedKeySpec(TestUtil.hexToBytes(encoded));
+      try {
+        RSAPublicKey unusedKey = (RSAPublicKey) kf.generatePublic(spec);
+        // TODO(bleichen): check the keys that are accepted.
+        //   To decide whether a key should have been rejected or not the test vectors must be
+        //   divided into several categories:
+        //   - keys that use BER encoding: these are OK
+        //   - keys that include additional fields or garbage: might be OK
+        //   - keys where the modification does not change the values: are probably OK
+        //   - keys with missing parameters: should be rejected
+        //   - keys with impossible values (negative n, negative e): should be rejected.
+      } catch (InvalidKeySpecException ex) {
+        // expected
+      } catch (Exception ex) {
+        System.out.println("generatePublic throws:" + ex.getMessage() + " for " + encoded);
+        cnt++;
+      }
+    }
+    assertEquals(0, cnt);
+  }
+
+  // TODO(bleichen): This test is only needed as long as there are open issues.
+
 }
diff --git a/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java b/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
index 2759a84..3d214fe 100644
--- a/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
+++ b/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
@@ -65,6 +65,8 @@ public class RsaSignatureTest extends TestCase {
    * around 2012.
    * <li> Berserk: http://www.intelsecurity.com/advanced-threat-research/berserk.html
    * <li> Truncated comparison of hashes e.g.: http://wiibrew.org/wiki/Signing_bug
+   * <li> CVE-2016-5547: OpenJDK8 RSA signature's throws an OutOfMemoryError for some invalid
+   * signatures
    * </ul>
    */
   static final String[] SIGNATURES_KEY1 = {
@@ -264,6 +266,38 @@ public class RsaSignatureTest extends TestCase {
         + "3a3d5b1cb1e7dded3352c3c92ded891839263a501afaa78fedfd04546c43d16f"
         + "7a52b800abc9ab1ef827ae0eb19d9b52def2435f1477a48dff61800b4db830e4",
 
+    // length = 2**31 - 1
+    // padding:30847fffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "9dcc651cc0a1b4d406112c0d1ebd7a9fb5a2c9d9f9cffbeab2d2821e5ed01efa"
+        + "9d191665794649bd1f588b729e8fba1eaa37a5a736a5863973c338a92b2665d6"
+        + "ead13b72a19d2da778febb94b150e8d750340a3b856fca8b3b6e3cbfecb9c397"
+        + "c23f46912ba546ab0f64ed88404ce317f8fb2278b68950e9712d6b11f5cdfcaa",
+    // padding:303530847fffffff060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "0397d14205c2f52423ef69c874294dc2b37d5be5d5647f7e83f1dd6783cb41cc"
+        + "e52e6de1dc8c9e93ca1ef887d4c0ea79cd8b26391d638bbd8080bce830bf1bd7"
+        + "fb1de31346f28d609874fafd4a34fb7bee900441f55589ec3c5e190106d8816c"
+        + "adfcfb445834739cafaaa3903ed93cedc41a76aa0ce18fb49a3a73b7b5928735",
+    // padding:3035301106847fffffff60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "2c3ffd881c1c0ce2e4c98282d6011179a89b1e84b17072bcbbb64164e5e05410"
+        + "d0414a1fdbbc04564f3d80f3891f28c3f02e92bf97b4339b5bd4699614e236d4"
+        + "223cef0688c44b297eb9c0e22246b4cb28983b102a446dc76671206c3b77af68"
+        + "97f2f445512abda37bc9c37257dd4f1c6f0e6ec40929eb6b0058682b9d2f6c66",
+    // padding:30353011060960864801650304020105847fffffff0420532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "668bd06eafe953fca6a17b0da0f9006ceadb09ad904786b7530148df7eedc146"
+        + "d20a5472c39677d65e59934c00227fb662b3474596e6072f56d2c00c3d31e66f"
+        + "0da85f4670e75c3f2c910c0fec8c98bc31fb2eceff80350b78aec0d316e9bbb3"
+        + "31544d8a3d0b1649291396c717e350bebba3d3c3a0b1d55f010879b8c7b7d4f9",
+    // padding:3035300d0609608648016503040201050004847fffffff532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "87482257ae1d18d0357428b756ae35a48549536a3439ca3c148eee64f4c096d8"
+        + "96219097d55c14a25eb1490779f6b1471aed238cc0d6aaf265c12ac086d04de9"
+        + "b79a37518056dfacc12cb4916c17505fc7e2e6c1e0db720a286ea65bde4d3da1"
+        + "d2dcb8d0276e8ce73f3f923209149955285c602572cfd24c82e8d96d45f569e6",
+
     // length = 2**32 - 1
     // padding:3084ffffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
@@ -421,42 +455,42 @@ public class RsaSignatureTest extends TestCase {
         + "ad8393d281eca07ebd287364a19045029fa7ed0e62a21e5e42a88a52ea4abc8b",
 
     // including garbage
-    // padding:503549803031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // padding:303549803031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "654b1ba6cd1b13e112c5bbcbae8ea2094a1c6f8c6bb73c9225688aa93fc0e8d3"
-        + "26e411bdf2bb8de3951b2f55ccb19d4880a93ed1519021ee8bef1b04997a31e5"
-        + "3586c56587e3554bec3c606125ce719b96223fca2b55bed5560ff51ad4ef8018"
-        + "d648cd1f4c6354e0fb920fcda79ef68d51d7ef16ec93e74aee9ae4ba1f9f00e7",
-    // padding:503525003031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    "236a815c2441d111d254172149ab2429cc4e6caf3335579bf438f22723de0a4a"
+        + "5e532ed71f24c0fc6032c60aebb2b7e76cd0d14f262d1d9bba80a53dbdb12c9b"
+        + "89902fc5f5511125d21b7df32e9b303c4b393fd6add6ac7536901ea8ae5785dc"
+        + "fe90e85ad0c16146b1f15036c31d7758a364fb54cc1d183b8566bda592ba446c",
+    // padding:303525003031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "04aa2d0bb7edcbad611d49a58b687bf4d0e7e81ce8c05def3f61fb7f5041706b"
-        + "61fcffb3fcdc839b3957a64999a3c800449df841c5a6d5af4ab03b6271a0d573"
-        + "cea8d8c23ba9db1f5d81ad3b58998c56193ea2445a2f0dad9cc0b91d853ab984"
-        + "436b698d31d1caf62c59009750d2395d875811d3919bb8ebac3eb65e0c19e34c",
-    // padding:50333031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec11
+    "762d30b302cd76b021e237f28017e48488ff3bb30ff9e92db5b1e76eec2ee91c"
+        + "9af03e1c5038afc22591b1cd8cfae648a33ab77901f9f3736e50eea83f7c7a45"
+        + "46dc55c0265fb17dfdd30250fa3881e34e51b4f2e54554ad098eee952ec888e9"
+        + "11a0ea5df42c0560bcb4bdd718c88d834b534917e555c38fd1ec3593b2f25b39",
+    // padding:30333031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec11
     // 3d682299550d7a6e0f345e250004deadbeef
-    "4bd7c5fde38919661cf5784ed09aa3abebf7c16b8a70c3ebbff8f8727cefb3d2"
-        + "532229adefbb7432e38b1cc13fdd2c05202e8f3d1b669256ef34e4c2f091d724"
-        + "e06e019104c0656bf3bea6bc604e4343ff6fd7eabd29a33ff8391ab4b761bbf8"
-        + "3141fc12c6ffece32d3623a01d0dfba0dbcc0eedcb042cf33d915cbc41ddb1d8",
-    // padding:303550114980300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    "8cbf9d425abef67ff0a7fb648e70b82b1556ac80e46dcff37145b9041bee2bbb"
+        + "fa56817e04994c9cf1123c6df2aeeb1637595eb1e20adef51d657943fd67826a"
+        + "c5d5dfba106ae9cd243f12746917a446ce955034b46ceb0f4d542b7bcd06ad3e"
+        + "6e10899d5338e6d8caf3d4de3cbf45d45a58d946a64d0bc13e97a4ab4e6b6016",
+    // padding:303530114980300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "441c9007aeac4adb44dfeca1e583e31e3bf948eaabb7864882a6f178f8f6d5ab"
-        + "fe4faed96df55f71652761512223eea64b571735500379e2f8b5d92c1c9a95a0"
-        + "276edda1f9902b8a3dc6941e2a09ce5a382c29fd4d4688efe0d532b6430bf0a2"
-        + "bd86d28832da4f6e4c2013e31267406b44f60d39d4e21049e25ff7beada5c2e5",
-    // padding:303550112500300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    "6477bd3337d601fe92e19e7f6b216f73eaca68aa408c5a570876ad8db6113505"
+        + "43d1dd458b511e3095e57996ca589c00f2beb6b6fe4564f4373571d904958acd"
+        + "1bcd33f57959a231bb126bb2b37bf1403d52836752198b6954567f07b31ed110"
+        + "5dcc50004e4cd7e897516c536c205b339ff0d35463ca6871ea5dce7a8daed8d7",
+    // padding:303530112500300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "3a95f36a85061148ac22700478bcbe609b6148abadac9f4e53e24ab9aa2c712a"
-        + "3fa6a869cce665de06b0049959529c888145f9468d245c1098b2cfa74ca99e3b"
-        + "2de839e8a1cd3b3ca5a56e9b9d047ba758301ec42f39af26e3c514a9436115f9"
-        + "a446f8f6ec11351ed5234eb63dbc0ea434119042fd0c929d0f54591e1899c0e0",
-    // padding:3039500f300d060960864801650304020105000004deadbeef0420532eaabd9574880dbf76b9b8cc00
+    "975d07b7295268a8662aedbd2b65b5eb10bb496077f41b90d12d34ebc7e492f0"
+        + "c7f3a41d4164a279f06ea616f91968628be4ceecd4a554477bc76cc6b2e6bda4"
+        + "042dc253327c4b8fc40e9242cbc8b835114a7379a3081bae4b2803a99deb4a54"
+        + "0f8c149ca5db3a61c7bc9f61cd7e55521660a06603849896c791a18d1c7360e1",
+    // padding:3039300f300d060960864801650304020105000004deadbeef0420532eaabd9574880dbf76b9b8cc00
     // 832c20a6ec113d682299550d7a6e0f345e25
-    "4531b3c930bce54375573269f91d5c2decaf35ff71b27938abc4ded9c1eb77c1"
-        + "244af6d660ad21d1cb224f2f8b791e331597b0a8591844e5c292024cc4994dda"
-        + "105e693b0b29642090b502aaa44e3adab3308a66167e2313b8c6dc5a63777959"
-        + "be1730d69bef6c0e8116898f4fcc05611af94d5e37ed4ae6e7275c40ab4a47d9",
+    "37352cd11eb5ff7380bfb7c0d3e8d9979ae7cb489a71c31a077d59496547b0c9"
+        + "5a760387ed50eefde0b762222f05a6033740f6e010693edf3ef8ab5f9c57f4eb"
+        + "1f6ccd83287dcc2e90857defe5ba4109bf79ad84ab069c85a25758d22536c688"
+        + "2919245fa2d7e7921b3635d984deeb6555cabdfc46a42c75875d55924c8bac62",
     // padding:30353011260d4980060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
     "0c783603c7af53df27538b983fb7368e9f62d4552f008f2920a21cff3186d2ac"
@@ -513,30 +547,30 @@ public class RsaSignatureTest extends TestCase {
         + "0fd7bc325b1cf75e1079f8d6df53fe495722cc1ce707cca49bc6f4ed2ca6c4f9",
 
     // including undefined tags
-    // padding:5039aa00bb00cd003031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00
+    // padding:3039aa00bb00cd003031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00
     // 832c20a6ec113d682299550d7a6e0f345e25
-    "3507fbbb0ae37992789b22c27dc2b5ecc6c3a2cd555ca9049388e1b0c84c14c4"
-        + "f3a98d14d7f80ab79d68d2ea140ceb7967171cd153039e98c703b4ce434a37aa"
-        + "6ec7e13f06a76ae3a49057394393e20dff96b5157fddbb39faa094b4598c41fd"
-        + "a2410510490c54e5184264e74ed7a734cee0d5c536ce68f76509447ebccacea7",
-    // padding:5037aa02aabb3031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c
+    "9f2234b108a45abaed850e19d2f9576f59bb83dbc6165da61c4798638f9c9858"
+        + "7c7eb92a8c901dc4430e4a47dc05681ae811ffcad6f7a604c43551cd0f5d1235"
+        + "49435d622f7efec578301efd49dc6b139abbc3c7d6a26858f6d18f09b863a145"
+        + "d6483c9efc6c322fec1341b6362dc1d752c714efcdfb09097a0ce6df7dbe88a9",
+    // padding:3037aa02aabb3031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c
     // 20a6ec113d682299550d7a6e0f345e25
-    "5edc1fd6fd901165dce272e6c5d4ed3fae7917d28aafa278c5bc5eb71a5b4671"
-        + "00b9f3afe956e1d61ba2a3936bde573f92096c4500e62d49479f51b0350a3586"
-        + "fbf216f56b23cd598118f6ee26cbaea2ba3dc373a0cb789a8a2da057075f063c"
-        + "703b12e772e35db546ce0ea3a803d61d2623bea3f1d31e80f8f5b4b410d70677",
-    // padding:30395015aa00bb00cd00300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00
+    "24ba137a293599ab7e50a0a4f8c7a5cd02dda6a4568c93f84d00ff4729656456"
+        + "3c9051b334db2fd2c081b23d322d4870a61b2435d651d7efb4e1b0920e759f7f"
+        + "d81a937bbc85ff43dbe2b702dec3acf4db68d5fd7b8a2f6d32cc49a7300dd659"
+        + "623b391927a2442d69c6c3c29e59eb80b1d0a95bec6d18a6223cf4357eb7cc96",
+    // padding:30393015aa00bb00cd00300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00
     // 832c20a6ec113d682299550d7a6e0f345e25
-    "493eb9e477f0a6e8e92c8c8b10e2817c3f6061248c3ce16347eb21c35dd41906"
-        + "add2d69f5cf6023725e9dd5183bba8d2bbf7be5899c84ec089472477ac016d18"
-        + "bdbc04ef27d05c6c21867bae6adba66f1336b5c8944b06a64558982fd07d51ed"
-        + "cc4efc4d1f01542094e6dce82a063da4a68aa92afed00d3ace9a9bedea086c61",
-    // padding:30375013aa02aabb300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c
+    "04023dd35fa479f8156794d02935f8669c023c774b95c5a0e02837e32ccaf7a4"
+        + "ba5195835a15de6a21796eb96bdaed868f9e8b7f0a5a21c1a3058f53aadb62d6"
+        + "ee74cd70b2c38f17e42a1f7ffd88955731b4e15368211ad53f617aacbb54a7e7"
+        + "078740ba6daaca81c1b321b748ea1d13f7aece490226636ecac41bdc275175d6",
+    // padding:30373013aa02aabb300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c
     // 20a6ec113d682299550d7a6e0f345e25
-    "a173341d877e70d384521f1832878599bb93e457cf78b0984f130b9af16ad90d"
-        + "0ed8c58f8651d05aed66f359bd20022fd71139880ec7b3896206e662bd96ba49"
-        + "f9976e0170884a5726dc097ba3c66227b058a9189b7868259f71b507253761b5"
-        + "d634abc8dd27c6bdde54e1062252bd0a1e4aa829886ca778a3f914174094a81b",
+    "253bed76e4b8465ebfffd1b7214ce586294d3bea290517ca2bfc417ba9d8e72d"
+        + "286570c348dc6084fd379c2bf4dae424189964639533e17c409ae18e445210ed"
+        + "4dc98de4ad7336554740d1532d5010a1bd7ebbc33ba48a3365d50669e4f4522d"
+        + "0e5ff7a3bdb1c42c42dee647a8a3ce16633eb33bbc0a869e12cf99f9481dcf85",
     // padding:303930152611aa00bb00cd00060960864801650304020105000420532eaabd9574880dbf76b9b8cc00
     // 832c20a6ec113d682299550d7a6e0f345e25
     "0775598491297eb9004eed66234ded82e047ea2f06837425e6bd27f33b137366"
@@ -679,18 +713,18 @@ public class RsaSignatureTest extends TestCase {
         + "9056ba13b77d35239eea164ddbc8808f8e7e1beb070f551b6e95f90d5bdbd925",
 
     // using composition
-    // padding:503530013030300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // padding:303530013030300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "24fa27f7c532f1d58d98309957a42eb0be15acc0038c3a012b3d5a7ff7e0d13b"
-        + "696f16fb8eac88ddead2a40a9686ca361fd72afbe4dbe4b3ae6d9ba390564723"
-        + "dff0f45fde7db6ebb83bc16573ef2d21f51689a7ad4b8edfbaea1f0674e43868"
-        + "0c6ab19cb5a1fe2e90a7082a6217f0f453ba25933b25a7cc65e8562bc78e4fc3",
-    // padding:30355011300106300c0960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    "09342a8fb8402b5e50fbf8c5d1cae415ce02c0a803adfed88188982129e84809"
+        + "18dc21616bb5f8381e8dfe13f63234090c32e542a005df70df5e8e00dd2a478d"
+        + "10fff1b61efbdcf0e410236f7c031c9a5f7cd0db9098f8a32a6a49f408e72c4a"
+        + "29b7d27e8041ba605bf089bbdb9777e19b31ecca0d49b90d54701721af79cf3a",
+    // padding:30353011300106300c0960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
-    "1a9fe9f10dcf04f35187f5298448adf2f48ce7f0e556d699a42f721289f04390"
-        + "48527c3fe0751bc871fd7afb3d70771c048f5b319a40154451e3a3336cc6169b"
-        + "73ec5dac98b8f57710b12bf81cdf07228483e66a38f543ea03f9480875eb9b0d"
-        + "27d5fb7d53c43106935de0e416dde4cdd33667d730b71e30a63cfa86d3f9de11",
+    "3ef90c414a64601c538c286f2c35f32445039799b8c266eed605027578edda79"
+        + "6a409d905a751bf5c1cdea97840437fa82733d8f27efbbc05da732887078a8f5"
+        + "47bbfb54607a54f893df7dde0c35c45f9c2402bed0405c72e98175e5b9d6f902"
+        + "24e07d12e8c1bbad2fc8b1a14c42dd5fb7e554db5edae89d335705c672cd7b55",
     // padding:30353011260d0601600608864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6
     // ec113d682299550d7a6e0f345e25
     "3ad3e4ec3636b5eb8aac2161c04d228491ca0d9da2abd69d8904054373940b39"
@@ -848,14 +882,6 @@ public class RsaSignatureTest extends TestCase {
         + "9dbbb126b314312539931a0163c911f0234f5c3f683c9376f2ecaa3294d71a12"
         + "74f6c63b84ea8faf826eacb05e4fa5459b787ff384b2cfe0f1f4c755f32b5c50",
 
-    // prefix in oid
-    // padding:3032300e060a0860864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d
-    // 682299550d7a6e0f345e25
-    "7b4b34bc61b0576e3f940e1d5a281bde047ece50316cc111f08b7278bef71e90"
-        + "029db2d63b64268edbfbed464d3c3dd2b9341c8a51fdbb5bb1ea44d86366c0ac"
-        + "bfd17515300a50195a9caf34b2b84ee641a405864a7b2b91ed452052f114459a"
-        + "316d6afa8e93134e655c0d8befffe5fcf4d48c9e43cfa593893157d6ade8d04d",
-
     // wrong oid
     // padding:302d300906052b0e03021a05000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d
     // 7a6e0f345e25
@@ -864,6 +890,50 @@ public class RsaSignatureTest extends TestCase {
         + "6e73ecd8ced0adb52db2c374297119f5fe571bd5396529d13b7225e87db5b5b0"
         + "df38e4c56f2349071b09ff5c1ded919b398d4aff38c6ae29af6f6ff99d3e8836",
 
+    // longer oid
+    // padding:3032300e060a6086480165030402010105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d
+    // 682299550d7a6e0f345e25
+    "2054d402bf6a148b52972b830c8c8a16a6aeddbcd5c2ae3fd83de67c666e712f"
+        + "a98650308658837a67ab87b2c444bedc7cf995c19af433da9343f260049b1bcb"
+        + "436ebe27d8a502728dfb0daac5d2710e2c39fa000b909aede07ad7a0d27629e0"
+        + "ac27ed9fcd41a39e09f7acdec4c2df77f38c535f46e3b96f2772a81e65e74bb8",
+
+    // oid with modified node
+    // padding:3031300d060960864801650304021105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d68
+    // 2299550d7a6e0f345e25
+    "3a94d241563a2ad97574ec82baefccd9dd114e21fa9169d0f54c4d0f57826224"
+        + "804ddc9b29c1905c59f39bd6aa3366705a85f5e6e18c0eb0f67986b5265e7371"
+        + "865b618e90e5c5313f0b6fce2343aa12d4ed44d6770fa08d4f1342608a4fb627"
+        + "a273f3a1f1340d1f5c55957ce51048e3690a845851009cbfe38d3c96e96d4172",
+    // padding:30353011060d6086480165030402888080800105000420532eaabd9574880dbf76b9b8cc00832c20a6
+    // ec113d682299550d7a6e0f345e25
+    "079cb62831dbeb40a638402865cc92cb49913dae214babc3f4f8d69d64cf1436"
+        + "2c23c8dd6ebcee9c44633dd54a62bb2f0042c20033728fc2f8ff482cf0be3ee1"
+        + "03bacf757b50319495d9a838844ea1064f4bd1f1ebdc1b71a318c3c8f7d76ebd"
+        + "79ef2f3991d4d87e110d60e5fc655adfa4a8e792e46c1c7aa96156b884e2f7a9",
+
+    // large integer in oid
+    // padding:303a3016061260864801650304028280808080808080800105000420532eaabd9574880dbf76b9b8cc
+    // 00832c20a6ec113d682299550d7a6e0f345e25
+    "2c9083459ba6504dc10e0e63edf8ede8bdb4a9728673306908ad4e8f25656d48"
+        + "65f0748b9fd2cf7b51db0a2c659e0ce021fef3d2d3d0cf7c45343729c2001a19"
+        + "d37e29398a9a7e92d7f62693252261f1f7406b54af5447db6e846f981722059b"
+        + "7bb09ba95268c321c156ff659e0ce8e709d2819d5ce15f5dcfa54c55114a611a",
+
+    // oid with invalid node
+    // padding:3032300e060a608648016503040201e005000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d
+    // 682299550d7a6e0f345e25
+    "9a76669c75f0f11399699f76e7bfbefc0d29feb5a8d86de1f751eedbb5c9e7b8"
+        + "1ecbc224534db67cfe1b611951a6ff499d86e11cac4a1725e2ff707085a81a76"
+        + "c73d5b53d1b0b2c4fab2d2eebe57eca83242a261cfca768abcd8e1f42e3841d6"
+        + "98bef3d4f16ac2dfab0fd42ef0abb0463474367dff7ec99d665a9838f2cfc24c",
+    // padding:3032300e060a6080864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d
+    // 682299550d7a6e0f345e25
+    "6674ec2352f0d3e90f4b72086f39815db11b056babc57644c8a703014f439baa"
+        + "46e8ed961714d5c7b5f0ec97ba3fe5ab867c16b7e1de089868dcb195fc20cc42"
+        + "fa1b3d3060f50cca77281bb6be18d65a1ee8e5a381e21e7f02e819752b71327a"
+        + "28719c7284f6425bc9241abb08d000faf58d48848d7f4b8d68b28266e663f36b",
+
     // appending 0's to null
     // padding:3033300f0609608648016503040201050200000420532eaabd9574880dbf76b9b8cc00832c20a6ec11
     // 3d682299550d7a6e0f345e25