166 files changed, 8189 insertions, 239 deletions

diff --git a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn b/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn
deleted file mode 100644
index 3ccd838ac0..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn
+++ /dev/null
@@ -1,6 +0,0 @@
-BadTypeEnding  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ;
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1
deleted file mode 100644
index a5d4984e60..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1
+++ /dev/null
@@ -1,8 +0,0 @@
-BadValueAssignment1  DEFINITIONS ::=
-BEGIN
-
-int INTEGER ::= 3
-
-int2 integer ::= 3
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1
deleted file mode 100644
index 7a96406001..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1
+++ /dev/null
@@ -1,8 +0,0 @@
-BadValueAssignment2  DEFINITIONS ::=
-BEGIN
-
-int INTEGER ::= 3
-
-int2 ::= 3
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1
deleted file mode 100644
index 68bd4380b7..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1
+++ /dev/null
@@ -1,9 +0,0 @@
-BadValueSet  DEFINITIONS ::=
-BEGIN
-
-Int INTEGER ::= {1|2|3}
-
-Int2 INTEGER ::= {
-    1,2,3}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
index 23c1f32ceb..8932238adc 100644
--- a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
+++ b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
@@ -3,7 +3,7 @@ BEGIN
 
 CallCentreServiceNotificationArg ::= SEQUENCE {
    scriptInformation      [0] ScriptToScriptInformation,
-   eventInformation       [1] IMPLICIT EventInformation OPTIONAL
+   eventInformation       [1] EventInformation OPTIONAL
     
    
 }
diff --git a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
index f6fe18be10..18473bae30 100644
--- a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
@@ -41,10 +41,4 @@ ChoExt4 ::= CHOICE
   str OCTET STRING
 }
 
-ChoEmptyRoot ::= CHOICE {
-  ...,
-  bool BOOLEAN,
-  int INTEGER (0..7)
-}
-
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1
deleted file mode 100644
index d0789d7414..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1
+++ /dev/null
@@ -1,27 +0,0 @@
-ChoiceBadExtension DEFINITIONS ::=
-BEGIN
-
-Seq ::= SEQUENCE {
-    ...,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-Cho1 ::= CHOICE {
-    name PrintableString,
-    ...,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-Cho2 ::= CHOICE {
-    ...,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-END
-
-
diff --git a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
index 8b3d151502..648275dd66 100644
--- a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
@@ -11,6 +11,10 @@ BEGIN
  SingleValueX8 ::= INTEGER (integer42)
  SingleValueX9 ::= INTEGER (integer42..integer42)
  SingleValueX10 ::= INTEGER ((integer42) INTERSECTION (40..49))
+ SingleValueX11 ::= INTEGER (40..49) (integer42)
+ SingleValueX12 ::= INTEGER ((MIN..0) ^ (1..10) | integer42)
+ SingleValueX13 ::= INTEGER ((11..20) ^ (1..10) | integer42)
+ SingleValueX14 ::= INTEGER ((MIN..42) ^ (1..100) ^ (42..50))
 
  UnconstrainedX0 ::= INTEGER
  UnconstrainedX1 ::= INTEGER (MIN..MAX)
@@ -19,6 +23,10 @@ BEGIN
  UnconstrainedX4 ::= INTEGER ((MIN..MAX)|9|10)
  UnconstrainedX5 ::= INTEGER ((MIN..MAX)|10..20)
  UnconstrainedX6 ::= INTEGER ((MIN..MAX) UNION (10..20))
+ UnconstrainedX7 ::= INTEGER ((MIN..MAX) ^ ((MIN..MAX) UNION (10..20)))
+ UnconstrainedX8 ::= INTEGER ((-100..MAX) ^ (42..MAX) | (MIN..41))
+ UnconstrainedX9 ::= INTEGER (UnconstrainedX0)
+ UnconstrainedX10 ::= INTEGER (UnconstrainedX0)(MIN..MAX)
 
  RangeX00 ::= INTEGER (5..10)
  RangeX01 ::= INTEGER (4<..<11)
@@ -38,22 +46,66 @@ BEGIN
  RangeX16 ::= INTEGER ((5|6) UNION (7) UNION (7<..<11))
 
  RangeX20 ::= INTEGER (0..20) (5..10)
- RangeX21 ::= INTEGER (0..10) (5..20)
- RangeX22 ::= INTEGER (0..10) (5..20) (MIN..MAX)
- RangeX23 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX))
- RangeX24 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX))
+ RangeX21 ::= INTEGER ((0..10) ^ (5..20))
+ RangeX22 ::= INTEGER ((0..10) ^ (5..20) ^ (MIN..MAX))
+ RangeX23 ::= INTEGER (MIN..MAX) (-100..20) (5..10)
+ RangeX24 ::= INTEGER (MIN..MAX) (0..100) (5..20) (5..10)
+ RangeX25 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX))
+ RangeX26 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX))
+
+ RangeX30 ::= INTEGER (((5|6) | (5..20)) ^ (0..10))
+ RangeX31 ::= INTEGER (((((5|6) | (5..20)) ^ (0..10))) ^ (MIN..MAX))
+ RangeX32 ::= INTEGER ((5|7) | (5..10))
+
+ Semi00 ::= INTEGER (0..MAX)
+ Semi01 ::= INTEGER (0..MAX) (MIN..MAX)
+ Semi02 ::= INTEGER ((0..100) UNION (200..MAX) UNION (50..1024))
+
+ RangeExtX00 ::= INTEGER (5..10, ...)
+ RangeExtX01 ::= INTEGER (0..20) (5..10, ...)
+ RangeExtX02 ::= INTEGER (RangeX26) (5..10, ...)
+-- RangeExtX03 ::= RangeX26 (5..10, ...)
+
+ MinRangeX00 ::= INTEGER (MIN..10)
+ MinRangeX01 ::= INTEGER ((MIN..0) | (0..10))
+ MinRangeX02 ::= INTEGER (MIN..MAX) (MIN..100) (MIN..10)
+ MinRangeX03 ::= INTEGER (((MIN..-100)|(-60..-50)) | (MIN..10))
+
+ DisjointRangeX00 ::= INTEGER (0..5 UNION 95..99)
+ DisjointRangeX01 ::= INTEGER (0|1|2|3|4|5|95|96|97|98|99)
+ DisjointRangeX02 ::= INTEGER (0..100) (0..2 UNION 95..99 UNION 3|4|5)
+ DisjointRangeX03 ::= INTEGER (MIN..MAX) (0..2 UNION 95..99 UNION 3|4|5)
+
+ MinDisjointRangeX00 ::= INTEGER (MIN..-100 UNION 100..1000)
+ MinDisjointRangeX01 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-100))
+ MinDisjointRangeX02 ::= INTEGER (MIN..-50000 UNION 100..1000 UNION (MIN..-100))
+ MinDisjointRangeX03 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000))
+ MinDisjointRangeX04 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000))
+ MinDisjointRangeX05 ::= INTEGER (MIN..-100 ^ (MIN..-100) UNION 100..1000)
+ MinDisjointRangeX06 ::= INTEGER (MIN..-100 ^ (MIN..0) UNION 100..1000)
 
  UnconstrainedStringX00 ::= IA5String
  UnconstrainedStringX01 ::= IA5String (SIZE (0..MAX))
+ UnconstrainedStringX02 ::= IA5String (SIZE (0..42|43..MAX))
 
  ConstrainedStringX00 ::= IA5String (SIZE (0..5))
  ConstrainedStringX01 ::= IA5String (SIZE (0|1|2|3|4|5))
 
+ StringExtFromX00 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20))
+ StringExtFromX01 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20))
+ StringExtFromX02 ::= IA5String ((FROM ("AB", ..., "CD")) ^ ((SIZE (1..10, ..., 15..20))))
+ StringExtFromX03 ::= IA5String ((FROM ("AB", ..., "CD")) ^ (SIZE (1..10, ..., 15..20)))
+ StringExtFromX04 ::= IA5String (StringExtFromX00)
+
  -- Note: None of the back-ends care about the exact values
  -- outside of the root range.
  ExtConstrainedStringX00 ::= IA5String (SIZE (1..2, ...))
  ExtConstrainedStringX01 ::= IA5String (SIZE (1|2, ..., 3))
  ExtConstrainedStringX02 ::= IA5String (SIZE (1|2, ..., 3|4|5))
+ ExtConstrainedStringX03 ::= IA5String (SIZE (1|2, ...,  1|2|3|4|5))
+ ExtConstrainedStringX04 ::= IA5String (SIZE (1|2), ..., SIZE (1|2|3|4|5))
+ ExtConstrainedStringX05 ::= IA5String (SIZE (1|2, ...), ...,
+                                        SIZE (1|2|3|4|5, ...))
 
  integer4 INTEGER ::= 4
  integer11 INTEGER ::= 11
diff --git a/lib/asn1/test/asn1_SUITE_data/Constraints.py b/lib/asn1/test/asn1_SUITE_data/Constraints.py
index c3b3aebd6d..a40c513141 100644
--- a/lib/asn1/test/asn1_SUITE_data/Constraints.py
+++ b/lib/asn1/test/asn1_SUITE_data/Constraints.py
@@ -16,6 +16,7 @@ SemiConstrained ::= INTEGER (100..MAX)
 NegSemiConstrained ::= INTEGER (-128..MAX)
 SemiConstrainedExt ::= INTEGER (42..MAX, ...)
 NegSemiConstrainedExt ::= INTEGER (-128..MAX, ...)
+SemiNamed ::= INTEGER {a(100), b(200)} (100..MAX)
 -- Extensions --
 LongLongExt ::= INTEGER (0..18446744073709551615, ..., -5000..-1)
 Range256to65536Ext ::= INTEGER (256..65536, ..., 1000000..9000000)
@@ -65,10 +66,12 @@ Wednesday ::= Day(wednesday)
 
 
 Thing ::= INTEGER {fred (0),fred2 (1),fred3 (2)}
-
-
 AnotherThing ::= Thing (fred | fred2)
 
+OneMoreThing ::= INTEGER {wilma(0), fred(1), betty(3), barney(2)}
+OneMoreThing-1 ::= OneMoreThing (wilma | fred)
+OneMoreThing-2 ::= OneMoreThing (fred | barney)
+
 I ::= INTEGER (0|15..269) -- OTP-5457
 X1 ::= INTEGER (1..4 | 8 | 10 | 20) -- OTP-9946
 
@@ -78,7 +81,7 @@ maxNrOfCellPortionsPerCell-1 INTEGER ::= 35
 CellPortionID	::= INTEGER (0..maxNrOfCellPortionsPerCell-1,...)
 
 -- OTP-6763
-T ::=  IA5String (SIZE (1|2, ..., SIZE (1|2|3))) -- Dubuisson 268
+T ::=  IA5String (SIZE (1|2), ..., SIZE (1|2|3)) -- Dubuisson 268
 T2 ::= IA5String (SIZE (1|2, ..., 3)) -- equal with T
 
 -- OTP-8046
@@ -141,5 +144,47 @@ NonOverlapping ::= INTEGER (7280..7560 |
 23000..24000 |
 24960..26900)
 
+--
+-- Test INTEGER constraints from fields in objects.
+--
+
+INT-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INT-HOLDER OPTIONAL
+} WITH SYNTAX {
+  ID &id
+  [OBJ &obj]
+}
+
+int-holder-1 INT-HOLDER ::= { ID 2 }
+int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 }
+
+IntObjectConstr ::= INTEGER (int-holder-2.&obj.&id..int-holder-2.&id)
+
+--
+-- INTEGER constraints defined using named INTEGERs.
+--
+
+ConstrainedNamedInt ::= INTEGER {v1(42)} (v1)
+constrainedNamedInt-1 INTEGER {v1(42)} (v1) ::= 42
+constrainedNamedInt-2 ConstrainedNamedInt ::= 100
+
+SeqWithNamedInt ::= SEQUENCE {
+   int INTEGER {v2(7)} (v2)
+}
+
+--
+-- Cover simpletable constraint checking code.
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType ContentType
+}
+
+Contents TYPE-IDENTIFIER ::= {
+  {OCTET STRING IDENTIFIED BY {2 1 1 1 1 1 1}}
+}
+
+ContentType ::= TYPE-IDENTIFIER.&id({Contents})
 
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/Constructed.asn b/lib/asn1/test/asn1_SUITE_data/Constructed.asn
index 09a66d0c0d..bd49741726 100644
--- a/lib/asn1/test/asn1_SUITE_data/Constructed.asn
+++ b/lib/asn1/test/asn1_SUITE_data/Constructed.asn
@@ -1,6 +1,3 @@
-
-
-
 Constructed DEFINITIONS ::=
 BEGIN
 
@@ -20,4 +17,7 @@ C ::= CHOICE {
 S3 ::= SEQUENCE {i INTEGER}
 
 S3ext ::= SEQUENCE {i INTEGER, ...}
+
+OS ::= OCTET STRING
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/ContextSwitchingTypes.asn1 b/lib/asn1/test/asn1_SUITE_data/ContextSwitchingTypes.asn1
index c8145bad63..e279a180c1 100644
--- a/lib/asn1/test/asn1_SUITE_data/ContextSwitchingTypes.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ContextSwitchingTypes.asn1
@@ -21,6 +21,10 @@ val3-T T ::= {identification context-negotiation:{presentation-context-id 12,
 						transfer-syntax {1 2 3}}, 
 	    data-value '123'H}
 
+val4-T T ::= {identification presentation-context-id:42,
+              data-value-descriptor "FooBar",
+	      data-value '123'H}
+
 -- EMBEDDED PDV type 
 
 EP ::= EMBEDDED PDV
diff --git a/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1
new file mode 100644
index 0000000000..75d40188ca
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1
@@ -0,0 +1,57 @@
+CoverParser DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+ Cho1 ::= CHOICE {
+   i INTEGER,
+   ... ! 42,
+   [[ b BOOLEAN ]]
+ }
+
+ Cho2 ::= CHOICE {
+   i INTEGER,
+   ...,
+   [[ b BOOLEAN,
+      s IA5String ]],
+   ...
+ }
+
+ Int1 ::= INTEGER (CONSTRAINED BY {INTEGER:1,INTEGER:2})
+
+ Seq1 ::= SEQUENCE {
+   ... ! INTEGER:1
+ }
+
+ Seq2 ::= SEQUENCE {
+   ... ! INTEGER:1,
+   i INTEGER
+ }
+
+ Seq3 ::= SEQUENCE {
+   b BOOLEAN,
+   ... ! INTEGER:1,
+   i INTEGER
+ }
+
+ Seq4 ::= SEQUENCE {
+   a INTEGER OPTIONAL,
+   b OCTET STRING OPTIONAL
+ } (WITH COMPONENTS {a ABSENT, b OPTIONAL} |
+    WITH COMPONENTS {a PRESENT, b PRESENT})
+
+ SeqOf1 ::= SEQUENCE OF INTEGER
+ SeqOf2 ::= SeqOf1 (WITH COMPONENT (0..7))
+
+ SegOf3 ::= SEQUENCE (SIZE (1..10)) OF id INTEGER
+
+ Set1 ::= SET {
+   ... ! INTEGER:1
+ }
+
+ Set2 ::= SET {
+   ... ! INTEGER:1,
+   a INTEGER
+ }
+
+ SetOf3 ::= SET (SIZE (1..10)) OF id INTEGER
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/Default.asn b/lib/asn1/test/asn1_SUITE_data/Default.asn
index 168ce50bb2..b91660381a 100644
--- a/lib/asn1/test/asn1_SUITE_data/Default.asn
+++ b/lib/asn1/test/asn1_SUITE_data/Default.asn
@@ -25,6 +25,10 @@ SeqBS ::= SEQUENCE {
   e BIT STRING DEFAULT '01011010'B
 }
 
+SeqBS2 ::= SEQUENCE {
+  bs BIT STRING {a(0), z(25)} DEFAULT '101'B
+}
+
 SetBS ::= SET {
   a BIT STRING DEFAULT '1010110'B,
   b BIT STRING DEFAULT 'A8A'H,
@@ -156,4 +160,23 @@ four INTEGER ::= 4
 
 cr IA5String ::= {0,13}
 
+SeqNamedInts ::= SEQUENCE {
+   i1 INTEGER {first(0), last(31)} DEFAULT 15,
+   i2 INTEGER {first(0), last(31)} DEFAULT 31
+}
+
+S5 ::= SEQUENCE {
+   s3 S3 DEFAULT {},
+   so SEQUENCE OF OBJECT IDENTIFIER DEFAULT {
+               {itu-t question 999},
+               {itu-t question 555}
+	       },
+   soe SEQUENCE OF OBJECT IDENTIFIER DEFAULT { }
+}
+
+SOI ::= SEQUENCE {
+   soi SEQUENCE OF OBJECT IDENTIFIER
+        DEFAULT { {iso member-body f(250) 9 55}, {iso member-body f(250) 3 4} }
+}
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn b/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
index e90cf55d61..846c3e7569 100644
--- a/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
+++ b/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
@@ -12,6 +12,15 @@ Seq ::= SEQUENCE
    c  BOOLEAN
  }
 
+SeqV1 ::= SEQUENCE
+ {
+   a  INTEGER,
+   ...,
+   b  BOOLEAN,
+   ...
+ }
+
+
 SeqV2 ::= SEQUENCE
  {
    a  INTEGER,
@@ -50,6 +59,18 @@ SeqAltV2 ::= SEQUENCE
    g INTEGER
  }
 
+SeqDoubleEmpty1 ::= SEQUENCE {
+   ...,
+   ...
+}
+
+SeqDoubleEmpty2 ::= SEQUENCE {
+   a BOOLEAN,
+   b INTEGER OPTIONAL,
+   ...,
+   ...
+}
+
 Set ::= SET {
    a  INTEGER,
    ...,
@@ -57,6 +78,14 @@ Set ::= SET {
    c  BOOLEAN
  }
 
+
+SetV1 ::= SET {
+   a  INTEGER,
+   ...,
+   b  BOOLEAN,
+   ...
+ }
+
 SetV2 ::= SET
  {
    a  INTEGER,
@@ -96,4 +125,4 @@ SetAltV2 ::= SET
  }
 
 
-END
\ No newline at end of file
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
index 74fa97e7aa..55ad5a01a1 100644
--- a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
@@ -53,5 +53,7 @@ SeqBig ::= SEQUENCE {
   i INTEGER
 }
 
+EnumSkip ::= ENUMERATED {a(2), ..., b, c, d, e, f}
+
 END
 
diff --git a/lib/asn1/test/asn1_SUITE_data/Example.asn1 b/lib/asn1/test/asn1_SUITE_data/Example.asn1
deleted file mode 100644
index 2639f63940..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Example.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
-Example  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a b,
-    c Typ}
---ECLASS ::= CLASS {
---    &num       INTEGER UNIQUE,
---    &Typo
---    } WITH SYNTAX {
---    &Typo DETERMINED BY &num
---    }
-
---v1 ECLASS ::= {INTEGER DETERMINED BY 12}
-
---v2 INTEGER ::= 13
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Export1.asn b/lib/asn1/test/asn1_SUITE_data/Export1.asn
deleted file mode 100644
index 78ead8f4d2..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Export1.asn
+++ /dev/null
@@ -1,7 +0,0 @@
-Export1  DEFINITIONS ::=
-BEGIN
-EXPORTS T
-
-T ::= Typ	
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Exporting.asn1 b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1
new file mode 100644
index 0000000000..e4f32f6788
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1
@@ -0,0 +1,18 @@
+Exporting DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+  Seq ::= SEQUENCE { id INTEGER, f BOOLEAN }
+  PtSeq{T} ::= SEQUENCE { a T }
+
+  CL ::= CLASS {
+     &id INTEGER UNIQUE,
+     &Type
+  } WITH SYNTAX {
+     ID &id TYPE &Type
+  }
+
+  obj CL ::= { ID 1 TYPE OCTET STRING }
+
+  pt-object{CL:ob} CL ::= {ID ob.&id TYPE OCTET STRING}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1
new file mode 100644
index 0000000000..d59b0edda5
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1
@@ -0,0 +1,30 @@
+ExtensibilityImplied DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED
+::=
+BEGIN
+
+Enum1 ::= ENUMERATED { root, ..., ext }
+Enum2 ::= ENUMERATED { root }
+
+Seq1 ::= SEQUENCE {
+  b BOOLEAN,
+  ...,
+  i INTEGER
+}
+
+Seq2 ::= SEQUENCE {
+  b BOOLEAN
+}
+
+Set1 ::= SET {
+  b BOOLEAN,
+  ...,
+  i INTEGER
+}
+
+Set2 ::= SET {
+  b BOOLEAN
+}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/Extension-Addition-Group.asn b/lib/asn1/test/asn1_SUITE_data/Extension-Addition-Group.asn
index 0e905d8839..c0315c1489 100644
--- a/lib/asn1/test/asn1_SUITE_data/Extension-Addition-Group.asn
+++ b/lib/asn1/test/asn1_SUITE_data/Extension-Addition-Group.asn
@@ -3,16 +3,17 @@
 --
 -- Copyright Ericsson AB 2001-2013. All Rights Reserved.
 --
--- The contents of this file are subject to the Erlang Public License,
--- Version 1.1, (the "License"); you may not use this file except in
--- compliance with the License. You should have received a copy of the
--- Erlang Public License along with this software. If not, it can be
--- retrieved online at http://www.erlang.org/.
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+-- 
+--     http://www.apache.org/licenses/LICENSE-2.0
 --
--- Software distributed under the License is distributed on an "AS IS"
--- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
--- the License for the specific language governing rights and limitations
--- under the License.
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
 --
 -- %CopyrightEnd%
 
diff --git a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 b/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1
deleted file mode 100644
index 1b5e42ad3c..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1
+++ /dev/null
@@ -1,7 +0,0 @@
-IllegalExport  DEFINITIONS ::=
-BEGIN
-EXPORTS T, KalleAnka;
-
-T ::= INTEGER	
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Importing.asn1 b/lib/asn1/test/asn1_SUITE_data/Importing.asn1
new file mode 100644
index 0000000000..2f2699c576
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/Importing.asn1
@@ -0,0 +1,20 @@
+Importing DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+ Seq ::= Exporting.PtSeq{ INTEGER(0..7) }
+ OtherSeq ::= Exporting.Seq
+
+ seq Exporting.Seq ::= { id 42, f TRUE }
+
+ o1 Exporting.CL ::= { ID 2 TYPE INTEGER (0..63) }
+
+ ObjSet Exporting.CL ::= { o1 | Exporting.obj }
+
+ ObjSeq ::= SEQUENCE {
+   id Exporting.CL.&id ({ObjSet}),
+   type Exporting.CL.&Type ({ObjSet}{@id})
+ }
+
+ o1-cloned Exporting.CL ::= Exporting.pt-object{o1}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/InfObj.asn b/lib/asn1/test/asn1_SUITE_data/InfObj.asn
index 880e81c3b1..3b88770d78 100644
--- a/lib/asn1/test/asn1_SUITE_data/InfObj.asn
+++ b/lib/asn1/test/asn1_SUITE_data/InfObj.asn
@@ -206,7 +206,9 @@ ConstructedDefaultSet CONSTRUCTED-DEFAULT ::= {
   { &id 4, &Type SET { a INTEGER, b BIT STRING } } |
   { &id 5, &Type CHOICE { i INTEGER, b BIT STRING } } |
   { &id 6, &Type SEQUENCE OF INTEGER (1..16) } |
-  { &id 7, &Type SET OF INTEGER (1..64) }
+  { &id 7, &Type SET OF INTEGER (1..64) } |
+  { &id 8, &Type SEQUENCE OF SEQUENCE { x INTEGER, y INTEGER } } |
+  { &id 9, &Type SET OF SEQUENCE { x INTEGER, y INTEGER } }
 }
 
 ConstructedPdu ::= SEQUENCE {
@@ -255,6 +257,229 @@ Multiple-Optionals ::= SEQUENCE {
    t3 [2] MULTIPLE-OPTIONALS.&T3 ({Multiple-Optionals-Set}{@id}) OPTIONAL
 }
 
-END
+-- Test different ways of constructing object sets.
+
+OBJECT-SET-TEST ::= CLASS {
+    &id INTEGER UNIQUE,
+    &Type
+} WITH SYNTAX {
+    &id IS &Type
+}
+
+ObjectSetTest{OBJECT-SET-TEST:ObjectSet} ::=
+  SEQUENCE {
+     id   OBJECT-SET-TEST.&id   ({ObjectSet}),
+     type OBJECT-SET-TEST.&Type ({ObjectSet}{@id})
+  }
+
+ost1 OBJECT-SET-TEST ::= { 1 IS BIT STRING }
+ost2 OBJECT-SET-TEST ::= { 2 IS OCTET STRING }
+ost3 OBJECT-SET-TEST ::= { 3 IS ENUMERATED {donald,scrooge} }
+ost4 OBJECT-SET-TEST ::= { 4 IS BOOLEAN }
+ost5 OBJECT-SET-TEST ::= { 5 IS INTEGER (0..15) }
+
+Ost12    OBJECT-SET-TEST ::= { ost1 | ost2 }
+Ost123   OBJECT-SET-TEST ::= { ost3 | Ost12 }
+Ost1234  OBJECT-SET-TEST ::= { Ost123 | ost4 }
+Ost45    OBJECT-SET-TEST ::= { ost4 | ost5 }
+Ost12345 OBJECT-SET-TEST ::= { Ost123 | Ost45 }
+
+OstSeq12 ::= ObjectSetTest{ {Ost12} }
+OstSeq123 ::= ObjectSetTest{ {Ost123} }
+OstSeq1234 ::= ObjectSetTest{ {Ost1234} }
+OstSeq45 ::= ObjectSetTest{ {Ost45} }
+OstSeq12345 ::= ObjectSetTest{ {Ost12345} }
+
+OstSeq12Except ::= ObjectSetTest{ {Ost123 EXCEPT ost3} }
+OstSeq123Except ::= ObjectSetTest{ {Ost12345 EXCEPT Ost45} }
+
+ExOst1    OBJECT-SET-TEST ::= { ost1, ... }
+ExOst12    OBJECT-SET-TEST ::= { ost1, ..., ost2 }
+ExOst123   OBJECT-SET-TEST ::= { ost3, ..., ExOst12 }
+ExOst1234  OBJECT-SET-TEST ::= { ExOst123, ..., ost4 }
+ExOst45    OBJECT-SET-TEST ::= { ost4, ..., ost5 }
+ExOst12345 OBJECT-SET-TEST ::= { ExOst123, ..., ExOst45 }
+
+ExOstSeq1 ::= ObjectSetTest{ {ExOst1} }
+ExOstSeq12 ::= ObjectSetTest{ {ExOst12} }
+ExOstSeq123 ::= ObjectSetTest{ {ExOst123} }
+ExOstSeq1234 ::= ObjectSetTest{ {ExOst1234} }
+ExOstSeq45 ::= ObjectSetTest{ {ExOst45} }
+ExOstSeq12345 ::= ObjectSetTest{ {ExOst12345} }
+
+ExOstSeq12Except ::= ObjectSetTest{ {ExOst123 EXCEPT ost3} }
+ExOstSeq123Except ::= ObjectSetTest{ {ExOst12345 EXCEPT ExOst45} }
+
+ExInlOst1    OBJECT-SET-TEST ::= {
+    { 1 IS BIT STRING },
+    ...
+}
+ExInlOst12   OBJECT-SET-TEST ::= {
+    { 1 IS BIT STRING },
+    ...,
+    { 2 IS OCTET STRING }
+}
+
+ExInlOstSeq1 ::= ObjectSetTest{ {ExInlOst1} }
+ExInlOstSeq12 ::= ObjectSetTest{ {ExInlOst12} }
+
+--
+-- Test that extensions in a simple class works.
+--
+
+ExtClassSeq ::= SEQUENCE {
+  arg      EXT-CLASS.&id({Extend})
+}
+
+EXT-CLASS ::= CLASS {
+    &id INTEGER UNIQUE
+} WITH SYNTAX {
+    ID &id
+}
+
+Extend EXT-CLASS ::= { { ID alt1 } | { ID alt2 }, ... }
+
+alt1 INTEGER ::= 4
+alt2 INTEGER ::= 5
+
+
+--
+-- Test a BIT STRING which is optional in the simplified syntax.
+--
+
+PUBLIC-KEY ::= CLASS {
+    &id             INTEGER UNIQUE,
+    &keyUsage       KeyUsage OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [OPTIONAL-BIT-STRING &keyUsage]
+}
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2)
+ }
+
+object-with-optional-bit-string PUBLIC-KEY ::= {
+ IDENTIFIER 42
+ OPTIONAL-BIT-STRING {digitalSignature, nonRepudiation, keyEncipherment}
+}
+
+-- Test object identifiers from objects.
+
+CONTAINER ::= CLASS {
+ &id   OBJECT IDENTIFIER UNIQUE,
+ &rid  RELATIVE-OID OPTIONAL,
+ &Type OPTIONAL
+} WITH SYNTAX {
+  IDENTIFIED BY &id
+  [REL-OID &rid]
+  [TYPE &Type]
+}
+
+id1 OBJECT IDENTIFIER ::= {1 2 42}
+obj1 CONTAINER ::= { IDENTIFIED BY id1 REL-OID {100 101} }
+
+value-2 OBJECT IDENTIFIER ::= { value-1 25 }
+value-1 OBJECT IDENTIFIER ::= obj1.&id
+value-3 RELATIVE-OID ::= obj1.&rid
+value-4 OBJECT IDENTIFIER ::= { 1 2 value-3 }
+
+
+-- Test an obscure issue when ATTRIBUTE.&id was not
+-- properly evaluated.
+
+Rdn ::= SingleAttribute { {SupportedAttributes} }
+
+ATTRIBUTE ::= CLASS {
+   &id             OBJECT IDENTIFIER UNIQUE,
+   &Type           OPTIONAL
+}
+
+SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+   type      ATTRIBUTE.&id({AttrSet}),
+   value     ATTRIBUTE.&Type({AttrSet}{@type})
+}
+
+AttributeType ::= ATTRIBUTE.&id
 
+SupportedAttributes ATTRIBUTE ::= { at-name }
 
+id-at OBJECT IDENTIFIER ::= { 2 5 4 41 }
+id-at-name AttributeType ::= id-at
+at-name ATTRIBUTE ::= { &Type PrintableString, &id id-at-name }
+
+--
+-- Test using an alias for TYPE-IDENTIFIER.
+--
+
+TiAliasParameterized { TI-ALIAS:InfoObjectSet } ::= SEQUENCE {
+  algorithm TI-ALIAS.&id({InfoObjectSet}),
+  parameters TI-ALIAS.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+TI-ALIAS ::= TYPE-IDENTIFIER
+
+TiAliasSeq ::= SEQUENCE {
+  prf TiAliasParameterized {{TiAliasSet}}
+}
+
+TiAliasSet TI-ALIAS ::= {
+  {NULL IDENTIFIED BY {2 1 2}},
+   ...
+}
+
+--
+-- Test using an alias for a class.
+--
+
+ALIAS-CONTAINER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INDIRECT-CLASS
+}
+
+INDIRECTED-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Type
+}
+
+INDIRECT-CLASS ::= INDIRECTED-CLASS
+
+--
+-- Indirect ObjectClassFieldType in a SEQUENCE.
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType  ContentType, -- Indirect ObjectClassFieldType
+  content      TYPE-IDENTIFIER.&Type({Contents}{@contentType})
+OPTIONAL
+}
+
+Contents TYPE-IDENTIFIER ::= {
+  {IA5String IDENTIFIED BY id-content-type}
+}
+
+ContentType ::= TYPE-IDENTIFIER.&id({Contents})
+id-content-type ContentType ::= { 2 7 8 9 }
+
+--
+-- Tricky parsing of simplified syntax.
+--
+
+TrickyType-1 ::= BIT STRING
+TrickyType-2 ::= OCTET STRING
+
+TRICKY ::= CLASS {
+  &Type1,
+  &Type2
+} WITH SYNTAX {
+   TYPE &Type1 &Type2
+}
+
+tricky-object TRICKY ::= {TYPE TrickyType-1 TrickyType-2}
+
+tricky-bit-string tricky-object.&Type1 ::= '1011'B
+tricky-octet-string tricky-object.&Type1 ::= 'CAFE'H
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1
new file mode 100644
index 0000000000..13981b546d
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1
@@ -0,0 +1,136 @@
+InfObjExtract DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+DATA-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Type
+} WITH SYNTAX {
+  ID &id
+  TYPE &Type
+}
+
+data-object-1 DATA-CLASS ::= { ID 1 TYPE BOOLEAN }
+data-object-2 DATA-CLASS ::= { ID 2 TYPE OCTET STRING }
+data-object-3 DATA-CLASS ::= { ID 3 TYPE BIT STRING }
+
+ObjSet DATA-CLASS ::= {
+  holder-object-1.&obj |
+  data-object-2 |
+  data-object-3,
+  ...
+}
+
+OBJ-SET DATA-CLASS ::= {
+  holder-object-1.&obj |
+  data-object-2 |
+  data-object-3,
+  ...
+}
+
+SingleElementSet DATA-CLASS ::= {
+  holder-object-1.&obj
+}
+
+holder-object-1 HOLDER-CLASS ::= {
+  OBJ data-object-1
+}
+
+holder-object-2 HOLDER-CLASS ::= {
+  OBJ-SET {data-object-1}
+}
+
+holder-object-3 HOLDER-CLASS ::= {
+  OBJ-SET {holder-object-2.&ObjSet}
+}
+
+-- Note: References to object sets with names in all uppercase/hyphens
+-- may be represented differently compared to object sets with names
+-- that contain lowercase letters. CAVEAT TESTOR.
+
+HOLDER-OBJECTS HOLDER-CLASS ::= { holder-object-2 }
+HolderObjects HOLDER-CLASS ::= { holder-object-3 }
+
+holder-object-4 HOLDER-CLASS ::= {
+  OBJ-SET { HOLDER-OBJECTS.&ObjSet }
+}
+
+holder-object-5 HOLDER-CLASS ::= {
+  OBJ-SET { HolderObjects.&ObjSet }
+}
+
+holder-object-6 HOLDER-CLASS ::= {
+  OBJ-SET { OBJ-SET }
+}
+
+holder-object-7 HOLDER-CLASS ::= {
+  OBJ-SET { ObjSet  }
+}
+
+HOLDER-CLASS ::= CLASS {
+  &obj DATA-CLASS OPTIONAL,
+  &ObjSet DATA-CLASS OPTIONAL
+} WITH SYNTAX {
+  [OBJ &obj]
+  [OBJ-SET &ObjSet]
+}
+
+TestSeq{DATA-CLASS:ObjectSet} ::= SEQUENCE {
+  id DATA-CLASS.&id ({ObjectSet}),
+  data DATA-CLASS.&Type ({ObjectSet}{@id})
+}
+
+DataSeq-1 ::= TestSeq{ {ObjSet} }
+DataSeq-2 ::= TestSeq{ {holder-object-3.&ObjSet} }
+
+DataSeq-3 ::= TestSeq{ {holder-object-4.&ObjSet} }
+DataSeq-4 ::= TestSeq{ {holder-object-5.&ObjSet} }
+DataSeq-5 ::= TestSeq{ {holder-object-6.&ObjSet} }
+DataSeq-6 ::= TestSeq{ {holder-object-7.&ObjSet} }
+
+DataSeqSingleSet-1 ::= TestSeq{ {SingleElementSet} }
+DataSeqSingleSet-2 ::= TestSeq{ {holder-object-1.&obj} }
+
+--
+-- Test ObjectSetFromObjects.
+--
+
+OBJ-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Data OPTIONAL,
+  &Obj OBJ-CLASS OPTIONAL,
+  &obj OBJ-CLASS OPTIONAL
+}
+
+obj-class-obj-1 OBJ-CLASS ::= { &id 1, &Data BOOLEAN }
+
+obj-class-obj-2 OBJ-CLASS ::= { &id 2, &Data BOOLEAN,
+			         &Obj {obj-class-obj-1} }
+
+obj-class-obj-3 OBJ-CLASS ::= { &id 3, &Data BOOLEAN,
+			         &obj {&id 99, &Obj {obj-class-obj-1}} }
+
+obj-class-obj-4 OBJ-CLASS ::= { &id 4, &Data BOOLEAN, &obj obj-class-obj-2 }
+
+obj-class-obj-5 OBJ-CLASS ::= { &id 5, &Data BOOLEAN,
+		                &Obj {obj-class-obj-4.&obj} }
+
+ObjClassSet OBJ-CLASS ::= { obj-class-obj-3.&obj.&Obj |
+			    obj-class-obj-4.&Obj | -- Non-existing field
+			    obj-class-obj-5.&Obj
+			   }
+
+TestObjClassSeq{OBJ-CLASS:ObjectSet} ::= SEQUENCE {
+  id OBJ-CLASS.&id ({ObjectSet}),
+  data OBJ-CLASS.&Data ({ObjectSet}{@id})
+}
+
+ObjClassSeq-1 ::= TestObjClassSeq{{ObjClassSet}}
+
+--
+-- Test several levels of inlined definitions.
+--
+
+obj-class-obj-6 OBJ-CLASS ::= { &id 6, &Obj {{&id 100, &Data INTEGER}},
+		                &Data INTEGER }
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 b/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1
deleted file mode 100644
index 66912ef693..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1
+++ /dev/null
@@ -1,5 +0,0 @@
-MissingEnd  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ	
-
diff --git a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
index 9368e8dceb..9193ed495c 100644
--- a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
@@ -50,6 +50,7 @@ itu-t-o OBJECT IDENTIFIER ::= {itu-t recommendation o}
 itu-t-p OBJECT IDENTIFIER ::= {itu-t recommendation p}
 itu-t-q OBJECT IDENTIFIER ::= {itu-t recommendation q}
 itu-t-r OBJECT IDENTIFIER ::= {itu-t recommendation r}
+itu-t-s OBJECT IDENTIFIER ::= {itu-t recommendation s}
 itu-t-t OBJECT IDENTIFIER ::= {itu-t recommendation t}
 itu-t-u OBJECT IDENTIFIER ::= {itu-t recommendation u}
 itu-t-v OBJECT IDENTIFIER ::= {itu-t recommendation v}
diff --git a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
index 491bdf8956..d203b6c816 100644
--- a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
@@ -20,4 +20,59 @@ T21 ::= General2{PrintableString}
 
 T22 ::= General2{BIT STRING}
 
+
+--
+-- Test a class parameter that is the governor for another parameter.
+--
+
+AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
+  SEQUENCE {
+     algorithm  ALGORITHM-TYPE.&id   ({AlgorithmSet}),
+     type       ALGORITHM-TYPE.&Type ({AlgorithmSet}{@algorithm})
+  }
+
+AnAlgorithm ::= AlgorithmIdentifier{ SIGNATURE-ALGORITHM,
+	                             { {KEY 1 CONTAINING INTEGER} |
+				       {KEY 2 CONTAINING BOOLEAN} } }
+
+SIGNATURE-ALGORITHM ::= CLASS {
+    &id    INTEGER UNIQUE,
+    &Type
+} WITH SYNTAX {
+    KEY &id CONTAINING &Type
+}
+
+alg-seq-1 AnAlgorithm ::= { algorithm 1, type 42 }
+alg-seq-2 AnAlgorithm ::= { algorithm 2, type TRUE }
+
+--
+-- Test that indirect classes references are resolved.
+--
+
+AlgorithmIdentifier2 { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
+  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
+  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
+
+Seq ::= SEQUENCE {
+  c1 AlgorithmIdentifier2 {{ObjectSet-1}},
+  c2 AlgorithmIdentifier2 {{ObjectSet-2}}
+}
+
+ObjectSet-1 ALGORITHM-IDENTIFIER ::= { {INTEGER IDENTIFIED BY {2 1 1}}, ... }
+ObjectSet-2 ALGORITHM-IDENTIFIER ::= { ... }
+
+-- Test a value that uses the instantiation of a parameterized type inline.
+-- (Adapted from PKCS-5.)
+--
+
+algid-hmacWithSHA1 AlgorithmIdentifier2 {{ObjectSet-3}} ::=
+  {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+
+ObjectSet-3 TYPE-IDENTIFIER ::= { {NULL IDENTIFIED BY id-hmacWithSHA1} }
+
+id-hmacWithSHA1 OBJECT IDENTIFIER ::= {2 9 9 9 7}
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/Prim.asn1 b/lib/asn1/test/asn1_SUITE_data/Prim.asn1
index cc0e61422a..4fe0901683 100644
--- a/lib/asn1/test/asn1_SUITE_data/Prim.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/Prim.asn1
@@ -24,6 +24,8 @@ BEGIN
                         friday(5),saturday(6),sunday(7)}
   SingleEnumVal ::= ENUMERATED {true}
   SingleEnumValExt ::= ENUMERATED {true, ...}
+  NegEnumVal ::= ENUMERATED {neg(-1), ..., zero(0)}
+  EnumVal128 ::= ENUMERATED {val(128)}
 
   ObjId ::= OBJECT IDENTIFIER
   
@@ -58,4 +60,11 @@ BEGIN
     e BOOLEAN,
     magic INTEGER
   }
+
+  Longitude ::= INTEGER {
+        oneMicrodegreeEast(10),
+        oneMicrodegreeWest(-10),
+        unavailable(1800000001)
+  } (-1799999999..1800000001)
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
index d7bfbf1788..6163f390dd 100644
--- a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
@@ -14,7 +14,7 @@ Element ::= CHOICE {bool BOOLEAN,
 		    utf UTF8String,
 		    ro RELATIVE-OID,
 		    nums NumericString,
-		    symbol  PrintableString,
+		    symbol PrintableString,
 		    telet TeletexString,
 		    t61 T61String,
 		    video VideotexString,
@@ -23,13 +23,14 @@ Element ::= CHOICE {bool BOOLEAN,
 		    generalizedTime GeneralizedTime,
 		    gs GraphicString,
 		    vs VisibleString,
---		    iso64 ISO646String,
 		    generalString GeneralString,
 		    univ UniversalString,
 		    cs CHARACTER STRING,
 		    bmp BMPString}
 
-MendeleyevTable ::= SEQUENCE  OF symbol < Element
+MendeleyevTable ::= SEQUENCE OF symbol < Element
+MendeleyevSet ::= SET OF atomic-no < Element
+
 BoolType ::= bool < Element
 
 einsteinium symbol < Element ::= "Es"
@@ -51,7 +52,6 @@ utctimev utctime < Element ::= "9805281429Z"
 gTime generalizedTime < Element ::= "19980528142905.1"
 gsv gs < Element ::= "graphic"
 vsv vs  < Element ::= "visible"
---iso64v iso64 < Element ::= "iso"
 gStringv generalString < Element ::= "general"
 univv univ < Element ::= "Universal"
 bmov bmp < Element ::= "bmp"
diff --git a/lib/asn1/test/asn1_SUITE_data/Seq.py b/lib/asn1/test/asn1_SUITE_data/Seq.py
index f345373ab5..b68f9045a6 100644
--- a/lib/asn1/test/asn1_SUITE_data/Seq.py
+++ b/lib/asn1/test/asn1_SUITE_data/Seq.py
@@ -142,7 +142,10 @@ SeqImp3 ::= SET
   set  Set1
 }
 
-
+SeqCompOf ::= SEQUENCE {
+  ...,
+  COMPONENTS OF SeqS3
+}
 
 END
 
diff --git a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
index 7de9134096..bb85c9e418 100644
--- a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
@@ -15,10 +15,10 @@ SeqOpt1Imp ::= SEQUENCE
   bool1 [1] BOOLEAN OPTIONAL,
   int1  INTEGER,
   seq1  [2] SeqIn OPTIONAL,
-  seq2  [2] SeqIn OPTIONAL,
+  seq2  [3] SeqIn OPTIONAL,
   ...,
-  int2  [3] SeqIn,
-  int3  [3] SeqIn
+  int2  [4] SeqIn,
+  int3  [5] SeqIn
 }
 
 SeqOpt1Exp ::= SEQUENCE 
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn b/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn
deleted file mode 100644
index 436815aa9b..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComma DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-EXPORTS Person;
-
-Person ::= [PRIVATE 19] SEQUENCE {,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER OPTIONAL
-    }
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1
deleted file mode 100644
index 8b2b8816db..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComponentName  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a INTEGER,
-    C Typ}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1
deleted file mode 100644
index 0c33f48906..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComponentType  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a b,
-    c T}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Set.py b/lib/asn1/test/asn1_SUITE_data/Set.py
index 4062f6b804..3928004e6b 100644
--- a/lib/asn1/test/asn1_SUITE_data/Set.py
+++ b/lib/asn1/test/asn1_SUITE_data/Set.py
@@ -80,8 +80,8 @@ SetOpt3 ::= SET
 
 SetIn ::= SET 
 {
-  boolIn  BOOLEAN,
-  intIn  INTEGER
+  boolIn  BOOLEAN OPTIONAL,
+  intIn  INTEGER OPTIONAL
 }
 
 
diff --git a/lib/asn1/test/asn1_SUITE_data/Syntax.py b/lib/asn1/test/asn1_SUITE_data/Syntax.py
deleted file mode 100644
index 867d1148e1..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Syntax.py
+++ /dev/null
@@ -1,10 +0,0 @@
-Syntax DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-EXPORTS Person;
-
-Person ::= [PRIVATE 19] SEQUENCE {,
-	name PrintableString,
-	location INTEGER {home(0),field(1),roving(2)},
-	age INTEGER OPTIONAL
-	}
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/TAGDEFAULT-AUTOMATIC.asn b/lib/asn1/test/asn1_SUITE_data/TAGDEFAULT-AUTOMATIC.asn
new file mode 100644
index 0000000000..2fcba1f71e
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/TAGDEFAULT-AUTOMATIC.asn
@@ -0,0 +1,25 @@
+TAGDEFAULT-AUTOMATIC DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+EXPORTS
+	Tagged,
+	Untagged,
+	Mixed
+;
+
+Tagged ::= SEQUENCE {
+	o0	[0]	OCTET STRING,
+	o1	[1]	OCTET STRING
+}
+
+Untagged ::= SEQUENCE {
+	o0		OCTET STRING,
+	o1		OCTET STRING
+}
+
+Mixed ::= SEQUENCE {
+	o0		OCTET STRING,
+	o2	[2]	OCTET STRING
+}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/TCAPPackage_msg.erl b/lib/asn1/test/asn1_SUITE_data/TCAPPackage_msg.erl
index 0bf4425263..7f7c013f30 100644
--- a/lib/asn1/test/asn1_SUITE_data/TCAPPackage_msg.erl
+++ b/lib/asn1/test/asn1_SUITE_data/TCAPPackage_msg.erl
@@ -3,16 +3,17 @@
 %% 
 %% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %% 
 %% %CopyrightEnd%
 %%
diff --git a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
index dae9ae498a..b2c59d686a 100644
--- a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
+++ b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
@@ -1,4 +1,4 @@
-ValueTest DEFINITIONS  ::= 
+ValueTest DEFINITIONS AUTOMATIC TAGS ::=
 
 BEGIN
 
@@ -23,8 +23,15 @@ vENUMERATED RadioButton ::= button1
 vBS BSNNL ::= {zero,two}
 vNULL NULL ::= NULL
 vOS OCTET STRING ::= '313233'H
-vOD OBJECT IDENTIFIER ::= {2 1 1}
 
+-- OBJECT IDENTIFIER
+vOD OBJECT IDENTIFIER ::= {2 1 1}
+one INTEGER ::= 1
+integer-first OBJECT IDENTIFIER ::= {one 2}
+rel-oid-1 RELATIVE-OID ::= {2 4 5}
+include-roid OBJECT IDENTIFIER ::= {0 rel-oid-1}
+include-oid OBJECT IDENTIFIER ::= {integer-first 1}
+include-all OBJECT IDENTIFIER ::= {integer-first 1 rel-oid-1 42}
 
 --Character strings
 numericstring NumericString ::= "01234567"
@@ -41,7 +48,6 @@ objectdescriptor ObjectDescriptor ::= "ObjectDescriptor"
 graphicstring GraphicString ::= "GraphicString"
 generalstring GeneralString ::= "GeneralString"
 bmpstring1 BMPString ::= "BMPString"
---bmpstring2 BMPString ::= [{0,0,0,66},{0,0,0,77},{0,0,0,80},{0,0,0,115},{0,0,0,116},{0,0,0,114},{0,0,0,105},{0,0,0,110},{0,0,0,103}]
 latinCapitalLetterA UniversalString ::= {0,0,0,65}
 greekCapitalLetterSigma UniversalString ::= {0,0,3,145}
 my-universalstring UniversalString ::= {"This is a capital A: ",
@@ -50,4 +56,88 @@ my-universalstring UniversalString ::= {"This is a capital A: ",
 					greekCapitalLetterSigma,
 					"; try and spot the difference!"}
 
+-- Useful parameterized SEQUENCE.
+ParamSeq{Type} ::= SEQUENCE {
+    a Type
+}
+
+-- Integer values.
+IntegerSeq ::= ParamSeq{INTEGER}
+someInteger INTEGER ::= 42
+integerSeq1 IntegerSeq ::= { a otherInteger }
+otherInteger INTEGER ::= someInteger
+
+--
+-- Values from objects.
+--
+int-from-object-1 INTEGER ::= int-holder-2.&obj.&id
+int-from-object-2 INTEGER ::= int-holder-2.&id
+
+INT-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INT-HOLDER OPTIONAL
+} WITH SYNTAX {
+  ID &id
+  [OBJ &obj]
+}
+
+int-holder-1 INT-HOLDER ::= { ID 2 }
+int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 }
+
+II ::= INTEGER (int-from-object-1..int-from-object-2)
+
+-- Recursive OCTET STRING definitions.
+
+OS-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &os OCTET STRING
+} WITH SYNTAX {
+  ID &id OS &os
+}
+
+os-holder-1 OS-HOLDER ::= { ID 1 OS '4041FF'H }
+
+OctetStringSeq ::= ParamSeq{OCTET STRING}
+
+someOctetString OCTET STRING ::= '404142'H
+
+octetStringSeq1 OctetStringSeq ::= { a someOctetString }
+octetStringSeq2 OctetStringSeq ::= { a otherOctetString }
+octetStringSeq3 OctetStringSeq ::= { a os-holder-1.&os }
+
+otherOctetString OCTET STRING ::= someOctetString
+
+os-1 OCTET STRING ::= os-2
+os-2 OCTET STRING ::= os-holder-1.&os
+
+-- Recursive BIT STRING definitions.
+
+BS-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &bs BIT STRING,
+  &named-bs NamedBsType
+} WITH SYNTAX {
+  ID &id BS &bs NAMED-BS &named-bs
+}
+bs-holder-1 BS-HOLDER ::= { ID 1 BS '101'B NAMED-BS {a,c} }
+
+NamedBsType ::= BIT STRING {a(0),b(1),c(2)}
+BsSeq ::= SEQUENCE {
+  a BIT STRING,
+  b NamedBsType
+}
+
+someBitString BIT STRING ::= '101101'B
+
+bsSeq1 BsSeq ::= { a someBitString, b someNamedBs }
+bsSeq2 BsSeq ::= { a otherBitString, b someOtherNamedBs }
+bsSeq3 BsSeq ::= { a bs-holder-1.&bs, b bs-holder-1.&named-bs }
+
+otherBitString BIT STRING ::= someBitString
+bsFromObjectInd BIT STRING ::= bsFromObject
+bsFromObject BIT STRING ::= bs-holder-1.&bs
+
+someOtherNamedBs NamedBsType ::= someNamedBs
+someNamedBs NamedBsType ::= {c}
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/a_SeqIn.erl b/lib/asn1/test/asn1_SUITE_data/a_SeqIn.erl
index c6db3fd016..e8db7231f1 100644
--- a/lib/asn1/test/asn1_SUITE_data/a_SeqIn.erl
+++ b/lib/asn1/test/asn1_SUITE_data/a_SeqIn.erl
@@ -3,16 +3,17 @@
 %% 
 %% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %% 
 %% %CopyrightEnd%
 %%
diff --git a/lib/asn1/test/asn1_SUITE_data/b_SeqIn.erl b/lib/asn1/test/asn1_SUITE_data/b_SeqIn.erl
index 3fa124c278..ba73a72132 100644
--- a/lib/asn1/test/asn1_SUITE_data/b_SeqIn.erl
+++ b/lib/asn1/test/asn1_SUITE_data/b_SeqIn.erl
@@ -3,16 +3,17 @@
 %% 
 %% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %% 
 %% %CopyrightEnd%
 %%
diff --git a/lib/asn1/test/asn1_SUITE_data/extensionAdditionGroup.erl b/lib/asn1/test/asn1_SUITE_data/extensionAdditionGroup.erl
index a1e563f6be..3600ccac26 100644
--- a/lib/asn1/test/asn1_SUITE_data/extensionAdditionGroup.erl
+++ b/lib/asn1/test/asn1_SUITE_data/extensionAdditionGroup.erl
@@ -3,16 +3,17 @@
 %%
 %% Copyright Ericsson AB 2001-2013. All Rights Reserved.
 %%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
 %%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %%
 %% %CopyrightEnd%
 
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1
index 3f1385323a..3f1385323a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1
new file mode 100644
index 0000000000..f912966c72
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1
@@ -0,0 +1,466 @@
+AlgorithmInformation-2009
+    {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+    mechanisms(5) pkix(7) id-mod(0)
+    id-mod-algorithmInformation-02(58)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+EXPORTS ALL;
+IMPORTS
+
+KeyUsage
+FROM PKIX1Implicit-2009
+    {iso(1) identified-organization(3) dod(6) internet(1)
+    security(5) mechanisms(5) pkix(7) id-mod(0)
+    id-mod-pkix1-implicit-02(59)} ;
+
+--  Suggested prefixes for algorithm objects are:
+--
+--  mda-   Message Digest Algorithms
+--  sa-    Signature Algorithms
+--  kta-   Key Transport Algorithms (Asymmetric)
+--  kaa-   Key Agreement Algorithms  (Asymmetric)
+--  kwa-   Key Wrap Algorithms (Symmetric)
+--  kda-   Key Derivation Algorithms
+--  maca-  Message Authentication Code Algorithms
+--  pk-    Public Key
+--  cea-   Content (symmetric) Encryption Algorithms
+--  cap-   S/MIME Capabilities
+
+ParamOptions ::= ENUMERATED {
+   required,         -- Parameters MUST be encoded in structure
+   preferredPresent, -- Parameters SHOULD be encoded in structure
+   preferredAbsent,  -- Parameters SHOULD NOT be encoded in structure
+   absent,           -- Parameters MUST NOT be encoded in structure
+   inheritable,      -- Parameters are inherited if not present
+   optional,         -- Parameters MAY be encoded in the structure
+   ...
+}
+
+--  DIGEST-ALGORITHM
+--
+--  Describes the basic information for ASN.1 and a digest
+--      algorithm.
+--
+--  &id - contains the OID identifying the digest algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--
+--  Additional information such as the length of the hash could have
+--      been encoded.  Without a clear understanding of what information
+--      is needed by applications, such extraneous information was not
+--      considered to be of sufficent importance.
+--
+--  Example:
+--  mda-sha1 DIGEST-ALGORITHM ::= {
+--      IDENTIFIER id-sha1
+--      PARAMS TYPE NULL ARE preferredAbsent
+--  }
+
+DIGEST-ALGORITHM ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence ]
+}
+
+--  SIGNATURE-ALGORITHM
+--
+--  Describes the basic properties of a signature algorithm
+--
+--  &id - contains the OID identifying the signature algorithm
+--  &Value - contains a type definition for the value structure of
+--              the signature; if absent, implies that no ASN.1
+--              encoding is performed on the value
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &HashSet - The set of hash algorithms used with this
+--                  signature algorithm
+--  &PublicKeySet - the set of public key algorithms for this
+--                  signature algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  sig-RSA-PSS SIGNATURE-ALGORITHM ::= {
+--     IDENTIFIER id-RSASSA-PSS
+--     PARAMS TYPE RSASSA-PSS-params ARE required
+--     HASHES { mda-sha1 | mda-md5, ... }
+--     PUBLIC-KEYS { pk-rsa | pk-rsa-pss }
+-- }
+
+SIGNATURE-ALGORITHM ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &Value          OPTIONAL,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &HashSet        DIGEST-ALGORITHM OPTIONAL,
+    &PublicKeySet   PUBLIC-KEY OPTIONAL,
+    &smimeCaps      SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [VALUE &Value]
+    [PARAMS [TYPE &Params] ARE &paramPresence ]
+    [HASHES &HashSet]
+    [PUBLIC-KEYS &PublicKeySet]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  PUBLIC-KEY
+--
+--  Describes the basic properties of a public key
+--
+--  &id - contains the OID identifying the public key
+--  &KeyValue - contains the type for the key value
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &keyUsage - contains the set of bits that are legal for this
+--              key type.  Note that is does not make any statement
+--              about how bits may be paired.
+--  &PrivateKey - contains a type structure for encoding the private
+--              key information.
+--
+--  Example:
+--  pk-rsa-pss PUBLIC-KEY ::= {
+--      IDENTIFIER id-RSASSA-PSS
+--      KEY RSAPublicKey
+--      PARAMS TYPE RSASSA-PSS-params ARE optional
+--      CERT-KEY-USAGE { .... }
+--  }
+
+PUBLIC-KEY ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &KeyValue       OPTIONAL,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &keyUsage       KeyUsage OPTIONAL,
+    &PrivateKey     OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [KEY &KeyValue]
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [CERT-KEY-USAGE &keyUsage]
+    [PRIVATE-KEY &PrivateKey]
+}
+
+--  KEY-TRANSPORT
+--
+--  Describes the basic properties of a key transport algorithm
+--
+--  &id - contains the OID identifying the key transport algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &PublicKeySet - specifies which public keys are used with
+--                       this algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kta-rsaTransport KEY-TRANSPORT ::= {
+--      IDENTIFIER &id
+--      PARAMS TYPE NULL ARE required
+--      PUBLIC-KEYS  { pk-rsa | pk-rsa-pss }
+--  }
+
+KEY-TRANSPORT ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent,
+    &PublicKeySet       PUBLIC-KEY OPTIONAL,
+    &smimeCaps          SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [PUBLIC-KEYS &PublicKeySet]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  KEY-AGREE
+--
+--  Describes the basic properties of a key agreement algorithm
+--
+--  &id - contains the OID identifying the key agreement algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &PublicKeySet - specifies which public keys are used with
+--                        this algorithm
+--  &Ukm - type of user keying material used
+--  &ukmPresence - specifies the requirements to define the UKM field
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kaa-dh-static-ephemeral KEY-AGREE ::= {
+--      IDENTIFIER id-alg-ESDH
+--      PARAMS TYPE KeyWrapAlgorithm ARE required
+--      PUBLIC-KEYS {
+--         {IDENTIFIER dh-public-number KEY DHPublicKey
+--            PARAMS TYPE DHDomainParameters ARE inheritable }
+--      }
+--      - - UKM should be present but is not separately ASN.1-encoded
+--      UKM ARE preferredPresent
+--  }
+
+KEY-AGREE ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &PublicKeySet   PUBLIC-KEY OPTIONAL,
+    &Ukm            OPTIONAL,
+    &ukmPresence    ParamOptions DEFAULT absent,
+    &smimeCaps      SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [PUBLIC-KEYS &PublicKeySet]
+    [UKM [TYPE &Ukm] ARE &ukmPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  KEY-WRAP
+--
+--  Describes the basic properties of a key wrap algorithm
+--
+--  &id - contains the OID identifying the key wrap algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kwa-cms3DESwrap KEY-WRAP ::= {
+--      IDENTIFIER id-alg-CMS3DESwrap
+--      PARAMS TYPE NULL ARE required
+--  }
+
+KEY-WRAP ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+--  KEY-DERIVATION
+--
+--  Describes the basic properties of a key derivation algorithm
+--
+--  &id - contains the OID identifying the key derivation algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kda-pbkdf2 KEY-DERIVATION ::= {
+--      IDENTIFIER id-PBKDF2
+--      PARAMS TYPE PBKDF2-params ARE required
+--  }
+
+KEY-DERIVATION ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- MAC-ALGORITHM
+--
+--  Describes the basic properties of a message
+--      authentication code (MAC) algorithm
+--
+--  &id - contains the OID identifying the MAC algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &keyed - MAC algorithm is a keyed MAC algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Some parameters that perhaps should have been added would be
+--  fields with the minimum and maximum MAC lengths for
+--  those MAC algorithms that allow truncations.
+--
+--  Example:
+--  maca-hmac-sha1 MAC-ALGORITHM ::= {
+--      IDENTIFIER hMAC-SHA1
+--      PARAMS TYPE NULL ARE preferredAbsent
+--      IS KEYED MAC TRUE
+--      SMIME-CAPS {IDENTIFIED BY hMAC-SHA1}
+--  }
+
+MAC-ALGORITHM ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent,
+    &keyed              BOOLEAN,
+    &smimeCaps          SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    IS-KEYED-MAC &keyed
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  CONTENT-ENCRYPTION
+--
+--  Describes the basic properties of a content encryption
+--      algorithm
+--
+--  &id - contains the OID identifying the content
+--        encryption algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  cea-3DES-cbc CONTENT-ENCRYPTION ::= {
+--      IDENTIFIER des-ede3-cbc
+--      PARAMS TYPE IV ARE required
+--      SMIME-CAPS { IDENTIFIED BY des-ede3-cbc }
+--  }
+
+CONTENT-ENCRYPTION ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- ALGORITHM
+--
+-- Describes a generic algorithm identifier
+--
+--  &id - contains the OID identifying the algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  This would be used for cases where an algorithm of an unknown
+--  type is used.  In general however, one should either define
+--  a more complete algorithm structure (such as the one above)
+--  or use the TYPE-IDENTIFIER class.
+
+ALGORITHM ::= CLASS {
+    &id OBJECT   IDENTIFIER UNIQUE,
+    &Params      OPTIONAL,
+    &paramPresence ParamOptions DEFAULT absent,
+    &smimeCaps   SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- AlgorithmIdentifier
+--
+-- Provides the generic structure that is used to encode algorithm
+--    identification and the parameters associated with the
+--    algorithm.
+--
+-- The first parameter represents the type of the algorithm being
+--    used.
+-- The second parameter represents an object set containing the
+--    algorithms that may occur in this situation.
+--    The initial list of required algorithms should occur to the
+--      left of an extension marker; all other algorithms should
+--      occur to the right of an extension marker.
+--
+-- The object class ALGORITHM can be used for generic unspecified
+--     items.
+-- If new ALGORITHM classes are defined, the fields &id and &Params
+--     need to be present as fields in the object in order to use
+--     this parameterized type.
+--
+-- Example:
+--    SignatureAlgorithmIdentifier ::=
+--       AlgorithmIdentifier{SIGNATURE-ALGORITHM, {SignatureAlgSet}}
+
+AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
+        SEQUENCE {
+            algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
+            parameters  ALGORITHM-TYPE.
+                   &Params({AlgorithmSet}{@algorithm}) OPTIONAL
+        }
+
+--  S/MIME Capabilities
+--
+--  We have moved the SMIME-CAPS from the module for RFC 3851 to here
+--  because it is used in RFC 4262 (X.509 Certificate Extension for
+--  S/MIME Capabilities)
+--
+--
+--  This class is used to represent an S/MIME capability.  S/MIME
+--  capabilities are used to represent what algorithm capabilities
+--  an individual has.  The classic example was the content encryption
+--  algorithm RC2 where the algorithm id and the RC2 key lengths
+--  supported needed to be advertised, but the IV used is not fixed.
+--  Thus, for RC2 we used
+--
+--  cap-RC2CBC SMIME-CAPS ::= {
+--      TYPE INTEGER ( 40 | 128 ) IDENTIFIED BY rc2-cbc }
+--
+--  where 40 and 128 represent the RC2 key length in number of bits.
+--
+--  Another example where information needs to be shown is for
+--  RSA-OAEP where only specific hash functions or mask generation
+--  functions are supported, but the saltLength is specified by the
+--  sender and not the recipient.  In this case, one can either
+--  generate a number of capability items,
+--  or a new S/MIME capability type could be generated where
+--  multiple hash functions could be specified.
+--
+--
+--  SMIME-CAP
+--
+--  This class is used to associate the type that describes the
+--  capabilities with the object identifier.
+--
+
+SMIME-CAPS ::= CLASS {
+    &id         OBJECT IDENTIFIER UNIQUE,
+    &Type       OPTIONAL
+}
+WITH SYNTAX { [TYPE &Type] IDENTIFIED BY &id }
+
+--
+--  Generic type - this is used for defining values.
+--
+
+--  Define a single S/MIME capability encoding
+
+SMIMECapability{SMIME-CAPS:CapabilitySet} ::= SEQUENCE {
+    capabilityID        SMIME-CAPS.&id({CapabilitySet}),
+    parameters          SMIME-CAPS.&Type({CapabilitySet}
+                            {@capabilityID}) OPTIONAL
+}
+
+--  Define a sequence of S/MIME capability values
+
+SMIMECapabilities { SMIME-CAPS:CapabilitySet } ::=
+        SEQUENCE SIZE (1..MAX) OF SMIMECapability{{CapabilitySet} }
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1
new file mode 100644
index 0000000000..46b431af40
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1
@@ -0,0 +1,59 @@
+  AttributeCertificateVersion1-2009
+      {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-v1AttrCert-02(49)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  SIGNATURE-ALGORITHM, ALGORITHM, AlgorithmIdentifier{}
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+  CertificateSerialNumber, UniqueIdentifier, SIGNED{}
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }
+
+  GeneralNames
+  FROM PKIX1Implicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) }
+
+  AttCertValidityPeriod, IssuerSerial
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } ;
+
+  -- Definition extracted from X.509-1997 [X.509-97], but
+  -- different type names are used to avoid collisions.
+
+  AttributeCertificateV1 ::= SIGNED{AttributeCertificateInfoV1}
+
+  AttributeCertificateInfoV1 ::= SEQUENCE {
+     version AttCertVersionV1 DEFAULT v1,
+     subject CHOICE {
+        baseCertificateID [0] IssuerSerial,
+        -- associated with a Public Key Certificate
+        subjectName [1] GeneralNames },
+     -- associated with a name
+     issuer GeneralNames,
+     signature AlgorithmIdentifier{SIGNATURE-ALGORITHM, {...}},
+     serialNumber CertificateSerialNumber,
+     attCertValidityPeriod AttCertValidityPeriod,
+     attributes SEQUENCE OF AttributeSet{{AttrList}},
+     issuerUniqueID UniqueIdentifier OPTIONAL,
+     extensions Extensions{{AttributeCertExtensionsV1}} OPTIONAL }
+
+  AttCertVersionV1 ::= INTEGER { v1(0) }
+
+  AttrList ATTRIBUTE ::= {...}
+  AttributeCertExtensionsV1 EXTENSION ::= {...}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1
index 5cfa9062f0..5cfa9062f0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1
index d8b2b687ae..d8b2b687ae 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1
index 0daf2208e9..0daf2208e9 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1
index 04060cf060..04060cf060 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1
index aed48ac26b..aed48ac26b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1
index 7ba5bf194a..7ba5bf194a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1
index 24c7fafc38..24c7fafc38 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1
new file mode 100644
index 0000000000..3e350294be
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1
@@ -0,0 +1,463 @@
+  CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
+      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
+      AlgorithmIdentifier
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+  SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs,
+      MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs,
+      KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  Certificate, CertificateList, CertificateSerialNumber,
+      Name, ATTRIBUTE
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-explicit-02(51) }
+
+  AttributeCertificate
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-attribute-cert-02(47) }
+
+  AttributeCertificateV1
+  FROM AttributeCertificateVersion1-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-v1AttrCert-02(49) } ;
+
+  -- Cryptographic Message Syntax
+
+  -- The following are used for version numbers using the ASN.1
+  --   idiom "[[n:"
+  --   Version 1 = PKCS #7
+  --   Version 2 = S/MIME V2
+  --   Version 3 = RFC 2630
+  --   Version 4 = RFC 3369
+  --   Version 5 = RFC 3852
+
+  CONTENT-TYPE ::= TYPE-IDENTIFIER
+  ContentType ::= CONTENT-TYPE.&id
+
+  ContentInfo ::= SEQUENCE {
+      contentType        CONTENT-TYPE.
+                      &id({ContentSet}),
+      content            [0] EXPLICIT CONTENT-TYPE.
+                      &Type({ContentSet}{@contentType})}
+
+  ContentSet CONTENT-TYPE ::= {
+      --  Define the set of content types to be recognized.
+      ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData |
+      ct-AuthenticatedData | ct-DigestedData, ... }
+
+  SignedData ::= SEQUENCE {
+      version CMSVersion,
+      digestAlgorithms SET OF DigestAlgorithmIdentifier,
+      encapContentInfo EncapsulatedContentInfo,
+      certificates [0] IMPLICIT CertificateSet OPTIONAL,
+      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+      signerInfos SignerInfos }
+
+  SignerInfos ::= SET OF SignerInfo
+
+  EncapsulatedContentInfo ::= SEQUENCE {
+      eContentType       CONTENT-TYPE.&id({ContentSet}),
+      eContent           [0] EXPLICIT OCTET STRING
+              ( CONTAINING CONTENT-TYPE.
+                  &Type({ContentSet}{@eContentType})) OPTIONAL }
+
+  SignerInfo ::= SEQUENCE {
+      version CMSVersion,
+      sid SignerIdentifier,
+      digestAlgorithm DigestAlgorithmIdentifier,
+      signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+      signatureAlgorithm SignatureAlgorithmIdentifier,
+      signature SignatureValue,
+      unsignedAttrs [1] IMPLICIT Attributes
+          {{UnsignedAttributes}} OPTIONAL }
+
+  SignedAttributes ::= Attributes {{ SignedAttributesSet }}
+
+  SignerIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      ...,
+      [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }
+
+  SignedAttributesSet ATTRIBUTE ::=
+      { aa-signingTime | aa-messageDigest | aa-contentType, ... }
+
+  UnsignedAttributes ATTRIBUTE ::= { aa-countersignature, ... }
+
+  SignatureValue ::= OCTET STRING
+
+  EnvelopedData ::= SEQUENCE {
+      version CMSVersion,
+      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+      recipientInfos RecipientInfos,
+      encryptedContentInfo EncryptedContentInfo,
+      ...,
+      [[2: unprotectedAttrs [1] IMPLICIT Attributes
+          {{ UnprotectedAttributes }} OPTIONAL ]] }
+
+  OriginatorInfo ::= SEQUENCE {
+      certs [0] IMPLICIT CertificateSet OPTIONAL,
+      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
+
+  RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
+
+  EncryptedContentInfo ::= SEQUENCE {
+      contentType        CONTENT-TYPE.&id({ContentSet}),
+      contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+      encryptedContent   [0] IMPLICIT OCTET STRING OPTIONAL }
+
+  -- If you want to do constraints, you might use:
+  -- EncryptedContentInfo ::= SEQUENCE {
+  --  contentType        CONTENT-TYPE.&id({ContentSet}),
+  --  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+  --  encryptedContent   [0] IMPLICIT ENCRYPTED {CONTENT-TYPE.
+  --      &Type({ContentSet}{@contentType}) OPTIONAL }
+  -- ENCRYPTED {ToBeEncrypted} ::= OCTET STRING ( CONSTRAINED BY
+  --        { ToBeEncrypted } )
+
+  UnprotectedAttributes ATTRIBUTE ::=  { ... }
+
+  RecipientInfo ::= CHOICE {
+      ktri           KeyTransRecipientInfo,
+      ...,
+      [[3: kari  [1] KeyAgreeRecipientInfo ]],
+      [[4: kekri [2] KEKRecipientInfo]],
+      [[5: pwri  [3] PasswordRecipientInfo,
+           ori   [4] OtherRecipientInfo ]] }
+
+  EncryptedKey ::= OCTET STRING
+
+  KeyTransRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 0 or 2
+      rid RecipientIdentifier,
+      keyEncryptionAlgorithm AlgorithmIdentifier
+          {KEY-TRANSPORT, {KeyTransportAlgorithmSet}},
+      encryptedKey EncryptedKey }
+
+  KeyTransportAlgorithmSet KEY-TRANSPORT ::= { KeyTransportAlgs, ... }
+
+  RecipientIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      ...,
+      [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }
+  KeyAgreeRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 3
+      originator [0] EXPLICIT OriginatorIdentifierOrKey,
+      ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+      keyEncryptionAlgorithm AlgorithmIdentifier
+          {KEY-AGREE, {KeyAgreementAlgorithmSet}},
+      recipientEncryptedKeys RecipientEncryptedKeys }
+
+  KeyAgreementAlgorithmSet KEY-AGREE ::= { KeyAgreementAlgs, ... }
+
+  OriginatorIdentifierOrKey ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      subjectKeyIdentifier [0] SubjectKeyIdentifier,
+      originatorKey [1] OriginatorPublicKey }
+
+  OriginatorPublicKey ::= SEQUENCE {
+      algorithm AlgorithmIdentifier {PUBLIC-KEY, {OriginatorKeySet}},
+      publicKey BIT STRING }
+
+  OriginatorKeySet PUBLIC-KEY ::= { KeyAgreePublicKeys, ... }
+
+  RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+  RecipientEncryptedKey ::= SEQUENCE {
+      rid KeyAgreeRecipientIdentifier,
+      encryptedKey EncryptedKey }
+
+  KeyAgreeRecipientIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      rKeyId [0] IMPLICIT RecipientKeyIdentifier }
+
+  RecipientKeyIdentifier ::= SEQUENCE {
+      subjectKeyIdentifier SubjectKeyIdentifier,
+      date GeneralizedTime OPTIONAL,
+      other OtherKeyAttribute OPTIONAL }
+
+  SubjectKeyIdentifier ::= OCTET STRING
+
+  KEKRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 4
+      kekid KEKIdentifier,
+      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+      encryptedKey EncryptedKey }
+
+  KEKIdentifier ::= SEQUENCE {
+      keyIdentifier OCTET STRING,
+      date GeneralizedTime OPTIONAL,
+      other OtherKeyAttribute OPTIONAL }
+  PasswordRecipientInfo ::= SEQUENCE {
+      version CMSVersion,   -- always set to 0
+      keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
+                              OPTIONAL,
+      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+      encryptedKey EncryptedKey }
+
+  OTHER-RECIPIENT ::= TYPE-IDENTIFIER
+
+  OtherRecipientInfo ::= SEQUENCE {
+      oriType    OTHER-RECIPIENT.
+              &id({SupportedOtherRecipInfo}),
+      oriValue   OTHER-RECIPIENT.
+              &Type({SupportedOtherRecipInfo}{@oriType})}
+
+  SupportedOtherRecipInfo OTHER-RECIPIENT ::= { ... }
+
+  DigestedData ::= SEQUENCE {
+      version CMSVersion,
+      digestAlgorithm DigestAlgorithmIdentifier,
+      encapContentInfo EncapsulatedContentInfo,
+      digest Digest, ... }
+
+  Digest ::= OCTET STRING
+
+  EncryptedData ::= SEQUENCE {
+      version CMSVersion,
+      encryptedContentInfo EncryptedContentInfo,
+      ...,
+      [[2: unprotectedAttrs [1] IMPLICIT Attributes
+          {{UnprotectedAttributes}} OPTIONAL ]] }
+
+  AuthenticatedData ::= SEQUENCE {
+      version CMSVersion,
+      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+      recipientInfos RecipientInfos,
+      macAlgorithm MessageAuthenticationCodeAlgorithm,
+      digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+      encapContentInfo EncapsulatedContentInfo,
+      authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
+      mac MessageAuthenticationCode,
+      unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
+
+  AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+      {{AuthAttributeSet}}
+
+  AuthAttributeSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest
+                                       | aa-signingTime, ...}
+  MessageAuthenticationCode ::= OCTET STRING
+
+  UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+      {{UnauthAttributeSet}}
+
+  UnauthAttributeSet ATTRIBUTE ::= {...}
+
+  --
+  --  General algorithm definitions
+  --
+
+  DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+      {DIGEST-ALGORITHM, {DigestAlgorithmSet}}
+
+  DigestAlgorithmSet DIGEST-ALGORITHM ::= {
+      CryptographicMessageSyntaxAlgorithms-2009.MessageDigestAlgs, ... }
+
+  SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+      {SIGNATURE-ALGORITHM, {SignatureAlgorithmSet}}
+
+  SignatureAlgorithmSet SIGNATURE-ALGORITHM ::=
+      { SignatureAlgs, ... }
+
+  KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+      {KEY-WRAP, {KeyEncryptionAlgorithmSet}}
+
+  KeyEncryptionAlgorithmSet KEY-WRAP ::= { KeyWrapAlgs, ... }
+
+  ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+      {CONTENT-ENCRYPTION, {ContentEncryptionAlgorithmSet}}
+
+  ContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::=
+      { ContentEncryptionAlgs, ... }
+
+  MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+      {MAC-ALGORITHM, {MessageAuthenticationCodeAlgorithmSet}}
+
+  MessageAuthenticationCodeAlgorithmSet MAC-ALGORITHM ::=
+      { MessageAuthAlgs, ... }
+
+  KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
+      {KEY-DERIVATION, {KeyDerivationAlgs, ...}}
+
+  RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
+  RevocationInfoChoice ::= CHOICE {
+      crl CertificateList,
+      ...,
+      [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] }
+
+  OTHER-REVOK-INFO ::= TYPE-IDENTIFIER
+
+  OtherRevocationInfoFormat ::= SEQUENCE {
+      otherRevInfoFormat    OTHER-REVOK-INFO.
+              &id({SupportedOtherRevokInfo}),
+      otherRevInfo          OTHER-REVOK-INFO.
+              &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})}
+
+  SupportedOtherRevokInfo OTHER-REVOK-INFO ::= { ... }
+
+  CertificateChoices ::= CHOICE {
+      certificate Certificate,
+      extendedCertificate [0] IMPLICIT ExtendedCertificate,
+           -- Obsolete
+      ...,
+      [[3: v1AttrCert [1] IMPLICIT AttributeCertificateV1]],
+           -- Obsolete
+      [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]],
+      [[5: other      [3] IMPLICIT OtherCertificateFormat]] }
+
+  AttributeCertificateV2 ::= AttributeCertificate
+
+  OTHER-CERT-FMT ::= TYPE-IDENTIFIER
+
+  OtherCertificateFormat ::= SEQUENCE {
+      otherCertFormat OTHER-CERT-FMT.
+              &id({SupportedCertFormats}),
+      otherCert       OTHER-CERT-FMT.
+              &Type({SupportedCertFormats}{@otherCertFormat})}
+
+  SupportedCertFormats OTHER-CERT-FMT ::= { ... }
+
+  CertificateSet ::= SET OF CertificateChoices
+
+  IssuerAndSerialNumber ::= SEQUENCE {
+      issuer Name,
+      serialNumber CertificateSerialNumber }
+
+  CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
+
+  UserKeyingMaterial ::= OCTET STRING
+
+  KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
+
+  OtherKeyAttribute ::= SEQUENCE {
+      keyAttrId  KEY-ATTRIBUTE.
+
+              &id({SupportedKeyAttributes}),
+      keyAttr    KEY-ATTRIBUTE.
+              &Type({SupportedKeyAttributes}{@keyAttrId})}
+
+  SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... }
+
+  -- Content Type Object Identifiers
+
+  id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
+
+  ct-Data CONTENT-TYPE ::= {OCTET STRING IDENTIFIED BY id-data}
+
+  id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
+
+  ct-SignedData CONTENT-TYPE ::=
+      { SignedData IDENTIFIED BY id-signedData}
+
+  id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
+
+  ct-EnvelopedData CONTENT-TYPE ::=
+      { EnvelopedData IDENTIFIED BY id-envelopedData}
+
+  id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
+
+  ct-DigestedData CONTENT-TYPE ::=
+      { DigestedData IDENTIFIED BY id-digestedData}
+
+  id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
+
+  ct-EncryptedData CONTENT-TYPE ::=
+      { EncryptedData IDENTIFIED BY id-encryptedData}
+
+  id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
+
+  ct-AuthenticatedData CONTENT-TYPE ::=
+      { AuthenticatedData IDENTIFIED BY id-ct-authData}
+
+  id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
+
+  --
+  -- The CMS Attributes
+  --
+
+  MessageDigest ::= OCTET STRING
+
+  SigningTime  ::= Time
+
+  Time ::= CHOICE {
+      utcTime UTCTime,
+      generalTime GeneralizedTime }
+
+  Countersignature ::= SignerInfo
+
+  -- Attribute Object Identifiers
+
+  aa-contentType ATTRIBUTE ::=
+      { TYPE ContentType IDENTIFIED BY id-contentType }
+  id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
+
+  aa-messageDigest ATTRIBUTE ::=
+      { TYPE MessageDigest IDENTIFIED BY id-messageDigest}
+  id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
+
+  aa-signingTime ATTRIBUTE ::=
+      { TYPE SigningTime IDENTIFIED BY id-signingTime }
+  id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+
+  aa-countersignature ATTRIBUTE ::=
+      { TYPE Countersignature IDENTIFIED BY id-countersignature }
+  id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
+
+  --
+  -- Obsolete Extended Certificate syntax from PKCS#6
+  --
+
+  ExtendedCertificateOrCertificate ::= CHOICE {
+      certificate Certificate,
+      extendedCertificate [0] IMPLICIT ExtendedCertificate }
+
+  ExtendedCertificate ::= SEQUENCE {
+      extendedCertificateInfo ExtendedCertificateInfo,
+      signatureAlgorithm SignatureAlgorithmIdentifier,
+      signature Signature }
+
+  ExtendedCertificateInfo ::= SEQUENCE {
+      version CMSVersion,
+      certificate Certificate,
+      attributes UnauthAttributes }
+
+  Signature ::= BIT STRING
+
+  Attribute{ ATTRIBUTE:AttrList } ::= SEQUENCE {
+      attrType           ATTRIBUTE.
+              &id({AttrList}),
+      attrValues         SET OF ATTRIBUTE.
+              &Type({AttrList}{@attrType})  }
+
+  Attributes { ATTRIBUTE:AttrList } ::=
+      SET SIZE (1..MAX) OF Attribute {{ AttrList }}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1
new file mode 100644
index 0000000000..72e8b270db
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1
@@ -0,0 +1,248 @@
+   CryptographicMessageSyntaxAlgorithms-2009
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+       smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
+      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
+      AlgorithmIdentifier{}, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   pk-rsa, pk-dh, pk-dsa, rsaEncryption, DHPublicKey, dhpublicnumber
+   FROM PKIXAlgs-2009
+        {iso(1) identified-organization(3) dod(6)
+        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-algorithms2008-02(56)}
+
+   cap-RC2CBC
+   FROM SecureMimeMessageV3dot1-2009
+        {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+        smime(16) modules(0) id-mod-msg-v3dot1-02(39)};
+
+   --  2. Hash algorithms in this document
+
+   MessageDigestAlgs DIGEST-ALGORITHM ::= {
+   --   mda-md5 | mda-sha1,
+        ... }
+
+   --  3. Signature algorithms in this document
+
+   SignatureAlgs SIGNATURE-ALGORITHM ::= {
+   --  See RFC 3279
+   --  sa-dsaWithSHA1 |  sa-rsaWithMD5 | sa-rsaWithSHA1,
+       ... }
+
+   --  4.  Key Management Algorithms
+   --  4.1 Key Agreement Algorithms
+
+   KeyAgreementAlgs KEY-AGREE ::= { kaa-esdh | kaa-ssdh, ...}
+   KeyAgreePublicKeys PUBLIC-KEY ::= { pk-dh, ...}
+
+   --  4.2  Key Transport Algorithms
+
+   KeyTransportAlgs KEY-TRANSPORT ::= { kt-rsa, ... }
+
+   --  4.3  Symmetric Key-Encryption Key Algorithms
+
+   KeyWrapAlgs KEY-WRAP ::= { kwa-3DESWrap | kwa-RC2Wrap, ... }
+
+   --  4.4  Key Derivation Algorithms
+
+   KeyDerivationAlgs KEY-DERIVATION ::= { kda-PBKDF2, ... }
+
+   --  5.  Content Encryption Algorithms
+
+   ContentEncryptionAlgs CONTENT-ENCRYPTION ::=
+       { cea-3DES-cbc | cea-RC2-cbc, ... }
+
+   --  6.  Message Authentication Code Algorithms
+
+   MessageAuthAlgs MAC-ALGORITHM ::= { maca-hMAC-SHA1, ... }
+
+   --  S/MIME Capabilities for these items
+
+   SMimeCaps SMIME-CAPS ::= {
+       kaa-esdh.&smimeCaps         |
+       kaa-ssdh.&smimeCaps         |
+       kt-rsa.&smimeCaps           |
+       kwa-3DESWrap.&smimeCaps     |
+       kwa-RC2Wrap.&smimeCaps      |
+       cea-3DES-cbc.&smimeCaps     |
+       cea-RC2-cbc.&smimeCaps      |
+       maca-hMAC-SHA1.&smimeCaps,
+       ...}
+
+   --
+   --
+   --
+
+   -- Algorithm Identifiers
+
+   -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+   --    us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
+
+   id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
+
+   id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 }
+
+   id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
+
+   id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
+
+   des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
+
+   rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) encryptionAlgorithm(3) 2 }
+
+   hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+      dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
+
+   id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-5(5) 12 }
+
+   -- Algorithm Identifier Parameter Types
+
+   KeyWrapAlgorithm ::=
+       AlgorithmIdentifier {KEY-WRAP, {KeyWrapAlgs }}
+
+   RC2wrapParameter ::= RC2ParameterVersion
+   RC2ParameterVersion ::= INTEGER
+
+   CBCParameter ::= IV
+
+   IV ::= OCTET STRING  -- exactly 8 octets
+
+   RC2CBCParameter ::= SEQUENCE {
+       rc2ParameterVersion INTEGER (1..256),
+       iv OCTET STRING  }  -- exactly 8 octets
+
+   maca-hMAC-SHA1 MAC-ALGORITHM ::= {
+       IDENTIFIER hMAC-SHA1
+       PARAMS TYPE NULL ARE preferredAbsent
+       IS-KEYED-MAC TRUE
+       SMIME-CAPS {IDENTIFIED BY hMAC-SHA1}
+   }
+
+   PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{ ALGORITHM,
+                                          {PBKDF2-PRFs} }
+
+   alg-hMAC-SHA1 ALGORITHM ::=
+       { IDENTIFIER hMAC-SHA1 PARAMS TYPE NULL ARE required }
+
+   PBKDF2-PRFs ALGORITHM ::= { alg-hMAC-SHA1, ... }
+
+   PBKDF2-SaltSources ALGORITHM ::= { ... }
+
+   PBKDF2-SaltSourcesAlgorithmIdentifier ::=
+       AlgorithmIdentifier {ALGORITHM, {PBKDF2-SaltSources}}
+
+   defaultPBKDF2 PBKDF2-PRFsAlgorithmIdentifier ::=
+       { algorithm alg-hMAC-SHA1.&id, parameters NULL:NULL }
+
+   PBKDF2-params ::= SEQUENCE {
+       salt CHOICE {
+           specified OCTET STRING,
+           otherSource PBKDF2-SaltSourcesAlgorithmIdentifier },
+       iterationCount INTEGER (1..MAX),
+       keyLength INTEGER (1..MAX) OPTIONAL,
+       prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT
+               defaultPBKDF2
+           }
+
+   --
+   --  This object is included for completeness.  It should not be used
+   --      for encoding of signatures, but was sometimes used in older
+   --      versions of CMS for encoding of RSA signatures.
+   --
+   --
+   -- sa-rsa SIGNATURE-ALGORITHM ::= {
+   --         IDENTIFIER rsaEncryption
+   --         - - value is not ASN.1 encoded
+   --         PARAMS TYPE NULL ARE required
+   --         HASHES {mda-sha1 | mda-md5, ...}
+   --         PUBLIC-KEYS { pk-rsa}
+   -- }
+   --
+   -- No ASN.1 encoding is applied to the signature value
+   --    for these items
+
+   kaa-esdh KEY-AGREE ::= {
+        IDENTIFIER id-alg-ESDH
+        PARAMS TYPE KeyWrapAlgorithm ARE required
+        PUBLIC-KEYS { pk-dh }
+        -- UKM is not ASN.1 encoded
+        UKM ARE optional
+        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-ESDH}
+   }
+
+   kaa-ssdh KEY-AGREE ::= {
+        IDENTIFIER id-alg-SSDH
+        PARAMS TYPE KeyWrapAlgorithm ARE required
+        PUBLIC-KEYS {pk-dh}
+        -- UKM is not ASN.1 encoded
+        UKM ARE optional
+        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-SSDH}
+   }
+
+   dh-public-number OBJECT IDENTIFIER ::= dhpublicnumber
+
+   pk-originator-dh PUBLIC-KEY ::= {
+       IDENTIFIER dh-public-number
+       KEY DHPublicKey
+       PARAMS ARE absent
+       CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly}
+   }
+
+   kwa-3DESWrap KEY-WRAP ::= {
+        IDENTIFIER id-alg-CMS3DESwrap
+        PARAMS TYPE NULL ARE required
+        SMIME-CAPS {IDENTIFIED BY id-alg-CMS3DESwrap}
+   }
+
+   kwa-RC2Wrap KEY-WRAP ::= {
+        IDENTIFIER id-alg-CMSRC2wrap
+        PARAMS TYPE RC2wrapParameter ARE required
+        SMIME-CAPS { IDENTIFIED BY id-alg-CMSRC2wrap }
+   }
+
+   kda-PBKDF2 KEY-DERIVATION ::= {
+       IDENTIFIER id-PBKDF2
+       PARAMS TYPE PBKDF2-params ARE required
+       -- No S/MIME caps defined
+   }
+
+   cea-3DES-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER des-ede3-cbc
+       PARAMS TYPE IV ARE required
+       SMIME-CAPS { IDENTIFIED BY des-ede3-cbc }
+   }
+
+   cea-RC2-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER rc2-cbc
+       PARAMS TYPE RC2CBCParameter ARE required
+       SMIME-CAPS cap-RC2CBC
+   }
+
+   kt-rsa KEY-TRANSPORT ::= {
+       IDENTIFIER rsaEncryption
+       PARAMS TYPE NULL ARE required
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS {IDENTIFIED BY rsaEncryption}
+   }
+
+   --  S/MIME Capabilities - most have no label.
+
+   cap-3DESwrap SMIME-CAPS ::= { IDENTIFIED BY id-alg-CMS3DESwrap }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1
index cd3330dc56..cd3330dc56 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1
index df5e8489ea..df5e8489ea 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1
index ef1187ba8c..ef1187ba8c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1
index 5a5d310729..5a5d310729 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1
index 10d6979f6d..10d6979f6d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1
index 91c0a865f7..91c0a865f7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1
index e3e1f95621..e3e1f95621 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1
index 9df5d2783a..9df5d2783a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1
index 37c6cac261..37c6cac261 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1
index acbb692b6f..acbb692b6f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1
index cace79d109..cace79d109 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1
index 72e791f10c..72e791f10c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1
index d8c15b7afa..d8c15b7afa 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1
index 9991a59454..9991a59454 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1
new file mode 100644
index 0000000000..17a45a0a6b
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1
@@ -0,0 +1,543 @@
+  EnrollmentMessageSyntax-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmc2002-02(53)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  EXPORTS ALL;
+  IMPORTS
+
+  AttributeSet{}, Extension{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, KEY-WRAP, KEY-DERIVATION,
+      MAC-ALGORITHM, SIGNATURE-ALGORITHM, PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  CertificateSerialNumber, GeneralName, CRLReason, ReasonFlags,
+      CertExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  Name, id-pkix, PublicKeyAlgorithms, SignatureAlgorithms
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  ContentInfo, IssuerAndSerialNumber, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41)}
+
+  CertReqMsg, PKIPublicationInfo, CertTemplate
+  FROM PKIXCRMF-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)}
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+       { iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-pkix1-algorithms2008-02(56)}
+
+  kda-PBKDF2, maca-hMAC-SHA1
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  mda-sha256
+  FROM PKIX1-PSS-OAEP-Algorithms-2009
+       { iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-pkix1-rsa-pkalgs-02(54) } ;
+
+  --  CMS Content types defined in this document
+  CMC-ContentTypes CONTENT-TYPE ::= { ct-PKIData | ct-PKIResponse, ... }
+
+  --  Signature Algorithms defined in this document
+
+  SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-noSignature }
+
+  --  CMS Unsigned Attributes
+
+  CMC-UnsignedAtts ATTRIBUTE ::= { aa-cmc-unsignedData }
+
+  --
+  --
+
+  id-cmc OBJECT IDENTIFIER ::= {id-pkix 7}   -- CMC controls
+  id-cct OBJECT IDENTIFIER ::= {id-pkix 12}  -- CMC content types
+
+  -- This is the content type for a request message in the protocol
+
+  ct-PKIData CONTENT-TYPE ::=
+      { PKIData IDENTIFIED BY id-cct-PKIData }
+  id-cct-PKIData OBJECT IDENTIFIER ::= { id-cct 2 }
+
+  PKIData ::= SEQUENCE {
+      controlSequence    SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
+      reqSequence        SEQUENCE SIZE(0..MAX) OF TaggedRequest,
+      cmsSequence        SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
+      otherMsgSequence   SEQUENCE SIZE(0..MAX) OF OtherMsg
+  }
+
+  BodyPartID ::= INTEGER(0..4294967295)
+
+  TaggedAttribute ::= SEQUENCE {
+      bodyPartID         BodyPartID,
+      attrType           CMC-CONTROL.&id({Cmc-Control-Set}),
+      attrValues         SET OF CMC-CONTROL.
+                             &Type({Cmc-Control-Set}{@attrType})
+  }
+
+  Cmc-Control-Set CMC-CONTROL ::= {
+      cmc-identityProof | cmc-dataReturn | cmc-regInfo |
+      cmc-responseInfo | cmc-queryPending | cmc-popLinkRandom |
+      cmc-popLinkWitness | cmc-identification | cmc-transactionId |
+      cmc-senderNonce | cmc-recipientNonce | cmc-statusInfo |
+      cmc-addExtensions | cmc-encryptedPOP | cmc-decryptedPOP |
+      cmc-lraPOPWitness | cmc-getCert | cmc-getCRL |
+      cmc-revokeRequest | cmc-confirmCertAcceptance |
+      cmc-statusInfoV2 | cmc-trustedAnchors | cmc-authData |
+      cmc-batchRequests | cmc-batchResponses | cmc-publishCert |
+      cmc-modCertTemplate | cmc-controlProcessed |
+      cmc-identityProofV2 | cmc-popLinkWitnessV2, ... }
+
+  OTHER-REQUEST ::= TYPE-IDENTIFIER
+
+  --  We do not define any other requests in this document;
+  --     examples might be attribute certification requests
+
+  OtherRequests OTHER-REQUEST ::= {...}
+
+  TaggedRequest ::= CHOICE {
+      tcr               [0] TaggedCertificationRequest,
+      crm               [1] CertReqMsg,
+      orm               [2] SEQUENCE {
+          bodyPartID            BodyPartID,
+          requestMessageType    OTHER-REQUEST.&id({OtherRequests}),
+          requestMessageValue   OTHER-REQUEST.&Type({OtherRequests}
+                                    {@.requestMessageType})
+      }
+  }
+
+  TaggedCertificationRequest ::= SEQUENCE {
+      bodyPartID            BodyPartID,
+      certificationRequest  CertificationRequest
+  }
+
+  AttributeList ATTRIBUTE ::= {at-extension-req, ...}
+
+  CertificationRequest ::= SEQUENCE {
+     certificationRequestInfo  SEQUENCE {
+         version                   INTEGER,
+         subject                   Name,
+         subjectPublicKeyInfo      SEQUENCE {
+             algorithm                 AlgorithmIdentifier{PUBLIC-KEY,
+                                           {PublicKeyAlgorithms}},
+             subjectPublicKey          BIT STRING
+         },
+         attributes                [0] IMPLICIT SET OF
+                                       AttributeSet{{AttributeList}}
+      },
+      signatureAlgorithm        AlgorithmIdentifier
+                                    {SIGNATURE-ALGORITHM,
+                                        {SignatureAlgorithms}},
+      signature                 BIT STRING
+  }
+
+  TaggedContentInfo ::= SEQUENCE {
+      bodyPartID              BodyPartID,
+      contentInfo             ContentInfo
+  }
+
+  OTHER-MSG ::= TYPE-IDENTIFIER
+
+  --  No other messages currently defined
+
+  OtherMsgSet OTHER-MSG ::= {...}
+
+  OtherMsg ::= SEQUENCE {
+      bodyPartID        BodyPartID,
+      otherMsgType      OTHER-MSG.&id({OtherMsgSet}),
+      otherMsgValue     OTHER-MSG.&Type({OtherMsgSet}{@otherMsgType}) }
+
+  --  This defines the response message in the protocol
+
+  ct-PKIResponse CONTENT-TYPE ::=
+      { PKIResponse IDENTIFIED BY id-cct-PKIResponse }
+  id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
+
+  ResponseBody ::= PKIResponse
+
+  PKIResponse ::= SEQUENCE {
+      controlSequence   SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
+      cmsSequence       SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
+      otherMsgSequence  SEQUENCE SIZE(0..MAX) OF OtherMsg
+  }
+
+  CMC-CONTROL ::= TYPE-IDENTIFIER
+
+  -- The following controls have the type OCTET STRING
+
+  cmc-identityProof CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-identityProof }
+  id-cmc-identityProof OBJECT IDENTIFIER ::= {id-cmc 3}
+
+  cmc-dataReturn CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-dataReturn }
+  id-cmc-dataReturn OBJECT IDENTIFIER ::= {id-cmc 4}
+
+  cmc-regInfo CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-regInfo }
+  id-cmc-regInfo OBJECT IDENTIFIER ::= {id-cmc 18}
+
+  cmc-responseInfo CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-responseInfo }
+  id-cmc-responseInfo OBJECT IDENTIFIER ::= {id-cmc 19}
+
+  cmc-queryPending CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-queryPending }
+  id-cmc-queryPending OBJECT IDENTIFIER ::= {id-cmc 21}
+
+  cmc-popLinkRandom CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-popLinkRandom }
+  id-cmc-popLinkRandom OBJECT IDENTIFIER ::= {id-cmc 22}
+
+  cmc-popLinkWitness CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-popLinkWitness }
+  id-cmc-popLinkWitness OBJECT IDENTIFIER ::= {id-cmc 23}
+
+  -- The following controls have the type UTF8String
+
+  cmc-identification CMC-CONTROL ::=
+      { UTF8String IDENTIFIED BY id-cmc-identification }
+  id-cmc-identification OBJECT IDENTIFIER ::= {id-cmc 2}
+
+  -- The following controls have the type INTEGER
+
+  cmc-transactionId CMC-CONTROL ::=
+      { INTEGER IDENTIFIED BY id-cmc-transactionId }
+  id-cmc-transactionId OBJECT IDENTIFIER ::= {id-cmc 5}
+
+  -- The following controls have the type OCTET STRING
+
+  cmc-senderNonce CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-senderNonce }
+
+  id-cmc-senderNonce OBJECT IDENTIFIER ::= {id-cmc 6}
+
+  cmc-recipientNonce CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-recipientNonce }
+  id-cmc-recipientNonce OBJECT IDENTIFIER ::= {id-cmc 7}
+
+  -- Used to return status in a response
+
+  cmc-statusInfo CMC-CONTROL ::=
+      { CMCStatusInfo IDENTIFIED BY id-cmc-statusInfo }
+  id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
+
+  CMCStatusInfo ::= SEQUENCE {
+      cMCStatus       CMCStatus,
+      bodyList        SEQUENCE SIZE (1..MAX) OF BodyPartID,
+      statusString    UTF8String OPTIONAL,
+      otherInfo       CHOICE {
+         failInfo         CMCFailInfo,
+         pendInfo         PendInfo
+      } OPTIONAL
+  }
+
+  PendInfo ::= SEQUENCE {
+      pendToken        OCTET STRING,
+      pendTime         GeneralizedTime
+  }
+
+  CMCStatus ::= INTEGER {
+      success         (0),
+      failed          (2),
+      pending         (3),
+      noSupport       (4),
+      confirmRequired (5),
+      popRequired     (6),
+      partial         (7)
+  }
+
+  -- Note:
+  -- The spelling of unsupportedExt is corrected in this version.
+  -- In RFC 2797, it was unsuportedExt.
+
+  CMCFailInfo ::= INTEGER {
+      badAlg          (0),
+      badMessageCheck (1),
+      badRequest      (2),
+      badTime         (3),
+      badCertId       (4),
+      unsuportedExt   (5),
+      mustArchiveKeys (6),
+      badIdentity     (7),
+      popRequired     (8),
+      popFailed       (9),
+      noKeyReuse      (10),
+      internalCAError (11),
+      tryLater        (12),
+      authDataFail    (13)
+  }
+
+  -- Used for RAs to add extensions to certification requests
+
+  cmc-addExtensions CMC-CONTROL ::=
+      { AddExtensions IDENTIFIED BY id-cmc-addExtensions }
+  id-cmc-addExtensions OBJECT IDENTIFIER ::= {id-cmc 8}
+
+  AddExtensions ::= SEQUENCE {
+      pkiDataReference    BodyPartID,
+      certReferences      SEQUENCE OF BodyPartID,
+      extensions          SEQUENCE OF Extension{{CertExtensions}}
+  }
+
+  cmc-encryptedPOP CMC-CONTROL ::=
+      { EncryptedPOP IDENTIFIED BY id-cmc-encryptedPOP }
+  cmc-decryptedPOP CMC-CONTROL ::=
+      { DecryptedPOP IDENTIFIED BY id-cmc-decryptedPOP }
+  id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
+  id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
+
+  EncryptedPOP ::= SEQUENCE {
+      request       TaggedRequest,
+      cms             ContentInfo,
+      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witnessAlgID    AlgorithmIdentifier{DIGEST-ALGORITHM,
+                          {WitnessAlgs}},
+      witness         OCTET STRING
+  }
+
+  POPAlgs MAC-ALGORITHM ::= {maca-hMAC-SHA1, ...}
+  WitnessAlgs DIGEST-ALGORITHM ::= {mda-sha1, ...}
+
+  DecryptedPOP ::= SEQUENCE {
+      bodyPartID      BodyPartID,
+      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      thePOP          OCTET STRING
+  }
+
+  cmc-lraPOPWitness CMC-CONTROL ::=
+      { LraPopWitness IDENTIFIED BY id-cmc-lraPOPWitness }
+
+  id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
+
+  LraPopWitness ::= SEQUENCE {
+      pkiDataBodyid   BodyPartID,
+      bodyIds         SEQUENCE OF BodyPartID
+  }
+
+  --
+
+  cmc-getCert CMC-CONTROL ::=
+      { GetCert IDENTIFIED BY id-cmc-getCert }
+  id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
+
+  GetCert ::= SEQUENCE {
+      issuerName      GeneralName,
+      serialNumber    INTEGER }
+
+  cmc-getCRL CMC-CONTROL ::=
+      { GetCRL IDENTIFIED BY id-cmc-getCRL }
+  id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
+  GetCRL ::= SEQUENCE {
+      issuerName    Name,
+      cRLName       GeneralName OPTIONAL,
+      time          GeneralizedTime OPTIONAL,
+      reasons       ReasonFlags OPTIONAL }
+
+  cmc-revokeRequest CMC-CONTROL ::=
+      { RevokeRequest IDENTIFIED BY id-cmc-revokeRequest}
+  id-cmc-revokeRequest OBJECT IDENTIFIER ::= {id-cmc 17}
+
+  RevokeRequest ::= SEQUENCE {
+      issuerName            Name,
+      serialNumber          INTEGER,
+      reason                CRLReason,
+      invalidityDate         GeneralizedTime OPTIONAL,
+      passphrase            OCTET STRING OPTIONAL,
+      comment               UTF8String OPTIONAL }
+
+  cmc-confirmCertAcceptance CMC-CONTROL ::=
+      { CMCCertId IDENTIFIED BY id-cmc-confirmCertAcceptance }
+  id-cmc-confirmCertAcceptance OBJECT IDENTIFIER ::= {id-cmc 24}
+
+  CMCCertId ::= IssuerAndSerialNumber
+
+  -- The following is used to request v3 extensions be added
+  --     to a certificate
+
+  at-extension-req ATTRIBUTE ::=
+      { TYPE ExtensionReq IDENTIFIED BY id-ExtensionReq }
+  id-ExtensionReq OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) 14}
+
+  ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF
+      Extension{{CertExtensions}}
+
+  -- The following allows Diffie-Hellman Certification Request
+  --     Messages to be well-formed
+
+  sa-noSignature SIGNATURE-ALGORITHM ::= {
+      IDENTIFIER id-alg-noSignature
+      VALUE NoSignatureValue
+      PARAMS TYPE NULL ARE required
+      HASHES { mda-sha1 }
+  }
+  id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}
+
+  NoSignatureValue ::= OCTET STRING
+  --  Unauthenticated attribute to carry removable data.
+
+  id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2)}
+
+  aa-cmc-unsignedData ATTRIBUTE ::=
+      { TYPE CMCUnsignedData IDENTIFIED BY id-aa-cmc-unsignedData }
+  id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
+
+  CMCUnsignedData ::= SEQUENCE {
+      bodyPartPath        BodyPartPath,
+      identifier          TYPE-IDENTIFIER.&id,
+      content             TYPE-IDENTIFIER.&Type
+  }
+
+  --  Replaces CMC Status Info
+  --
+
+  cmc-statusInfoV2 CMC-CONTROL ::=
+      { CMCStatusInfoV2 IDENTIFIED BY id-cmc-statusInfoV2 }
+  id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
+
+  EXTENDED-FAILURE-INFO ::= TYPE-IDENTIFIER
+
+  ExtendedFailures EXTENDED-FAILURE-INFO ::= {...}
+
+  CMCStatusInfoV2 ::= SEQUENCE {
+     cMCStatus             CMCStatus,
+     bodyList              SEQUENCE SIZE (1..MAX) OF
+                                    BodyPartReference,
+     statusString          UTF8String OPTIONAL,
+     otherInfo             CHOICE {
+         failInfo               CMCFailInfo,
+         pendInfo               PendInfo,
+         extendedFailInfo       [1] SEQUENCE {
+            failInfoOID            TYPE-IDENTIFIER.&id
+                                       ({ExtendedFailures}),
+            failInfoValue          TYPE-IDENTIFIER.&Type
+                                       ({ExtendedFailures}
+                                           {@.failInfoOID})
+         }
+      } OPTIONAL
+  }
+
+  BodyPartReference ::= CHOICE {
+     bodyPartID           BodyPartID,
+     bodyPartPath         BodyPartPath
+  }
+
+  BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
+
+  --  Allow for distribution of trust anchors
+  --
+
+  cmc-trustedAnchors CMC-CONTROL ::=
+      { PublishTrustAnchors IDENTIFIED BY id-cmc-trustedAnchors }
+  id-cmc-trustedAnchors OBJECT IDENTIFIER ::= {id-cmc 26}
+
+  PublishTrustAnchors ::= SEQUENCE {
+      seqNumber      INTEGER,
+      hashAlgorithm  AlgorithmIdentifier{DIGEST-ALGORITHM,
+                         {HashAlgorithms}},
+      anchorHashes   SEQUENCE OF OCTET STRING
+  }
+
+  HashAlgorithms DIGEST-ALGORITHM ::= {
+     mda-sha1 | mda-sha256, ...
+  }
+
+  cmc-authData CMC-CONTROL ::=
+      { AuthPublish IDENTIFIED BY id-cmc-authData }
+  id-cmc-authData OBJECT IDENTIFIER ::= {id-cmc 27}
+
+  AuthPublish ::= BodyPartID
+
+  --   These two items use BodyPartList
+
+  cmc-batchRequests CMC-CONTROL ::=
+      { BodyPartList IDENTIFIED BY id-cmc-batchRequests }
+  id-cmc-batchRequests OBJECT IDENTIFIER ::= {id-cmc 28}
+
+  cmc-batchResponses CMC-CONTROL ::=
+      { BodyPartList IDENTIFIED BY id-cmc-batchResponses }
+  id-cmc-batchResponses OBJECT IDENTIFIER ::= {id-cmc 29}
+
+  BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
+
+  cmc-publishCert CMC-CONTROL ::=
+      { CMCPublicationInfo IDENTIFIED BY id-cmc-publishCert }
+  id-cmc-publishCert OBJECT IDENTIFIER ::= {id-cmc 30}
+
+  CMCPublicationInfo ::= SEQUENCE {
+      hashAlg        AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {HashAlgorithms}},
+      certHashes     SEQUENCE OF OCTET STRING,
+      pubInfo        PKIPublicationInfo
+  }
+
+  cmc-modCertTemplate CMC-CONTROL ::=
+      { ModCertTemplate IDENTIFIED BY id-cmc-modCertTemplate }
+  id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
+
+  ModCertTemplate ::= SEQUENCE {
+      pkiDataReference             BodyPartPath,
+      certReferences               BodyPartList,
+      replace                      BOOLEAN DEFAULT TRUE,
+      certTemplate                 CertTemplate
+  }
+
+  -- Inform follow-on servers that one or more controls have
+  --     already been processed
+
+  cmc-controlProcessed CMC-CONTROL ::=
+      { ControlsProcessed IDENTIFIED BY id-cmc-controlProcessed }
+  id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
+
+  ControlsProcessed ::= SEQUENCE {
+      bodyList              SEQUENCE SIZE(1..MAX) OF BodyPartReference
+  }
+
+  --  Identity Proof control w/ algorithm agility
+
+  cmc-identityProofV2 CMC-CONTROL ::=
+      { IdentityProofV2 IDENTIFIED BY id-cmc-identityProofV2 }
+  id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
+
+  IdentityProofV2 ::= SEQUENCE {
+      proofAlgID       AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {WitnessAlgs}},
+      macAlgId         AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witness          OCTET STRING
+  }
+
+  cmc-popLinkWitnessV2 CMC-CONTROL ::=
+      { PopLinkWitnessV2 IDENTIFIED BY id-cmc-popLinkWitnessV2 }
+  id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
+
+  PopLinkWitnessV2 ::= SEQUENCE {
+      keyGenAlgorithm   AlgorithmIdentifier{KEY-DERIVATION,
+                            {KeyDevAlgs}},
+      macAlgorithm      AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witness           OCTET STRING
+  }
+
+  KeyDevAlgs KEY-DERIVATION ::= {kda-PBKDF2, ...}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1
index 9a7d4936a6..9a7d4936a6 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1
index 9b6a426ca2..9b6a426ca2 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1
index c59451dcdb..c59451dcdb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1
index 60acbb3b5c..60acbb3b5c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1
index 84c1ee9851..84c1ee9851 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1
index 28daa467e1..28daa467e1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1
index 336b824174..336b824174 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1
index db2725c37d..db2725c37d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1
index 4e0084b079..4e0084b079 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1
index 3fec8ae64a..3fec8ae64a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1
index 8c0c8138e2..8c0c8138e2 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1
index 9805a6189d..9805a6189d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1
index b39e03c3b6..b39e03c3b6 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1
index 171f4b4223..171f4b4223 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1
index 59de6d1b04..59de6d1b04 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1
index 57faac6587..57faac6587 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1
index 4e46c7679b..4e46c7679b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1
index 09ef4de282..09ef4de282 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1
index 752e8d05e1..752e8d05e1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1
index 3fb0463ee7..3fb0463ee7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1
index 719bca4987..719bca4987 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1
index 6e5c01ab40..6e5c01ab40 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1
index 2b46b27b3e..2b46b27b3e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1
index 8c692ccb31..8c692ccb31 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1
index 27324f614f..27324f614f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1
index b7efd7417e..b7efd7417e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1
index a57a276704..a57a276704 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1
index 0149602040..0149602040 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1
index bd1d8d3c48..bd1d8d3c48 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1
index 813ac9c6a0..813ac9c6a0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1
index 2c78360b7b..2c78360b7b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1
index 92c887bb06..92c887bb06 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1
index 64fc4436e4..64fc4436e4 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1
index 5de6491621..5de6491621 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1
index fab36bf12a..fab36bf12a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1
index 187c3c8ad4..187c3c8ad4 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1
index 40f53b9458..40f53b9458 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1
index 052b3b2041..052b3b2041 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1
index b69d72b3ed..b69d72b3ed 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1
index 99d34b2883..99d34b2883 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1
index eceae4ab44..eceae4ab44 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1
index 37c894da86..37c894da86 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1
index df194f838c..df194f838c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1
index 6494fbd3ef..6494fbd3ef 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1
index 38035c77ae..38035c77ae 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1
index 68a5118bc8..68a5118bc8 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1
index f66d117f35..f66d117f35 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1
index 03181c5951..03181c5951 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1
index 1615b241ee..1615b241ee 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1
index 10eac962cb..10eac962cb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1
index 96dfc39b6a..96dfc39b6a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
new file mode 100644
index 0000000000..db500fe9a1
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
@@ -0,0 +1,183 @@
+  OCSP-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  AuthorityInfoAccessSyntax, GeneralName, CrlEntryExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  Name, CertificateSerialNumber, id-kp, id-ad-ocsp, Certificate
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  sa-dsaWithSHA1, sa-rsaWithMD2, sa-rsaWithMD5, sa-rsaWithSHA1
+  FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56)};
+
+  OCSPRequest     ::=     SEQUENCE {
+      tbsRequest                  TBSRequest,
+      optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+
+  TBSRequest      ::=     SEQUENCE {
+      version             [0] EXPLICIT Version DEFAULT v1,
+      requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+      requestList             SEQUENCE OF Request,
+      requestExtensions   [2] EXPLICIT Extensions {{re-ocsp-nonce |
+                                  re-ocsp-response, ...}} OPTIONAL }
+
+  Signature       ::=     SEQUENCE {
+      signatureAlgorithm   AlgorithmIdentifier
+                               { SIGNATURE-ALGORITHM, {...}},
+      signature            BIT STRING,
+      certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  Version  ::=  INTEGER  {  v1(0) }
+
+  Request ::=     SEQUENCE {
+      reqCert                    CertID,
+      singleRequestExtensions    [0] EXPLICIT Extensions
+                                         { {re-ocsp-service-locator,
+                                                ...}} OPTIONAL }
+
+  CertID ::= SEQUENCE {
+      hashAlgorithm            AlgorithmIdentifier
+                                   {DIGEST-ALGORITHM, {...}},
+      issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+      issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key
+      serialNumber       CertificateSerialNumber }
+
+  OCSPResponse ::= SEQUENCE {
+     responseStatus         OCSPResponseStatus,
+     responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+
+  OCSPResponseStatus ::= ENUMERATED {
+      successful            (0), --Response has valid confirmations
+      malformedRequest      (1), --Illegal confirmation request
+      internalError         (2), --Internal error in issuer
+      tryLater              (3), --Try again later
+                                 -- (4) is not used
+      sigRequired           (5), --Must sign the request
+      unauthorized          (6)  --Request unauthorized
+  }
+
+  RESPONSE ::= TYPE-IDENTIFIER
+
+  ResponseSet RESPONSE ::= {basicResponse, ...}
+
+  ResponseBytes ::=       SEQUENCE {
+      responseType        RESPONSE.
+                              &id ({ResponseSet}),
+      response            OCTET STRING (CONTAINING RESPONSE.
+                              &Type({ResponseSet}{@responseType}))}
+
+  basicResponse RESPONSE ::=
+      { BasicOCSPResponse IDENTIFIED BY id-pkix-ocsp-basic }
+
+  BasicOCSPResponse       ::= SEQUENCE {
+     tbsResponseData      ResponseData,
+     signatureAlgorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                              {sa-dsaWithSHA1 | sa-rsaWithSHA1 |
+                                   sa-rsaWithMD5 | sa-rsaWithMD2, ...}},
+     signature            BIT STRING,
+     certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  ResponseData ::= SEQUENCE {
+     version              [0] EXPLICIT Version DEFAULT v1,
+     responderID              ResponderID,
+     producedAt               GeneralizedTime,
+     responses                SEQUENCE OF SingleResponse,
+     responseExtensions   [1] EXPLICIT Extensions
+                                  {{re-ocsp-nonce, ...}} OPTIONAL }
+
+  ResponderID ::= CHOICE {
+     byName   [1] Name,
+     byKey    [2] KeyHash }
+
+  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+                           -- (excluding the tag and length fields)
+
+  SingleResponse ::= SEQUENCE {
+     certID                       CertID,
+     certStatus                   CertStatus,
+     thisUpdate                   GeneralizedTime,
+     nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+     singleExtensions     [1]     EXPLICIT Extensions{{re-ocsp-crl |
+                                               re-ocsp-archive-cutoff |
+                                                CrlEntryExtensions, ...}
+                                               } OPTIONAL }
+
+  CertStatus ::= CHOICE {
+      good                [0]     IMPLICIT NULL,
+      revoked             [1]     IMPLICIT RevokedInfo,
+      unknown             [2]     IMPLICIT UnknownInfo }
+
+  RevokedInfo ::= SEQUENCE {
+      revocationTime              GeneralizedTime,
+      revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+
+  UnknownInfo ::= NULL
+
+  CRLReason ::= INTEGER
+
+  ArchiveCutoff ::= GeneralizedTime
+
+  AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})
+
+  ServiceLocator ::= SEQUENCE {
+      issuer    Name,
+      locator   AuthorityInfoAccessSyntax }
+
+  CrlID ::= SEQUENCE {
+      crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+      crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+      crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+
+  --  Request Extensions
+
+  re-ocsp-nonce EXTENSION ::= { SYNTAX OCTET STRING IDENTIFIED
+                                    BY id-pkix-ocsp-nonce }
+  re-ocsp-response EXTENSION ::= { SYNTAX AcceptableResponses IDENTIFIED
+                                       BY id-pkix-ocsp-response }
+  re-ocsp-service-locator EXTENSION ::= { SYNTAX ServiceLocator
+                                          IDENTIFIED BY
+                                          id-pkix-ocsp-service-locator }
+
+  --  Response Extensions
+
+  re-ocsp-crl EXTENSION ::= { SYNTAX CrlID IDENTIFIED BY
+                                  id-pkix-ocsp-crl }
+  re-ocsp-archive-cutoff EXTENSION ::= { SYNTAX ArchiveCutoff
+                                         IDENTIFIED BY
+                                         id-pkix-ocsp-archive-cutoff }
+
+  -- Object Identifiers
+
+  id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+  id-pkix-ocsp                 OBJECT IDENTIFIER ::= id-ad-ocsp
+  id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+  id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+  id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+  id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+  id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+  id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+  id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1
index ac449b59c7..ab555200bb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1
@@ -3,7 +3,7 @@
 -- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7.
 -- Extensions to PKCS#7 defined in RFC 2630 are included.
 -- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive.
-PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
+OLD-PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
   module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT
 TAGS ::=
 BEGIN
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1
index b4f91f50c5..b4f91f50c5 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1
index 2044feb155..2044feb155 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1
new file mode 100644
index 0000000000..a5fd0fefb9
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1
@@ -0,0 +1,56 @@
+  PKCS-10
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+        mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  ATTRIBUTE, Name
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)};
+
+  -- Certificate requests
+  CertificationRequestInfo ::= SEQUENCE {
+      version       INTEGER { v1(0) } (v1, ... ),
+      subject       Name,
+      subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+      attributes    [0] Attributes{{ CRIAttributes }}
+  }
+
+  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
+      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
+      subjectPublicKey BIT STRING
+  }
+
+  PKInfoAlgorithms PUBLIC-KEY ::= {
+      ... -- add any locally defined algorithms here -- }
+
+  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
+
+  CRIAttributes  ATTRIBUTE  ::= {
+      ... -- add any locally defined attributes here -- }
+
+  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
+      type   ATTRIBUTE.&id({IOSet}),
+      values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+  }
+
+  CertificationRequest ::= SEQUENCE {
+      certificationRequestInfo  CertificationRequestInfo,
+      signatureAlgorithm        AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                    { SignatureAlgorithms }},
+      signature                 BIT STRING
+  }
+
+  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+      ... -- add any locally defined algorithms here -- }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1
new file mode 100644
index 0000000000..5b37a552f9
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1
@@ -0,0 +1,174 @@
+PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+                 pkcs-12(12) modules(0)  pkcs-12(1)}
+
+-- $Revision$
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL
+-- All types and values defined in this module is exported for use in
+-- other ASN.1 modules.
+
+IMPORTS
+
+informationFramework
+        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+        usefulDefinitions(0) 3}
+
+ATTRIBUTE
+	FROM InformationFramework informationFramework
+
+ContentInfo, DigestInfo
+	FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}
+
+PrivateKeyInfo, EncryptedPrivateKeyInfo
+	FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
+
+pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
+	FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)};
+
+-- Object identifiers
+
+rsadsi	OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
+pkcs    OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
+pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12}
+pkcs-12PbeIds                  	OBJECT IDENTIFIER ::= {pkcs-12 1}
+pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
+pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
+pbeWithSHAAnd3-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
+pbeWithSHAAnd2-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
+pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
+pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}
+
+bagtypes			OBJECT IDENTIFIER ::= {pkcs-12 10 1}
+
+-- The PFX PDU
+
+PFX ::= SEQUENCE {
+	version		INTEGER {v3(3)}(v3,...),
+	authSafe	ContentInfo,
+	macData    	MacData OPTIONAL
+}
+
+MacData ::= SEQUENCE {
+	mac 		DigestInfo,
+	macSalt	        OCTET STRING,
+	iterations	INTEGER DEFAULT 1
+-- Note: The default is for historical reasons and its use is
+-- deprecated. A higher value, like 1024 is recommended.
+}
+
+AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+	-- Data if unencrypted
+	-- EncryptedData if password-encrypted
+	-- EnvelopedData if public key-encrypted
+
+SafeContents ::= SEQUENCE OF SafeBag
+
+SafeBag ::= SEQUENCE {
+	bagId	      	BAG-TYPE.&id ({PKCS12BagSet}),
+	bagValue      	[0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
+	bagAttributes 	SET OF PKCS12Attribute OPTIONAL
+}
+
+-- Bag types
+
+keyBag 	  BAG-TYPE ::=
+	{KeyBag IDENTIFIED BY {bagtypes 1}}
+pkcs8ShroudedKeyBag BAG-TYPE ::=
+	{PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
+certBag BAG-TYPE ::=
+	{CertBag IDENTIFIED BY {bagtypes 3}}
+crlBag BAG-TYPE ::=
+	{CRLBag IDENTIFIED BY {bagtypes 4}}
+secretBag BAG-TYPE ::=
+	{SecretBag IDENTIFIED BY {bagtypes 5}}
+safeContentsBag BAG-TYPE ::=
+	{SafeContents IDENTIFIED BY {bagtypes 6}}
+
+PKCS12BagSet BAG-TYPE ::= {
+	keyBag |
+	pkcs8ShroudedKeyBag |
+	certBag |
+	crlBag |
+	secretBag |
+	safeContentsBag,
+	... -- For future extensions
+}
+
+BAG-TYPE ::= TYPE-IDENTIFIER
+
+-- KeyBag
+
+KeyBag ::= PrivateKeyInfo
+
+-- Shrouded KeyBag
+
+PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
+
+-- CertBag
+
+CertBag ::= SEQUENCE {
+	certId    BAG-TYPE.&id   ({CertTypes}),
+	certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
+}
+
+x509Certificate BAG-TYPE ::=
+	{OCTET STRING IDENTIFIED BY {certTypes 1}}
+	-- DER-encoded X.509 certificate stored in OCTET STRING
+sdsiCertificate BAG-TYPE ::=
+	{IA5String IDENTIFIED BY {certTypes 2}}
+	-- Base64-encoded SDSI certificate stored in IA5String
+
+CertTypes BAG-TYPE ::= {
+	x509Certificate |
+	sdsiCertificate,
+	... -- For future extensions
+}
+
+-- CRLBag
+
+CRLBag ::= SEQUENCE {
+	crlId     	BAG-TYPE.&id ({CRLTypes}),
+	crlValue 	[0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
+}
+
+x509CRL BAG-TYPE ::=
+	{OCTET STRING IDENTIFIED BY {crlTypes 1}}
+	-- DER-encoded X.509 CRL stored in OCTET STRING
+
+CRLTypes BAG-TYPE ::= {
+	x509CRL,
+	... -- For future extensions
+}
+
+-- Secret Bag
+
+SecretBag ::= SEQUENCE {
+	secretTypeId BAG-TYPE.&id ({SecretTypes}),
+	secretValue  [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})
+}
+
+SecretTypes BAG-TYPE ::= {
+	... -- For future extensions
+}
+
+-- Attributes
+
+PKCS12Attribute ::= SEQUENCE {
+	attrId	   	ATTRIBUTE.&id ({PKCS12AttrSet}),
+	attrValues 	SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
+} -- This type is compatible with the X.500 type 'Attribute'
+
+PKCS12AttrSet ATTRIBUTE ::= {
+	friendlyName |
+	localKeyId,
+	... -- Other attributes are allowed
+}
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1
new file mode 100644
index 0000000000..91b0dc36bf
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1
@@ -0,0 +1,202 @@
+-- PKCS #5 v2.1 ASN.1 Module
+-- Revised October 27, 2012
+
+-- This module has been checked for conformance with the
+-- ASN.1 standard by the OSS ASN.1 Tools
+
+PKCS-5 {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16)
+	pkcs5v2-1(2)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- ============================
+--   Basic object identifiers
+-- ============================
+
+nistAlgorithms OBJECT IDENTIFIER ::=
+  {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4}
+oiw    OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14}
+rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
+pkcs   OBJECT IDENTIFIER ::= {rsadsi 1}
+pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
+
+
+-- ============================
+-- Basic types and classes
+-- ============================
+
+AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
+  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
+  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
+
+
+-- ============================
+-- PBKDF2
+-- ============================
+
+PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+  { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+  {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+
+PBKDF2-params ::= SEQUENCE {
+  salt CHOICE {
+    specified OCTET STRING,
+    otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+  },
+  iterationCount INTEGER (1..MAX),
+  keyLength INTEGER (1..MAX) OPTIONAL,
+  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+}
+
+PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+
+PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+  {NULL IDENTIFIED BY id-hmacWithSHA1}       |
+  {NULL IDENTIFIED BY id-hmacWithSHA224}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA256}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA384}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA512}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA512-224} |
+  {NULL IDENTIFIED BY id-hmacWithSHA512-256},
+   ...
+}
+
+
+-- ============================
+ -- PBES1
+-- ============================
+
+PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
+  {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
+   ...
+}
+
+pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
+pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
+pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
+pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
+pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
+pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}
+
+PBEParameter ::= SEQUENCE {
+  salt OCTET STRING (SIZE(8)),
+  iterationCount INTEGER
+}
+
+
+-- ============================
+-- PBES2
+-- ============================
+
+PBES2Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBES2-params IDENTIFIED BY id-PBES2},
+   ...
+}
+
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+  encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
+}
+
+PBES2-KDFs ALGORITHM-IDENTIFIER ::= {
+  {PBKDF2-params IDENTIFIED BY id-PBKDF2},
+   ...
+}
+
+PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+
+
+-- ============================
+-- PBMAC1
+-- ============================
+
+PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBMAC1-params IDENTIFIED BY id-PBMAC1},
+   ...
+}
+
+id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}
+
+PBMAC1-params ::=  SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
+  messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
+}
+
+PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= {
+  {PBKDF2-params IDENTIFIED BY id-PBKDF2},
+   ...
+}
+
+PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }
+
+-- ============================
+-- Supporting techniques
+-- ============================
+
+digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2}
+encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
+
+SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
+  {NULL                    IDENTIFIED BY id-hmacWithSHA1} |
+  {OCTET STRING (SIZE(8))  IDENTIFIED BY desCBC}          |
+  {OCTET STRING (SIZE(8))  IDENTIFIED BY des-EDE3-CBC}    |
+  {RC2-CBC-Parameter       IDENTIFIED BY rc2CBC}          |
+  {RC5-CBC-Parameters      IDENTIFIED BY rc5-CBC-PAD}     |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD}  |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD}  |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD},
+   ...
+}
+
+id-hmacWithSHA1       OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+id-hmacWithSHA224     OBJECT IDENTIFIER ::= {digestAlgorithm 8}
+id-hmacWithSHA256     OBJECT IDENTIFIER ::= {digestAlgorithm 9}
+id-hmacWithSHA384     OBJECT IDENTIFIER ::= {digestAlgorithm 10}
+id-hmacWithSHA512     OBJECT IDENTIFIER ::= {digestAlgorithm 11}
+id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12}
+id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13}
+
+-- from OIW
+desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7}
+
+des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
+
+rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}
+
+RC2-CBC-Parameter ::= SEQUENCE {
+  rc2ParameterVersion INTEGER OPTIONAL,
+  iv OCTET STRING (SIZE(8))
+}
+
+rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}
+
+RC5-CBC-Parameters ::= SEQUENCE {
+  version INTEGER {v1-0(16)} (v1-0),
+  rounds INTEGER (8..127),
+  blockSizeInBits INTEGER (64 | 128),
+  iv OCTET STRING OPTIONAL
+}
+
+aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }
+aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 }
+aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 }
+aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 }
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1
new file mode 100644
index 0000000000..4cea8db240
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1
@@ -0,0 +1,326 @@
+PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)
+        modules(0) pkcs-7(1)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+--
+-- 3. Definitions
+--
+
+-- EXPORTS All;
+
+IMPORTS
+
+informationFramework, authenticationFramework
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+                            usefulDefinitions(0) 3}
+
+  Name, ATTRIBUTE
+    FROM InformationFramework informationFramework
+
+  ALGORITHM, Certificate, CertificateSerialNumber,
+    CertificateList
+    FROM AuthenticationFramework authenticationFramework
+
+  contentType, messageDigest, signingTime, counterSignature
+    FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+                 pkcs-9(9) modules(0) pkcs-9(1)};
+--
+-- 6. Useful types
+--
+
+-- Also defined in X.509
+-- Redeclared here as a parameterized type
+AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE {
+   algorithm   ALGORITHM.&id({IOSet}),
+   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
+}
+
+-- Also defined in X.501
+-- Redeclared here as a parameterized type
+Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
+  type    ATTRIBUTE.&id({IOSet}),
+  values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+}
+
+CertificateRevocationLists ::=
+  SET OF CertificateList
+
+Certificates ::=
+  SEQUENCE OF Certificate
+
+CRLSequence ::=
+  SEQUENCE OF CertificateList
+
+ContentEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{ContentEncryptionAlgorithms}}
+
+ContentEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+DigestAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{DigestAlgorithms}}
+
+DigestAlgorithms ALGORITHM ::= {
+   ...  -- add any application-specific algorithms here
+}
+
+DigestEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{DigestEncryptionAlgorithms}}
+
+DigestEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+  certificate          Certificate,                      -- X.509
+  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6
+}
+
+ExtendedCertificate ::= Certificate -- cheating
+
+ExtendedCertificatesAndCertificates ::=
+  SET OF ExtendedCertificateOrCertificate
+
+IssuerAndSerialNumber ::= SEQUENCE {
+  issuer        Name,
+  serialNumber  CertificateSerialNumber
+}
+
+KeyEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{KeyEncryptionAlgorithms}}
+
+KeyEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+--
+-- 7. General syntax
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType  ContentType,
+  content      [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
+OPTIONAL
+}
+
+CONTENTS ::= TYPE-IDENTIFIER
+
+Contents CONTENTS ::= {
+  {Data                    IDENTIFIED BY data}                   |
+  {SignedData              IDENTIFIED BY signedData}             |
+  {EnvelopedData           IDENTIFIED BY envelopedData}          |
+  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} |
+  {DigestedData            IDENTIFIED BY digestedData}           |
+  {EncryptedData           IDENTIFIED BY encryptedData},
+  ...  -- add any application-specific types/contents here
+}
+
+ContentType ::= CONTENTS.&id({Contents})
+
+--
+-- 8. Data content type
+--
+
+Data ::= OCTET STRING
+
+--
+-- 9. Signed-data content type
+--
+
+SignedData ::= SEQUENCE {
+  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  contentInfo     ContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (sdVer1),
+     digestAlgorithms   (WITH COMPONENTS { ..., daSet PRESENT }),
+     certificates       (WITH COMPONENTS { ..., certSequence ABSENT }),
+     crls               (WITH COMPONENTS { ..., crlSequence ABSENT }),
+     signerInfos        (WITH COMPONENTS { ..., siSet PRESENT })
+   } |
+   WITH COMPONENTS { ..., version (sdVer2),
+      digestAlgorithms  (WITH COMPONENTS { ..., daSequence PRESENT }),
+      certificates      (WITH COMPONENTS { ..., certSet ABSENT }),
+      crls              (WITH COMPONENTS { ..., crlSet ABSENT }),
+      signerInfos       (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+SignerInfos ::= CHOICE {
+    siSet         SET OF SignerInfo,
+    siSequence    SEQUENCE OF SignerInfo
+}
+
+DigestAlgorithmIdentifiers ::= CHOICE {
+  daSet           SET OF DigestAlgorithmIdentifier,
+  daSequence      SEQUENCE OF DigestAlgorithmIdentifier
+}
+
+SignerInfo ::= SEQUENCE {
+  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  authenticatedAttributes CHOICE {
+    aaSet         [0] IMPLICIT SET OF Attribute {{Authenticated}},
+    aaSequence    [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}}
+    -- Explicit because easier to compute digest on sequence of attributes and then reuse
+    -- encoded sequence in aaSequence.
+  } OPTIONAL,
+  digestEncryptionAlgorithm
+                  DigestEncryptionAlgorithmIdentifier,
+  encryptedDigest EncryptedDigest,
+  unauthenticatedAttributes CHOICE {
+    uaSet         [1] IMPLICIT SET OF Attribute {{Unauthenticated}},
+    uaSequence    [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}}
+  } OPTIONAL
+} (WITH COMPONENTS { ..., version (siVer1),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSequence ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSequence ABSENT })
+} | WITH COMPONENTS { ..., version (siVer2),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSet ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSet ABSENT })
+})
+
+Authenticated ATTRIBUTE ::= {
+  contentType |
+  messageDigest,
+  ...,  -- add application-specific attributes here
+  signingTime
+}
+
+Unauthenticated ATTRIBUTE ::= {
+  ...,  -- add application-specific attributes here
+  counterSignature
+}
+
+EncryptedDigest ::= OCTET STRING
+
+DigestInfo ::= SEQUENCE {
+  digestAlgorithm DigestAlgorithmIdentifier,
+  digest          Digest
+}
+
+Digest ::= OCTET STRING
+
+--
+-- 10. Enveloped-data content type
+--
+
+EnvelopedData ::= SEQUENCE {
+  version         INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
+  recipientInfos  RecipientInfos,
+  encryptedContentInfo
+                  EncryptedContentInfo
+} (WITH COMPONENTS { ..., version (edVer0),
+    recipientInfos      (WITH COMPONENTS { ..., riSet PRESENT })
+} | WITH COMPONENTS { ..., version (edVer1),
+    recipientInfos      (WITH COMPONENTS { ..., riSequence PRESENT })
+})
+
+RecipientInfos ::= CHOICE {
+  riSet           SET OF RecipientInfo,
+  riSequence      SEQUENCE OF RecipientInfo
+}
+
+EncryptedContentInfo ::= SEQUENCE {
+  contentType     ContentType,
+  contentEncryptionAlgorithm
+                  ContentEncryptionAlgorithmIdentifier,
+  encryptedContent
+                  [0] IMPLICIT EncryptedContent OPTIONAL
+}
+
+EncryptedContent ::= OCTET STRING
+
+RecipientInfo ::= SEQUENCE {
+  version         INTEGER {riVer0(0)} (riVer0),
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  keyEncryptionAlgorithm
+                  KeyEncryptionAlgorithmIdentifier,
+  encryptedKey    EncryptedKey
+}
+
+EncryptedKey ::= OCTET STRING
+
+--
+-- 11. Signed-and-enveloped-data content type
+--
+
+SignedAndEnvelopedData ::= SEQUENCE {
+  version         INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
+  recipientInfos  RecipientInfos,
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  encryptedContentInfo
+                  EncryptedContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (seVer1),
+    recipientInfos   (WITH COMPONENTS { ..., riSet PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSequence ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSequence ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSet PRESENT })
+} |
+  WITH COMPONENTS { ..., version (seVer2),
+    recipientInfos   (WITH COMPONENTS { ..., riSequence PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSet ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSet ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+--
+-- 12. Digested-data content type
+--
+
+DigestedData ::= SEQUENCE {
+  version         INTEGER {ddVer0(0)} (ddVer0),
+  digestAlgorithm DigestAlgorithmIdentifier,
+  contentInfo     ContentInfo,
+  digest          Digest
+}
+
+--
+-- 13. Encrypted-data content type
+--
+
+EncryptedData ::= SEQUENCE {
+  version		INTEGER {edVer0(0)} (edVer0),
+  encryptedContentInfo  EncryptedContentInfo
+}
+
+--
+-- 14. Object Identifiers
+--
+
+pkcs-7                  OBJECT IDENTIFIER ::=
+  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
+data                    OBJECT IDENTIFIER ::= { pkcs-7 1 }
+signedData              OBJECT IDENTIFIER ::= { pkcs-7 2 }
+envelopedData           OBJECT IDENTIFIER ::= { pkcs-7 3 }
+signedAndEnvelopedData  OBJECT IDENTIFIER ::= { pkcs-7 4 }
+digestedData            OBJECT IDENTIFIER ::= { pkcs-7 5 }
+encryptedData           OBJECT IDENTIFIER ::= { pkcs-7 6 }
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1
new file mode 100644
index 0000000000..266f90170a
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1
@@ -0,0 +1,61 @@
+PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
+        modules(1) pkcs-8(1)}
+
+-- $Revision: 1.5 $
+
+-- This module has been checked for conformance with the ASN.1
+-- standard by the OSS ASN.1 Tools
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in other
+-- ASN.1 modules.
+
+IMPORTS
+
+informationFramework
+        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+                                usefulDefinitions(0) 3}
+
+Attribute
+        FROM InformationFramework informationFramework
+
+AlgorithmIdentifier, ALGORITHM-IDENTIFIER
+        FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};
+
+-- Private-key information syntax
+
+PrivateKeyInfo ::= SEQUENCE {
+  version Version,
+  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
+  privateKey PrivateKey,
+  attributes [0] Attributes OPTIONAL }
+
+Version ::= INTEGER {v1(0)} (v1,...)
+
+PrivateKey ::= OCTET STRING
+
+Attributes ::= SET OF Attribute
+
+-- Encrypted private-key information syntax
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+    encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
+    encryptedData EncryptedData
+}
+
+EncryptedData ::= OCTET STRING
+
+PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1
new file mode 100644
index 0000000000..cd561f4d7e
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1
@@ -0,0 +1,391 @@
+PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+pkcs-9(9) modules(0) pkcs-9(1)}
+
+-- $Revision$
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in
+-- other ASN.1 modules.
+
+IMPORTS
+
+informationFramework, authenticationFramework, selectedAttributeTypes,
+        upperBounds , id-at
+        FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+        usefulDefinitions(0) 3}
+
+ub-name
+        FROM UpperBounds upperBounds
+
+OBJECT-CLASS, ATTRIBUTE, MATCHING-RULE, Attribute, top, objectIdentifierMatch
+        FROM InformationFramework informationFramework
+
+ALGORITHM, Extensions, Time
+        FROM AuthenticationFramework authenticationFramework
+
+DirectoryString, octetStringMatch, caseIgnoreMatch, caseExactMatch,
+        generalizedTimeMatch, integerMatch, serialNumber
+        FROM SelectedAttributeTypes selectedAttributeTypes
+
+ContentInfo, SignerInfo
+        FROM CryptographicMessageSyntax-2009 {iso(1) member-body(2) us(840)
+        rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
+
+EncryptedPrivateKeyInfo
+        FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
+
+PFX
+        FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)}
+
+-- PKCS15Token
+--        FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549)
+--        pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)}
+;
+
+-- Upper bounds
+pkcs-9-ub-pkcs9String          		INTEGER ::= 255
+pkcs-9-ub-emailAddress         		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-unstructuredName      	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-unstructuredAddress   	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-challengePassword     	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-friendlyName         		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-signingDescription    	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-match                		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-pseudonym            		INTEGER ::= ub-name
+pkcs-9-ub-placeOfBirth         		INTEGER ::= ub-name
+
+-- Object Identifiers
+
+pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+                              rsadsi(113549) pkcs(1) 9}
+
+  -- Main arcs
+pkcs-9-mo	OBJECT IDENTIFIER ::= {pkcs-9 0}  -- Modules branch
+pkcs-9-oc    	OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch
+pkcs-9-at       OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for new  attributes
+pkcs-9-sx	OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252)
+pkcs-9-mr       OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules
+
+  -- Object classes
+pkcs-9-oc-pkcsEntity   			OBJECT IDENTIFIER ::= {pkcs-9-oc 1}
+pkcs-9-oc-naturalPerson                 OBJECT IDENTIFIER ::= {pkcs-9-oc 2}
+
+  -- Attributes
+pkcs-9-at-emailAddress                  OBJECT IDENTIFIER ::= {pkcs-9 1}
+pkcs-9-at-unstructuredName              OBJECT IDENTIFIER ::= {pkcs-9 2}
+pkcs-9-at-contentType                   OBJECT IDENTIFIER ::= {pkcs-9 3}
+pkcs-9-at-messageDigest                 OBJECT IDENTIFIER ::= {pkcs-9 4}
+pkcs-9-at-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9 5}
+pkcs-9-at-counterSignature              OBJECT IDENTIFIER ::= {pkcs-9 6}
+pkcs-9-at-challengePassword             OBJECT IDENTIFIER ::= {pkcs-9 7}
+pkcs-9-at-unstructuredAddress           OBJECT IDENTIFIER ::= {pkcs-9 8}
+pkcs-9-at-extendedCertificateAttributes OBJECT IDENTIFIER ::= {pkcs-9 9}
+
+-- Obsolete (?) attribute identifiers, purportedly from "tentative
+-- PKCS #9 draft"
+-- pkcs-9-at-issuerAndSerialNumber      OBJECT IDENTIFIER ::= {pkcs-9 10}
+-- pkcs-9-at-passwordCheck              OBJECT IDENTIFIER ::= {pkcs-9 11}
+-- pkcs-9-at-publicKey                  OBJECT IDENTIFIER ::= {pkcs-9 12}
+
+pkcs-9-at-signingDescription            OBJECT IDENTIFIER ::= {pkcs-9 13}
+pkcs-9-at-extensionRequest              OBJECT IDENTIFIER ::= {pkcs-9 14}
+pkcs-9-at-smimeCapabilities             OBJECT IDENTIFIER ::= {pkcs-9 15}
+
+-- Unused (?)
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 17}
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 18}
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 19}
+
+pkcs-9-at-friendlyName                  OBJECT IDENTIFIER ::= {pkcs-9 20}
+pkcs-9-at-localKeyId                    OBJECT IDENTIFIER ::= {pkcs-9 21}
+pkcs-9-at-userPKCS12                    OBJECT IDENTIFIER ::= {2 16 840 1 113730 3 1 216}
+pkcs-9-at-pkcs15Token                   OBJECT IDENTIFIER ::= {pkcs-9-at 1}
+pkcs-9-at-encryptedPrivateKeyInfo       OBJECT IDENTIFIER ::= {pkcs-9-at 2}
+pkcs-9-at-randomNonce                   OBJECT IDENTIFIER ::= {pkcs-9-at 3}
+pkcs-9-at-sequenceNumber                OBJECT IDENTIFIER ::= {pkcs-9-at 4}
+pkcs-9-at-pkcs7PDU                      OBJECT IDENTIFIER ::= {pkcs-9-at 5}
+
+  -- IETF PKIX Attribute branch
+ietf-at         			OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 9}
+
+pkcs-9-at-dateOfBirth                   OBJECT IDENTIFIER ::= {ietf-at 1}
+pkcs-9-at-placeOfBirth                  OBJECT IDENTIFIER ::= {ietf-at 2}
+pkcs-9-at-gender                        OBJECT IDENTIFIER ::= {ietf-at 3}
+pkcs-9-at-countryOfCitizenship          OBJECT IDENTIFIER ::= {ietf-at 4}
+pkcs-9-at-countryOfResidence            OBJECT IDENTIFIER ::= {ietf-at 5}
+
+  -- Syntaxes (for use with LDAP accessible directories)
+pkcs-9-sx-pkcs9String                   OBJECT IDENTIFIER ::= {pkcs-9-sx 1}
+pkcs-9-sx-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9-sx 2}
+
+  -- Matching rules
+pkcs-9-mr-caseIgnoreMatch               OBJECT IDENTIFIER ::= {pkcs-9-mr 1}
+pkcs-9-mr-signingTimeMatch              OBJECT IDENTIFIER ::= {pkcs-9-mr 2}
+
+  -- Arcs with attributes defined elsewhere
+smime             			OBJECT IDENTIFIER ::= {pkcs-9 16}
+  -- Main arc for S/MIME (RFC 2633)
+certTypes         			OBJECT IDENTIFIER ::= {pkcs-9 22}
+  -- Main arc for certificate types defined in PKCS #12
+crlTypes          			OBJECT IDENTIFIER ::= {pkcs-9 23}
+  -- Main arc for crl types defined in PKCS #12
+
+  -- Other object identifiers
+id-at-pseudonym				OBJECT IDENTIFIER ::= {id-at 65}
+
+-- Useful types
+
+PKCS9String {INTEGER : maxSize} ::= CHOICE {
+        ia5String IA5String (SIZE(1..maxSize)),
+        directoryString DirectoryString {maxSize}
+}
+
+-- Object classes
+
+pkcsEntity OBJECT-CLASS ::= {
+        SUBCLASS OF	{ top }
+        KIND           	auxiliary
+        MAY CONTAIN	{ PKCSEntityAttributeSet }
+        ID              pkcs-9-oc-pkcsEntity
+}
+
+naturalPerson OBJECT-CLASS ::= {
+        SUBCLASS OF 	{ top }
+        KIND 		auxiliary
+        MAY CONTAIN 	{ NaturalPersonAttributeSet }
+        ID 		pkcs-9-oc-naturalPerson
+}
+
+-- Attribute sets
+
+PKCSEntityAttributeSet ATTRIBUTE ::= {
+        pKCS7PDU       |
+        userPKCS12     |
+--        pKCS15Token    |
+        encryptedPrivateKeyInfo,
+        ... -- For future extensions
+}
+
+NaturalPersonAttributeSet ATTRIBUTE ::= {
+        emailAddress	     |
+        unstructuredName     |
+        unstructuredAddress  |
+        dateOfBirth	     |
+        placeOfBirth	     |
+        gender		     |
+        countryOfCitizenship |
+        countryOfResidence   |
+        pseudonym	     |
+        serialNumber,
+        ... -- For future extensions
+}
+
+-- Attributes
+
+pKCS7PDU ATTRIBUTE ::= {
+        WITH SYNTAX ContentInfo
+        ID pkcs-9-at-pkcs7PDU
+}
+
+userPKCS12 ATTRIBUTE ::= {
+        WITH SYNTAX PFX
+        ID pkcs-9-at-userPKCS12
+}
+
+-- pKCS15Token ATTRIBUTE ::= {
+--        WITH SYNTAX PKCS15Token
+--        ID pkcs-9-at-pkcs15Token
+-- }
+
+encryptedPrivateKeyInfo ATTRIBUTE ::= {
+        WITH SYNTAX EncryptedPrivateKeyInfo
+        ID pkcs-9-at-encryptedPrivateKeyInfo
+}
+
+emailAddress ATTRIBUTE ::= {
+        WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress))
+        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
+        ID pkcs-9-at-emailAddress
+}
+
+unstructuredName ATTRIBUTE ::= {
+        WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName}
+        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
+        ID pkcs-9-at-unstructuredName
+}
+
+unstructuredAddress ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress}
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-unstructuredAddress
+}
+
+dateOfBirth ATTRIBUTE ::= {
+        WITH SYNTAX GeneralizedTime
+        EQUALITY MATCHING RULE generalizedTimeMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-dateOfBirth
+}
+
+placeOfBirth ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth}
+        EQUALITY MATCHING RULE caseExactMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-placeOfBirth
+}
+
+gender ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(1) ^ FROM ("M" | "F" | "m" | "f"))
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-gender
+}
+
+countryOfCitizenship ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
+        -- Must be a two-letter country acronym in accordance with
+        -- ISO/IEC 3166 --})
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-countryOfCitizenship
+}
+
+countryOfResidence ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
+        -- Must be a two-letter country acronym in accordance with
+        -- ISO/IEC 3166 --})
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-countryOfResidence
+}
+
+pseudonym ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym}
+        EQUALITY MATCHING RULE caseExactMatch
+        ID id-at-pseudonym
+}
+
+contentType ATTRIBUTE ::= {
+        WITH SYNTAX ContentType
+        EQUALITY MATCHING RULE objectIdentifierMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-contentType
+}
+
+ContentType ::= OBJECT IDENTIFIER
+
+messageDigest ATTRIBUTE ::= {
+        WITH SYNTAX MessageDigest
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-messageDigest
+}
+
+MessageDigest ::= OCTET STRING
+
+signingTime ATTRIBUTE ::= {
+        WITH SYNTAX SigningTime
+        EQUALITY MATCHING RULE signingTimeMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-signingTime
+}
+
+SigningTime ::= Time -- imported from ISO/IEC 9594-8
+
+randomNonce ATTRIBUTE ::= {
+        WITH SYNTAX RandomNonce
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-randomNonce
+}
+
+RandomNonce ::= OCTET STRING (SIZE(4..MAX)) -- At least four bytes long
+
+sequenceNumber ATTRIBUTE ::= {
+        WITH SYNTAX SequenceNumber
+        EQUALITY MATCHING RULE integerMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-sequenceNumber
+}
+
+SequenceNumber ::= INTEGER (1..MAX)
+
+counterSignature ATTRIBUTE ::= {
+        WITH SYNTAX SignerInfo
+        ID pkcs-9-at-counterSignature
+}
+
+challengePassword ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword}
+        EQUALITY MATCHING RULE caseExactMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-challengePassword
+}
+
+extensionRequest ATTRIBUTE ::= {
+        WITH SYNTAX ExtensionRequest
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-extensionRequest
+}
+
+ExtensionRequest ::= Extensions
+
+extendedCertificateAttributes ATTRIBUTE ::= {
+        WITH SYNTAX SET OF Attribute
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-extendedCertificateAttributes
+}
+
+friendlyName ATTRIBUTE ::= {
+        WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-friendlyName
+}
+
+localKeyId ATTRIBUTE ::= {
+        WITH SYNTAX OCTET STRING
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-localKeyId
+}
+
+signingDescription ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription}
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-signingDescription
+}
+
+smimeCapabilities ATTRIBUTE ::= {
+        WITH SYNTAX SMIMECapabilities
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-smimeCapabilities
+}
+
+SMIMECapabilities ::= SEQUENCE OF SMIMECapability
+
+SMIMECapability ::= SEQUENCE {
+        algorithm  ALGORITHM.&id ({SMIMEv3Algorithms}),
+        parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm})
+}
+
+SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --}
+
+ -- Matching rules
+
+pkcs9CaseIgnoreMatch MATCHING-RULE ::= {
+        SYNTAX PKCS9String {pkcs-9-ub-match}
+        ID pkcs-9-mr-caseIgnoreMatch
+}
+
+signingTimeMatch MATCHING-RULE ::= {
+        SYNTAX SigningTime
+        ID pkcs-9-mr-signingTimeMatch
+}
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1
index 525ee3c5ec..1bcc2281a1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1
@@ -6,7 +6,7 @@ BEGIN
 IMPORTS
   -- PKCS#7
   ContentInfo
-    FROM PKCS7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) 
+    FROM PKCS-7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1)
       7 module(0)}
   -- module not formally defined in the PKCS#7document, therefore defined in Annex O
   -- IPMS Information Objects
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1
new file mode 100644
index 0000000000..fde5bddbf3
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1
@@ -0,0 +1,166 @@
+  PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  --  ATTRIBUTE
+  --
+  --  Describe the set of data associated with an attribute of some type
+  --
+  --  &id is an OID identifying the attribute
+  --  &Type is the ASN.1 type structure for the attribute; not all
+  --      attributes have a data structure, so this field is optional
+  --  &minCount contains the minimum number of times the attribute can
+  --      occur in an AttributeSet
+  --  &maxCount contains the maximum number of times the attribute can
+  --      appear in an AttributeSet
+  --      Note: this cannot be automatically enforced as the field
+  --      cannot be defaulted to MAX.
+  --  &equality-match contains information about how matching should be
+  --      done
+  --
+  --  Currently we are using two different prefixes for attributes.
+  --
+  --  at- for certificate attributes
+  --  aa- for CMS attributes
+  --
+
+  ATTRIBUTE ::= CLASS {
+      &id             OBJECT IDENTIFIER UNIQUE,
+      &Type           OPTIONAL,
+      &equality-match MATCHING-RULE OPTIONAL,
+      &minCount       INTEGER DEFAULT 1,
+      &maxCount       INTEGER OPTIONAL
+  } WITH SYNTAX {
+      [TYPE &Type]
+      [EQUALITY MATCHING RULE &equality-match]
+      [COUNTS [MIN &minCount] [MAX &maxCount]]
+      IDENTIFIED BY &id
+  }
+
+  -- Specification of MATCHING-RULE information object class
+  --
+
+  MATCHING-RULE ::= CLASS {
+    &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+    &AssertionType         OPTIONAL,
+    &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+    &id                    OBJECT IDENTIFIER UNIQUE
+  }
+  WITH SYNTAX {
+    [PARENT &ParentMatchingRules]
+    [SYNTAX &AssertionType]
+    [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
+    ID &id
+  }
+
+  --  AttributeSet
+  --
+  --  Used when a set of attributes is to occur.
+  --
+  --  type contains the identifier of the attribute
+  --  values contains a set of values where the structure of the ASN.1
+  --      is defined by the attribute
+  --
+  --  The parameter contains the set of objects describing
+  --      those attributes that can occur in this location.
+  --
+
+  AttributeSet{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+      type      ATTRIBUTE.&id({AttrSet}),
+      values    SET SIZE (1..MAX) OF ATTRIBUTE.
+                    &Type({AttrSet}{@type})
+  }
+
+  --  SingleAttribute
+  --
+  --  Used for a single valued attribute
+  --
+  --  The parameter contains the set of objects describing the
+  --      attributes that can occur in this location
+  --
+
+  SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+      type      ATTRIBUTE.&id({AttrSet}),
+      value     ATTRIBUTE.&Type({AttrSet}{@type})
+  }
+
+  --  EXTENSION
+  --
+  --  This class definition is used to describe the association of
+  --      object identifier and ASN.1 type structure for extensions
+  --
+  --  All extensions are prefixed with ext-
+  --
+  --  &id contains the object identifier for the extension
+  --  &ExtnType specifies the ASN.1 type structure for the extension
+  --  &Critical contains the set of legal values for the critical field.
+  --      This is normally {TRUE|FALSE} but in some instances may be
+  --      restricted to just one of these values.
+  --
+
+  EXTENSION ::= CLASS {
+      &id  OBJECT IDENTIFIER UNIQUE,
+      &ExtnType,
+      &Critical    BOOLEAN DEFAULT {TRUE | FALSE }
+  } WITH SYNTAX {
+      SYNTAX &ExtnType IDENTIFIED BY &id
+      [CRITICALITY &Critical]
+  }
+
+  --  Extensions
+  --
+  --  Used for a sequence of extensions.
+  --
+  --  The parameter contains the set of legal extensions that can
+  --  occur in this sequence.
+  --
+
+  Extensions{EXTENSION:ExtensionSet} ::=
+      SEQUENCE SIZE (1..MAX) OF Extension{{ExtensionSet}}
+
+  --  Extension
+  --
+  --  Used for a single extension
+  --
+  --  The parameter contains the set of legal extensions that can
+  --      occur in this extension.
+  --
+  --  The restriction on the critical field has been commented out
+  --  the authors are not completely sure it is correct.
+  --  The restriction could be done using custom code rather than
+  --  compiler-generated code, however.
+  --
+
+  Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
+      extnID      EXTENSION.&id({ExtensionSet}),
+      critical    BOOLEAN
+  --                     (EXTENSION.&Critical({ExtensionSet}{@extnID}))
+                       DEFAULT FALSE,
+      extnValue   OCTET STRING (CONTAINING
+                  EXTENSION.&ExtnType({ExtensionSet}{@extnID}))
+                  --  contains the DER encoding of the ASN.1 value
+                  --  corresponding to the extension type identified
+                  --  by extnID
+  }
+
+  --  Security Category
+  --
+  --  Security categories are used both for specifying clearances and
+  --  for labeling objects.  We move this here from RFC 3281 so that
+  --  they will use a common single object class to express this
+  --  information.
+  --
+
+  SECURITY-CATEGORY ::= TYPE-IDENTIFIER
+
+  SecurityCategory{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
+      type      [0]  IMPLICIT SECURITY-CATEGORY.
+              &id({Supported}),
+      value     [1]  EXPLICIT SECURITY-CATEGORY.
+              &Type({Supported}{@type})
+  }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1
new file mode 100644
index 0000000000..41cbaea67e
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1
@@ -0,0 +1,300 @@
+  --
+  --  This module is used to isolate all the X.400 naming information.
+  --  There is no reason to expect this to occur in a PKIX certificate.
+  --
+
+  PKIX-X400Address-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60) }
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  -- X.400 address syntax starts here
+
+  ORAddress ::= SEQUENCE {
+     built-in-standard-attributes BuiltInStandardAttributes,
+     built-in-domain-defined-attributes
+                     BuiltInDomainDefinedAttributes OPTIONAL,
+
+     -- see also teletex-domain-defined-attributes
+     extension-attributes ExtensionAttributes OPTIONAL }
+
+  -- Built-in Standard Attributes
+
+  BuiltInStandardAttributes ::= SEQUENCE {
+     country-name                  CountryName OPTIONAL,
+     administration-domain-name    AdministrationDomainName OPTIONAL,
+     network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+       -- see also extended-network-address
+     terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+     private-domain-name       [2] PrivateDomainName OPTIONAL,
+     organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+       -- see also teletex-organization-name
+     numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                   OPTIONAL,
+     personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+       -- see also teletex-personal-name
+     organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                   OPTIONAL }
+       -- see also teletex-organizational-unit-names
+
+  CountryName ::= [APPLICATION 1] CHOICE {
+     x121-dcc-code         NumericString
+                             (SIZE (ub-country-name-numeric-length)),
+     iso-3166-alpha2-code  PrintableString
+                             (SIZE (ub-country-name-alpha-length)) }
+
+  AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+     numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+     printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+  NetworkAddress ::= X121Address  -- see also extended-network-address
+
+  X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+  TerminalIdentifier ::= PrintableString (SIZE
+  (1..ub-terminal-id-length))
+
+  PrivateDomainName ::= CHOICE {
+     numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+     printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+  OrganizationName ::= PrintableString
+                              (SIZE (1..ub-organization-name-length))
+    -- see also teletex-organization-name
+
+  NumericUserIdentifier ::= NumericString
+                              (SIZE (1..ub-numeric-user-id-length))
+
+  PersonalName ::= SET {
+     surname     [0] IMPLICIT PrintableString
+                      (SIZE (1..ub-surname-length)),
+     given-name  [1] IMPLICIT PrintableString
+                      (SIZE (1..ub-given-name-length)) OPTIONAL,
+     initials    [2] IMPLICIT PrintableString
+                      (SIZE (1..ub-initials-length)) OPTIONAL,
+     generation-qualifier [3] IMPLICIT PrintableString
+                      (SIZE (1..ub-generation-qualifier-length))
+                      OPTIONAL }
+    -- see also teletex-personal-name
+
+  OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                               OF OrganizationalUnitName
+    -- see also teletex-organizational-unit-names
+
+  OrganizationalUnitName ::= PrintableString (SIZE
+                      (1..ub-organizational-unit-name-length))
+
+  -- Built-in Domain-defined Attributes
+
+  BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                      (1..ub-domain-defined-attributes) OF
+                      BuiltInDomainDefinedAttribute
+
+  BuiltInDomainDefinedAttribute ::= SEQUENCE {
+     type PrintableString (SIZE
+                     (1..ub-domain-defined-attribute-type-length)),
+     value PrintableString (SIZE
+                     (1..ub-domain-defined-attribute-value-length)) }
+
+  -- Extension Attributes
+
+  ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+                 ExtensionAttribute
+
+  EXTENSION-ATTRIBUTE ::= CLASS {
+      &id             INTEGER (0..ub-extension-attributes) UNIQUE,
+      &Type
+  } WITH SYNTAX { &Type IDENTIFIED BY &id }
+
+  ExtensionAttribute ::=  SEQUENCE {
+     extension-attribute-type [0] IMPLICIT EXTENSION-ATTRIBUTE.
+          &id({SupportedExtensionAttributes}),
+     extension-attribute-value [1] EXTENSION-ATTRIBUTE.
+          &Type({SupportedExtensionAttributes}
+              {@extension-attribute-type})}
+
+  SupportedExtensionAttributes EXTENSION-ATTRIBUTE ::= {
+      ea-commonName | ea-teletexCommonName | ea-teletexOrganizationName
+      | ea-teletexPersonalName | ea-teletexOrganizationalUnitNames |
+      ea-pDSName | ea-physicalDeliveryCountryName | ea-postalCode |
+      ea-physicalDeliveryOfficeName | ea-physicalDeliveryOfficeNumber |
+      ea-extensionORAddressComponents | ea-physicalDeliveryPersonalName
+      | ea-physicalDeliveryOrganizationName |
+      ea-extensionPhysicalDeliveryAddressComponents |
+      ea-unformattedPostalAddress | ea-streetAddress |
+      ea-postOfficeBoxAddress | ea-posteRestanteAddress |
+      ea-uniquePostalName | ea-localPostalAttributes |
+      ea-extendedNetworkAddress | ea-terminalType |
+      ea-teletexDomainDefinedAttributes, ... }
+
+  -- Extension types and attribute values
+
+  ea-commonName EXTENSION-ATTRIBUTE ::= { PrintableString
+      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 1 }
+
+  ea-teletexCommonName EXTENSION-ATTRIBUTE ::= {TeletexString
+      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 2 }
+
+  ea-teletexOrganizationName EXTENSION-ATTRIBUTE::= { TeletexString
+      (SIZE (1..ub-organization-name-length)) IDENTIFIED BY 3 }
+
+  ea-teletexPersonalName EXTENSION-ATTRIBUTE ::= {SET {
+     surname     [0] IMPLICIT TeletexString
+                      (SIZE (1..ub-surname-length)),
+     given-name  [1] IMPLICIT TeletexString
+                      (SIZE (1..ub-given-name-length)) OPTIONAL,
+     initials    [2] IMPLICIT TeletexString
+                      (SIZE (1..ub-initials-length)) OPTIONAL,
+     generation-qualifier [3] IMPLICIT TeletexString
+                      (SIZE (1..ub-generation-qualifier-length))
+                      OPTIONAL } IDENTIFIED BY 4 }
+
+  ea-teletexOrganizationalUnitNames EXTENSION-ATTRIBUTE ::=
+      { SEQUENCE SIZE (1..ub-organizational-units) OF
+            TeletexOrganizationalUnitName IDENTIFIED BY 5 }
+
+  TeletexOrganizationalUnitName ::= TeletexString
+      (SIZE (1..ub-organizational-unit-name-length))
+
+  ea-pDSName EXTENSION-ATTRIBUTE ::= {PrintableString
+      (SIZE (1..ub-pds-name-length)) IDENTIFIED BY 7 }
+
+  ea-physicalDeliveryCountryName EXTENSION-ATTRIBUTE ::= { CHOICE {
+       x121-dcc-code NumericString (SIZE
+          (ub-country-name-numeric-length)),
+       iso-3166-alpha2-code PrintableString
+          (SIZE (ub-country-name-alpha-length)) }
+       IDENTIFIED BY 8 }
+
+  ea-postalCode EXTENSION-ATTRIBUTE ::= { CHOICE {
+     numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+     printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+     IDENTIFIED BY 9 }
+
+  ea-physicalDeliveryOfficeName EXTENSION-ATTRIBUTE ::=
+      { PDSParameter IDENTIFIED BY 10 }
+
+  ea-physicalDeliveryOfficeNumber EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 11 }
+
+  ea-extensionORAddressComponents EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 12 }
+
+  ea-physicalDeliveryPersonalName EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 13}
+
+  ea-physicalDeliveryOrganizationName EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 14 }
+
+  ea-extensionPhysicalDeliveryAddressComponents EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 15 }
+
+  ea-unformattedPostalAddress EXTENSION-ATTRIBUTE ::= { SET {
+     printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+           OF PrintableString (SIZE (1..ub-pds-parameter-length))
+           OPTIONAL,
+     teletex-string TeletexString
+           (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+     IDENTIFIED BY 16 }
+
+  ea-streetAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 17 }
+
+  ea-postOfficeBoxAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 18 }
+
+  ea-posteRestanteAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 19 }
+
+  ea-uniquePostalName EXTENSION-ATTRIBUTE ::=
+      { PDSParameter IDENTIFIED BY 20 }
+
+  ea-localPostalAttributes EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 21 }
+  PDSParameter ::= SET {
+     printable-string PrintableString
+                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+     teletex-string TeletexString
+                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+  ea-extendedNetworkAddress EXTENSION-ATTRIBUTE ::= {
+     CHOICE {
+         e163-4-address SEQUENCE {
+             number      [0] IMPLICIT NumericString
+                   (SIZE (1..ub-e163-4-number-length)),
+             sub-address [1] IMPLICIT NumericString
+                   (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL
+         },
+         psap-address [0] IMPLICIT PresentationAddress
+     } IDENTIFIED BY 22
+  }
+
+  PresentationAddress ::= SEQUENCE {
+      pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+      sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+      tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+      nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+  ea-terminalType EXTENSION-ATTRIBUTE ::= {INTEGER {
+     telex (3),
+     teletex (4),
+     g3-facsimile (5),
+     g4-facsimile (6),
+     ia5-terminal (7),
+     videotex (8) } (0..ub-integer-options)
+     IDENTIFIED BY 23 }
+
+  -- Extension Domain-defined Attributes
+
+  ea-teletexDomainDefinedAttributes EXTENSION-ATTRIBUTE ::=
+      { SEQUENCE SIZE (1..ub-domain-defined-attributes) OF
+           TeletexDomainDefinedAttribute IDENTIFIED BY 6 }
+
+  TeletexDomainDefinedAttribute ::= SEQUENCE {
+      type TeletexString
+          (SIZE (1..ub-domain-defined-attribute-type-length)),
+      value TeletexString
+          (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+  --  specifications of Upper Bounds MUST be regarded as mandatory
+  --  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+  --  Upper Bounds
+  -- Upper Bounds
+  ub-match INTEGER ::= 128
+  ub-common-name-length INTEGER ::= 64
+  ub-country-name-alpha-length INTEGER ::= 2
+  ub-country-name-numeric-length INTEGER ::= 3
+  ub-domain-defined-attributes INTEGER ::= 4
+  ub-domain-defined-attribute-type-length INTEGER ::= 8
+  ub-domain-defined-attribute-value-length INTEGER ::= 128
+  ub-domain-name-length INTEGER ::= 16
+  ub-extension-attributes INTEGER ::= 256
+  ub-e163-4-number-length INTEGER ::= 15
+  ub-e163-4-sub-address-length INTEGER ::= 40
+  ub-generation-qualifier-length INTEGER ::= 3
+  ub-given-name-length INTEGER ::= 16
+  ub-initials-length INTEGER ::= 5
+  ub-integer-options INTEGER ::= 256
+  ub-numeric-user-id-length INTEGER ::= 32
+  ub-organization-name-length INTEGER ::= 64
+  ub-organizational-unit-name-length INTEGER ::= 32
+  ub-organizational-units INTEGER ::= 4
+  ub-pds-name-length INTEGER ::= 16
+  ub-pds-parameter-length INTEGER ::= 30
+  ub-pds-physical-address-lines INTEGER ::= 6
+  ub-postal-code-length INTEGER ::= 16
+  ub-surname-length INTEGER ::= 40
+  ub-terminal-id-length INTEGER ::= 24
+  ub-unformatted-address-length INTEGER ::= 180
+  ub-x121-address-length INTEGER ::= 16
+
+  -- Note - upper bounds on string types, such as TeletexString, are
+  -- measured in characters.  Excepting PrintableString or IA5String, a
+  -- significantly greater number of octets will be required to hold
+  -- such a value.  As a minimum, 16 octets or twice the specified
+  -- upper bound, whichever is the larger, should be allowed for
+  -- TeletexString.  For UTF8String or UniversalString, at least four
+  -- times the upper bound should be allowed.
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1
new file mode 100644
index 0000000000..b1232fb8f2
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1
@@ -0,0 +1,308 @@
+   PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)}
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM, KEY-TRANSPORT,
+       SIGNATURE-ALGORITHM, PUBLIC-KEY, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   id-sha1, mda-sha1, pk-rsa, RSAPublicKey
+   FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56)};
+
+   -- ============================
+   --    Object Set exports
+   -- ============================
+   --
+   --  Define top-level symbols with all of the objects defined for
+   --  export to other modules.  These objects would be included as part
+   --  of an Object Set to restrict the set of legal values.
+   --
+
+   PublicKeys PUBLIC-KEY ::= { pk-rsaSSA-PSS | pk-rsaES-OAEP, ... }
+   SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-rsaSSA-PSS, ...}
+   KeyTransportAlgs KEY-TRANSPORT ::= { kta-rsaES-OAEP, ... }
+   HashAlgs DIGEST-ALGORITHM ::= { mda-sha224 | mda-sha256 | mda-sha384
+                                      | mda-sha512, ... }
+   SMimeCaps SMIME-CAPS ::= {
+       sa-rsaSSA-PSS.&smimeCaps |
+       kta-rsaES-OAEP.&smimeCaps,
+       ...
+   }
+
+   -- =============================
+   --    Algorithm Objects
+   -- =============================
+
+   --
+   -- Public key object for PSS signatures
+   --
+
+   pk-rsaSSA-PSS PUBLIC-KEY ::= {
+       IDENTIFIER id-RSASSA-PSS
+       KEY RSAPublicKey
+       PARAMS TYPE RSASSA-PSS-params ARE optional
+        -- Private key format not in this module --
+       CERT-KEY-USAGE { nonRepudiation, digitalSignature,
+                            keyCertSign, cRLSign }
+   }
+
+   --
+   --  Signature algorithm definition for PSS signatures
+   --
+
+   sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER id-RSASSA-PSS
+       PARAMS TYPE RSASSA-PSS-params ARE required
+       HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384
+                    | mda-sha512 }
+       PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS }
+       SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS }
+   }
+
+   --
+   --  Signature algorithm definitions for PKCS v1.5 signatures
+   --
+
+   sa-sha224WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha224WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha224 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha224WithRSAEncryption }
+   }
+   sha224WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 14 }
+
+   sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha256WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha256 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha256WithRSAEncryption }
+   }
+   sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 11 }
+
+   sa-sha384WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha384WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha384 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha384WithRSAEncryption }
+   }
+   sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 12 }
+
+   sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha512WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha512 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption }
+   }
+   sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 13 }
+
+   --
+   --  Public key definition for OAEP encryption
+   --
+
+   pk-rsaES-OAEP PUBLIC-KEY ::= {
+       IDENTIFIER id-RSAES-OAEP
+       KEY RSAPublicKey
+       PARAMS TYPE RSAES-OAEP-params ARE optional
+        -- Private key format not in this module --
+       CERT-KEY-USAGE {keyEncipherment, dataEncipherment}
+   }
+
+   --
+   --  Key transport key lock definition for OAEP encryption
+   --
+
+   kta-rsaES-OAEP KEY-TRANSPORT ::= {
+       IDENTIFIER id-RSAES-OAEP
+       PARAMS TYPE RSAES-OAEP-params ARE required
+       PUBLIC-KEYS { pk-rsa | pk-rsaES-OAEP }
+       SMIME-CAPS { TYPE RSAES-OAEP-params IDENTIFIED BY id-RSAES-OAEP}
+   }
+   -- ============================
+   --   Basic object identifiers
+   -- ============================
+
+   pkcs-1  OBJECT IDENTIFIER  ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
+
+   -- When rsaEncryption is used in an AlgorithmIdentifier, the
+   -- parameters MUST be present and MUST be NULL.
+   -- rsaEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 1 }
+
+   -- When id-RSAES-OAEP is used in an AlgorithmIdentifier,
+   -- and the parameters field is present, it MUST be
+   -- RSAES-OAEP-params.
+
+   id-RSAES-OAEP  OBJECT IDENTIFIER  ::=  { pkcs-1 7 }
+
+   -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
+   -- MUST be present and MUST be a HashAlgorithm.
+
+   id-mgf1  OBJECT IDENTIFIER  ::=  { pkcs-1 8 }
+
+   -- When id-pSpecified is used in an AlgorithmIdentifier, the
+   -- parameters MUST be an OCTET STRING.
+
+   id-pSpecified  OBJECT IDENTIFIER  ::=  { pkcs-1 9 }
+
+   -- When id-RSASSA-PSS is used in an AlgorithmIdentifier, and the
+   -- parameters field is present, it MUST be RSASSA-PSS-params.
+
+   id-RSASSA-PSS  OBJECT IDENTIFIER  ::=  { pkcs-1 10 }
+
+   -- When the following OIDs are used in an AlgorithmIdentifier, the
+   -- parameters SHOULD be absent, but if the parameters are present,
+   -- they MUST be NULL.
+
+   --
+   -- id-sha1 is imported from RFC 3279.  Additionally, the v1.5
+   -- signature algorithms (i.e., rsaWithSHA256) are now solely placed
+   -- in that module.
+   --
+
+   id-sha224  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 4 }
+
+   mda-sha224 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha224
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-sha256  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 1 }
+
+   mda-sha256 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha256
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+   id-sha384  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 2 }
+
+   mda-sha384 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha384
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+   id-sha512  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 3 }
+
+   mda-sha512 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha512
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   -- =============
+   --   Constants
+   -- =============
+
+   EncodingParameters ::= OCTET STRING(SIZE(0..MAX))
+
+   nullOctetString  EncodingParameters  ::=  ''H
+
+   nullParameters NULL  ::=  NULL
+
+   -- =========================
+   --   Algorithm Identifiers
+   -- =========================
+
+   HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {HashAlgorithms}}
+
+   HashAlgorithms DIGEST-ALGORITHM ::=  {
+       { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent }
+   }
+
+   sha1Identifier HashAlgorithm ::= {
+       algorithm id-sha1,
+       parameters NULL : NULL
+   }
+
+   --
+   --  We have a default algorithm - create the value here
+   --
+
+   MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
+                           {PKCS1MGFAlgorithms}}
+
+   mgf1SHA1 MaskGenAlgorithm ::= {
+       algorithm id-mgf1,
+       parameters HashAlgorithm : sha1Identifier
+   }
+
+   --
+   --  Define the set of mask generation functions
+   --
+   --  If the identifier is id-mgf1, any of the listed hash
+   --    algorithms may be used.
+   --
+
+   PKCS1MGFAlgorithms ALGORITHM ::= {
+       { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
+       ...
+   }
+
+   --
+   -- Define the set of known source algorithms for PSS
+   --
+
+   PSourceAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
+                                                {PSS-SourceAlgorithms}}
+
+   PSS-SourceAlgorithms ALGORITHM ::= {
+       { IDENTIFIER id-pSpecified PARAMS TYPE EncodingParameters
+             ARE required },
+       ...
+   }
+   pSpecifiedEmpty PSourceAlgorithm ::=  {
+       algorithm id-pSpecified,
+       parameters EncodingParameters : nullOctetString
+   }
+
+   -- ===================
+   --   Main structures
+   -- ===================
+
+   -- AlgorithmIdentifier parameters for id-RSASSA-PSS.
+   -- Note that the tags in this Sequence are explicit.
+   -- Note: The hash algorithm in hashAlgorithm and in
+   -- maskGenAlgorithm should be the same.
+
+   RSASSA-PSS-params  ::=  SEQUENCE  {
+       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
+       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+       saltLength        [2] INTEGER DEFAULT 20,
+       trailerField      [3] INTEGER DEFAULT 1
+   }
+
+   -- AlgorithmIdentifier parameters for id-RSAES-OAEP.
+   -- Note that the tags in this Sequence are explicit.
+   -- Note: The hash algorithm in hashFunc and in
+   -- maskGenFunc should be the same.
+
+   RSAES-OAEP-params  ::=  SEQUENCE  {
+       hashFunc          [0] HashAlgorithm DEFAULT sha1Identifier,
+       maskGenFunc       [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+       pSourceFunc       [2] PSourceAlgorithm DEFAULT
+                                 pSpecifiedEmpty
+   }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1
new file mode 100644
index 0000000000..613e0e9d2c
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1
@@ -0,0 +1,415 @@
+  PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-explicit-02(51)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE, SingleAttribute{}
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  AlgorithmIdentifier{}, PUBLIC-KEY, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  CertExtensions, CrlExtensions, CrlEntryExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+  SignatureAlgs, PublicKeys
+  FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 56}
+
+  SignatureAlgs, PublicKeys
+  FROM PKIX1-PSS-OAEP-Algorithms-2009
+      {iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-rsa-pkalgs-02(54)}
+
+  ORAddress
+  FROM PKIX-X400Address-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60)};
+
+  id-pkix  OBJECT IDENTIFIER  ::=
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7)}
+
+  -- PKIX arcs
+
+  id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+      -- arc for private certificate extensions
+  id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+      -- arc for policy qualifier types
+  id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+      -- arc for extended key purpose OIDs
+  id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+      -- arc for access descriptors
+
+  -- policyQualifierIds for Internet policy qualifiers
+
+  id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+  id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+  -- access descriptor definitions
+
+  id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+  id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+  id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+  id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+  -- attribute data types
+  AttributeType           ::=  ATTRIBUTE.&id
+
+  --  Replaced by SingleAttribute{}
+  --
+  -- AttributeTypeAndValue   ::=  SEQUENCE {
+  --    type    ATTRIBUTE.&id({SupportedAttributes}),
+  --    value   ATTRIBUTE.&Type({SupportedAttributes}{@type}) }
+  --
+
+  -- Suggested naming attributes: Definition of the following
+  --   information object set may be augmented to meet local
+  --   requirements.  Note that deleting members of the set may
+  --   prevent interoperability with conforming implementations.
+  -- All attributes are presented in pairs: the AttributeType
+  --   followed by the type definition for the corresponding
+  --   AttributeValue.
+
+  -- Arc for standard naming attributes
+
+  id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+  -- Naming attributes of type X520name
+
+  id-at-name              AttributeType ::= { id-at 41 }
+  at-name ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-name }
+
+  id-at-surname           AttributeType ::= { id-at 4 }
+  at-surname ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-surname }
+
+  id-at-givenName         AttributeType ::= { id-at 42 }
+  at-givenName ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-givenName }
+
+  id-at-initials          AttributeType ::= { id-at 43 }
+  at-initials ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-initials }
+
+  id-at-generationQualifier AttributeType ::= { id-at 44 }
+  at-generationQualifier ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-generationQualifier }
+
+  -- Directory string type --
+
+  DirectoryString{INTEGER:maxSize} ::= CHOICE {
+      teletexString    TeletexString(SIZE (1..maxSize)),
+      printableString  PrintableString(SIZE (1..maxSize)),
+      bmpString        BMPString(SIZE (1..maxSize)),
+      universalString  UniversalString(SIZE (1..maxSize)),
+      uTF8String       UTF8String(SIZE (1..maxSize))
+  }
+
+  X520name ::= DirectoryString {ub-name}
+
+  -- Naming attributes of type X520CommonName
+
+  id-at-commonName        AttributeType ::= { id-at 3 }
+
+  at-x520CommonName ATTRIBUTE ::=
+      {TYPE X520CommonName IDENTIFIED BY id-at-commonName }
+
+  X520CommonName ::= DirectoryString {ub-common-name}
+
+  -- Naming attributes of type X520LocalityName
+
+  id-at-localityName      AttributeType ::= { id-at 7 }
+
+  at-x520LocalityName ATTRIBUTE ::=
+      { TYPE X520LocalityName IDENTIFIED BY id-at-localityName }
+  X520LocalityName ::= DirectoryString {ub-locality-name}
+
+  -- Naming attributes of type X520StateOrProvinceName
+
+  id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+  at-x520StateOrProvinceName ATTRIBUTE ::=
+      { TYPE DirectoryString {ub-state-name}
+          IDENTIFIED BY id-at-stateOrProvinceName }
+  X520StateOrProvinceName ::= DirectoryString {ub-state-name}
+
+  -- Naming attributes of type X520OrganizationName
+
+  id-at-organizationName  AttributeType ::= { id-at 10 }
+
+  at-x520OrganizationName ATTRIBUTE ::=
+      { TYPE DirectoryString {ub-organization-name}
+          IDENTIFIED BY id-at-organizationName }
+  X520OrganizationName ::= DirectoryString {ub-organization-name}
+
+  -- Naming attributes of type X520OrganizationalUnitName
+
+  id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+  at-x520OrganizationalUnitName ATTRIBUTE ::=
+      { TYPE DirectoryString  {ub-organizational-unit-name}
+          IDENTIFIED BY id-at-organizationalUnitName }
+  X520OrganizationalUnitName ::= DirectoryString
+                                     {ub-organizational-unit-name}
+
+  -- Naming attributes of type X520Title
+
+  id-at-title             AttributeType ::= { id-at 12 }
+
+  at-x520Title ATTRIBUTE ::= { TYPE DirectoryString { ub-title }
+      IDENTIFIED BY id-at-title }
+
+  -- Naming attributes of type X520dnQualifier
+
+  id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+  at-x520dnQualifier ATTRIBUTE ::= { TYPE PrintableString
+      IDENTIFIED BY id-at-dnQualifier }
+
+  -- Naming attributes of type X520countryName (digraph from IS 3166)
+
+  id-at-countryName       AttributeType ::= { id-at 6 }
+
+  at-x520countryName ATTRIBUTE ::=  { TYPE PrintableString (SIZE (2))
+      IDENTIFIED BY id-at-countryName }
+
+  -- Naming attributes of type X520SerialNumber
+
+  id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+  at-x520SerialNumber ATTRIBUTE ::=  {TYPE PrintableString
+      (SIZE (1..ub-serial-number)) IDENTIFIED BY id-at-serialNumber }
+
+  -- Naming attributes of type X520Pseudonym
+
+  id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+  at-x520Pseudonym ATTRIBUTE ::= { TYPE DirectoryString {ub-pseudonym}
+      IDENTIFIED BY id-at-pseudonym }
+
+  -- Naming attributes of type DomainComponent (from RFC 2247)
+
+  id-domainComponent      AttributeType ::=
+       { itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100)
+       pilotAttributeType(1) 25 }
+
+  at-domainComponent ATTRIBUTE ::= {TYPE IA5String
+      IDENTIFIED BY id-domainComponent }
+
+  -- Legacy attributes
+
+  pkcs-9 OBJECT IDENTIFIER ::=
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+  id-emailAddress          AttributeType ::= { pkcs-9 1 }
+
+  at-emailAddress ATTRIBUTE ::= {TYPE IA5String
+      (SIZE (1..ub-emailaddress-length)) IDENTIFIED BY
+      id-emailAddress }
+
+  -- naming data types --
+
+  Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+  DistinguishedName ::=   RDNSequence
+
+  RelativeDistinguishedName  ::=
+      SET SIZE (1 .. MAX) OF SingleAttribute { {SupportedAttributes} }
+
+  --  These are the known name elements for a DN
+
+  SupportedAttributes ATTRIBUTE ::= {
+      at-name | at-surname | at-givenName | at-initials |
+      at-generationQualifier | at-x520CommonName |
+      at-x520LocalityName | at-x520StateOrProvinceName |
+      at-x520OrganizationName | at-x520OrganizationalUnitName |
+      at-x520Title | at-x520dnQualifier | at-x520countryName |
+      at-x520SerialNumber | at-x520Pseudonym | at-domainComponent |
+      at-emailAddress, ... }
+
+  --
+  -- Certificate- and CRL-specific structures begin here
+  --
+
+  Certificate  ::=  SIGNED{TBSCertificate}
+
+  TBSCertificate  ::=  SEQUENCE  {
+      version         [0]  Version DEFAULT v1,
+      serialNumber         CertificateSerialNumber,
+      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                {SignatureAlgorithms}},
+      issuer               Name,
+      validity             Validity,
+      subject              Name,
+      subjectPublicKeyInfo SubjectPublicKeyInfo,
+      ... ,
+      [[2:               -- If present, version MUST be v2
+      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL
+      ]],
+      [[3:               -- If present, version MUST be v3 --
+      extensions      [3]  Extensions{{CertExtensions}} OPTIONAL
+      ]], ... }
+
+  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+  CertificateSerialNumber  ::=  INTEGER
+
+  Validity ::= SEQUENCE {
+      notBefore      Time,
+      notAfter       Time  }
+
+  Time ::= CHOICE {
+      utcTime        UTCTime,
+      generalTime    GeneralizedTime }
+
+  UniqueIdentifier  ::=  BIT STRING
+
+  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+      algorithm            AlgorithmIdentifier{PUBLIC-KEY,
+                               {PublicKeyAlgorithms}},
+      subjectPublicKey     BIT STRING  }
+
+  -- CRL structures
+
+  CertificateList  ::=  SIGNED{TBSCertList}
+
+  TBSCertList  ::=  SEQUENCE  {
+      version              Version OPTIONAL,
+                                 -- if present, MUST be v2
+      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                               {SignatureAlgorithms}},
+      issuer               Name,
+      thisUpdate           Time,
+      nextUpdate           Time OPTIONAL,
+      revokedCertificates  SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+          userCertificate  CertificateSerialNumber,
+          revocationDate   Time,
+          ... ,
+          [[2:                  -- if present, version MUST be v2
+          crlEntryExtensions  Extensions{{CrlEntryExtensions}}
+                                  OPTIONAL
+          ]], ...
+      } OPTIONAL,
+      ... ,
+      [[2:                       -- if present, version MUST be v2
+      crlExtensions       [0] Extensions{{CrlExtensions}}
+                                  OPTIONAL
+      ]], ... }
+
+  -- Version, Time, CertificateSerialNumber, and Extensions were
+  -- defined earlier for use in the certificate structure
+
+  --
+  --  The two object sets below should be expanded to include
+  --  those algorithms which are supported by the system.
+  --
+  --  For example:
+  --  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+  --    PKIXAlgs-2008.SignatureAlgs, ...,
+  --        - - RFC 3279 provides the base set
+  --    PKIX1-PSS-OAEP-ALGORITHMS.SignatureAlgs |
+  --        - - RFC 4055 provides extension algs
+  --    OtherModule.SignatureAlgs
+  --        - - RFC XXXX provides additional extension algs
+  --  }
+
+  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+      PKIXAlgs-2009.SignatureAlgs, ...,
+      PKIX1-PSS-OAEP-Algorithms-2009.SignatureAlgs }
+
+  PublicKeyAlgorithms PUBLIC-KEY ::= {
+      PKIXAlgs-2009.PublicKeys, ...,
+      PKIX1-PSS-OAEP-Algorithms-2009.PublicKeys}
+
+  -- Upper Bounds
+
+  ub-state-name INTEGER ::= 128
+  ub-organization-name INTEGER ::= 64
+  ub-organizational-unit-name INTEGER ::= 64
+  ub-title INTEGER ::= 64
+  ub-serial-number INTEGER ::= 64
+  ub-pseudonym INTEGER ::= 128
+  ub-emailaddress-length INTEGER ::= 255
+  ub-locality-name INTEGER ::= 128
+  ub-common-name INTEGER ::= 64
+  ub-name INTEGER ::= 32768
+
+  -- Note - upper bounds on string types, such as TeletexString, are
+  -- measured in characters.  Excepting PrintableString or IA5String, a
+  -- significantly greater number of octets will be required to hold
+  -- such a value.  As a minimum, 16 octets or twice the specified
+  -- upper bound, whichever is the larger, should be allowed for
+  -- TeletexString.  For UTF8String or UniversalString, at least four
+  -- times the upper bound should be allowed.
+
+  -- Information object classes used in the definition
+  -- of certificates and CRLs
+
+  -- Parameterized Type SIGNED
+  --
+  -- Three different versions of doing SIGNED:
+  --  1.  Simple and close to the previous version
+  --
+  --  SIGNED{ToBeSigned} ::= SEQUENCE {
+  --    toBeSigned  ToBeSigned,
+  --    algorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+  --                    {SignatureAlgorithms}},
+  --    signature   BIT STRING
+  --  }
+
+  --  2.  From Authenticated Framework
+  --
+  --  SIGNED{ToBeSigned} ::= SEQUENCE {
+  --    toBeSigned        ToBeSigned,
+  --    COMPONENTS OF SIGNATURE{ToBeSigned}
+  --  }
+  --  SIGNATURE{ToBeSigned} ::= SEQUENCE {
+  --    algorithmIdentifier   AlgorithmIdentifier,
+  --    encrypted             ENCRYPTED-HASH{ToBeSigned}
+  --  }
+  --  ENCRYPTED-HASH{ToBeSigned} ::=
+  --    BIT STRING
+  --      (CONSTRAINED BY {
+  --        shall be the result of applying a hashing procedure to
+  --        the DER-encoded (see 4.1) octets of a value of
+  --        ToBeSigned and then applying an encipherment procedure
+  --        to those octets
+  --      })
+  --
+  --
+  --  3.  A more complex version, but one that automatically ties
+  --      together both the signature algorithm and the
+  --      signature value for automatic decoding.
+  --
+  SIGNED{ToBeSigned} ::= SEQUENCE {
+     toBeSigned           ToBeSigned,
+     algorithmIdentifier  SEQUENCE {
+         algorithm        SIGNATURE-ALGORITHM.
+                            &id({SignatureAlgorithms}),
+         parameters       SIGNATURE-ALGORITHM.
+                            &Params({SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm}) OPTIONAL
+     },
+     signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value(
+                              {SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm}))
+  }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1
new file mode 100644
index 0000000000..3651a5249b
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1
@@ -0,0 +1,447 @@
+   PKIX1Implicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AttributeSet{}, EXTENSION, ATTRIBUTE
+   FROM PKIX-CommonTypes-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+   id-pe, id-kp, id-qt-unotice, id-qt-cps, ORAddress, Name,
+       RelativeDistinguishedName, CertificateSerialNumber,
+       DirectoryString{}, SupportedAttributes
+   FROM PKIX1Explicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) };
+
+   CertExtensions EXTENSION ::= {
+           ext-AuthorityKeyIdentifier | ext-SubjectKeyIdentifier |
+           ext-KeyUsage | ext-PrivateKeyUsagePeriod |
+           ext-CertificatePolicies | ext-PolicyMappings |
+           ext-SubjectAltName | ext-IssuerAltName |
+           ext-SubjectDirectoryAttributes |
+           ext-BasicConstraints | ext-NameConstraints |
+           ext-PolicyConstraints | ext-ExtKeyUsage |
+           ext-CRLDistributionPoints | ext-InhibitAnyPolicy |
+           ext-FreshestCRL | ext-AuthorityInfoAccess |
+           ext-SubjectInfoAccessSyntax, ... }
+
+   CrlExtensions EXTENSION ::= {
+           ext-AuthorityKeyIdentifier | ext-IssuerAltName |
+           ext-CRLNumber | ext-DeltaCRLIndicator |
+           ext-IssuingDistributionPoint |  ext-FreshestCRL, ... }
+
+   CrlEntryExtensions EXTENSION ::= {
+           ext-CRLReason | ext-CertificateIssuer |
+           ext-HoldInstructionCode | ext-InvalidityDate, ... }
+   -- Shared arc for standard certificate and CRL extensions
+
+   id-ce OBJECT IDENTIFIER  ::=  { joint-iso-ccitt(2) ds(5) 29 }
+
+   -- authority key identifier OID and syntax
+
+   ext-AuthorityKeyIdentifier EXTENSION ::= { SYNTAX
+       AuthorityKeyIdentifier IDENTIFIED BY
+       id-ce-authorityKeyIdentifier }
+   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+   AuthorityKeyIdentifier ::= SEQUENCE {
+       keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+       authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+       authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+   (WITH COMPONENTS {
+      ...,
+      authorityCertIssuer        PRESENT,
+      authorityCertSerialNumber  PRESENT
+    } |
+    WITH COMPONENTS {
+      ...,
+      authorityCertIssuer        ABSENT,
+      authorityCertSerialNumber  ABSENT
+    })
+
+   KeyIdentifier ::= OCTET STRING
+
+   -- subject key identifier OID and syntax
+
+   ext-SubjectKeyIdentifier EXTENSION ::= { SYNTAX
+       KeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier }
+   id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+   -- key usage extension OID and syntax
+
+   ext-KeyUsage EXTENSION ::= { SYNTAX
+       KeyUsage IDENTIFIED BY id-ce-keyUsage }
+   id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+   KeyUsage ::= BIT STRING {
+        digitalSignature        (0),
+        nonRepudiation          (1), --  recent editions of X.509 have
+                                     --  renamed this bit to
+                                     --  contentCommitment
+        keyEncipherment         (2),
+        dataEncipherment        (3),
+        keyAgreement            (4),
+        keyCertSign             (5),
+        cRLSign                 (6),
+        encipherOnly            (7),
+        decipherOnly            (8)
+    }
+
+   -- private key usage period extension OID and syntax
+
+   ext-PrivateKeyUsagePeriod EXTENSION ::= { SYNTAX
+       PrivateKeyUsagePeriod IDENTIFIED BY id-ce-privateKeyUsagePeriod }
+   id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+   PrivateKeyUsagePeriod ::= SEQUENCE {
+        notBefore       [0]     GeneralizedTime OPTIONAL,
+        notAfter        [1]     GeneralizedTime OPTIONAL }
+   (WITH COMPONENTS {..., notBefore  PRESENT } |
+    WITH COMPONENTS {..., notAfter  PRESENT })
+
+   -- certificate policies extension OID and syntax
+
+   ext-CertificatePolicies EXTENSION ::= { SYNTAX
+       CertificatePolicies IDENTIFIED BY id-ce-certificatePolicies}
+   id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+   CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+   PolicyInformation ::= SEQUENCE {
+        policyIdentifier   CertPolicyId,
+        policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+                PolicyQualifierInfo OPTIONAL }
+
+   CertPolicyId ::= OBJECT IDENTIFIER
+
+   CERT-POLICY-QUALIFIER ::= TYPE-IDENTIFIER
+
+   PolicyQualifierInfo ::= SEQUENCE {
+          policyQualifierId  CERT-POLICY-QUALIFIER.
+               &id({PolicyQualifierId}),
+          qualifier          CERT-POLICY-QUALIFIER.
+               &Type({PolicyQualifierId}{@policyQualifierId})}
+
+   -- Implementations that recognize additional policy qualifiers MUST
+   -- augment the following definition for PolicyQualifierId
+
+   PolicyQualifierId CERT-POLICY-QUALIFIER ::=
+       { pqid-cps | pqid-unotice, ... }
+
+   pqid-cps CERT-POLICY-QUALIFIER ::= { CPSuri IDENTIFIED BY id-qt-cps }
+   pqid-unotice CERT-POLICY-QUALIFIER ::= { UserNotice
+       IDENTIFIED BY id-qt-unotice }
+
+   -- CPS pointer qualifier
+
+   CPSuri ::= IA5String
+
+   -- user notice qualifier
+
+   UserNotice ::= SEQUENCE {
+        noticeRef        NoticeReference OPTIONAL,
+        explicitText     DisplayText OPTIONAL}
+
+   --
+   --  This is not made explicit in the text
+   --
+   -- {WITH COMPONENTS {..., noticeRef PRESENT} |
+   --  WITH COMPONENTS {..., DisplayText PRESENT }}
+
+   NoticeReference ::= SEQUENCE {
+        organization     DisplayText,
+        noticeNumbers    SEQUENCE OF INTEGER }
+
+   DisplayText ::= CHOICE {
+        ia5String        IA5String      (SIZE (1..200)),
+        visibleString    VisibleString  (SIZE (1..200)),
+        bmpString        BMPString      (SIZE (1..200)),
+        utf8String       UTF8String     (SIZE (1..200)) }
+
+   -- policy mapping extension OID and syntax
+
+   ext-PolicyMappings EXTENSION ::= { SYNTAX
+       PolicyMappings IDENTIFIED BY id-ce-policyMappings }
+   id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+   PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+       issuerDomainPolicy      CertPolicyId,
+       subjectDomainPolicy     CertPolicyId
+   }
+
+   -- subject alternative name extension OID and syntax
+
+   ext-SubjectAltName EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-subjectAltName }
+   id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+   GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+   GeneralName ::= CHOICE {
+        otherName                   [0]  INSTANCE OF OTHER-NAME,
+        rfc822Name                  [1]  IA5String,
+        dNSName                     [2]  IA5String,
+        x400Address                 [3]  ORAddress,
+        directoryName               [4]  Name,
+        ediPartyName                [5]  EDIPartyName,
+        uniformResourceIdentifier   [6]  IA5String,
+        iPAddress                   [7]  OCTET STRING,
+        registeredID                [8]  OBJECT IDENTIFIER
+   }
+
+   -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+   -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+   OTHER-NAME ::= TYPE-IDENTIFIER
+
+   EDIPartyName ::= SEQUENCE {
+       nameAssigner    [0] DirectoryString {ubMax} OPTIONAL,
+       partyName       [1] DirectoryString {ubMax}
+   }
+
+   -- issuer alternative name extension OID and syntax
+
+   ext-IssuerAltName EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-issuerAltName }
+   id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+   ext-SubjectDirectoryAttributes EXTENSION ::= { SYNTAX
+       SubjectDirectoryAttributes IDENTIFIED BY
+       id-ce-subjectDirectoryAttributes }
+   id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+   SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
+       AttributeSet{{SupportedAttributes}}
+
+   -- basic constraints extension OID and syntax
+
+   ext-BasicConstraints EXTENSION ::= { SYNTAX
+       BasicConstraints IDENTIFIED BY id-ce-basicConstraints }
+   id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+   BasicConstraints ::= SEQUENCE {
+        cA                      BOOLEAN DEFAULT FALSE,
+        pathLenConstraint       INTEGER (0..MAX) OPTIONAL
+   }
+
+   -- name constraints extension OID and syntax
+   ext-NameConstraints EXTENSION ::= { SYNTAX
+       NameConstraints IDENTIFIED BY id-ce-nameConstraints }
+   id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+   NameConstraints ::= SEQUENCE {
+        permittedSubtrees       [0] GeneralSubtrees OPTIONAL,
+        excludedSubtrees        [1] GeneralSubtrees OPTIONAL
+   }
+   --
+   --  This is a constraint in the issued certificates by CAs, but is
+   --  not a requirement on EEs.
+   --
+   -- (WITH COMPONENTS { ..., permittedSubtrees PRESENT} |
+   --  WITH COMPONENTS { ..., excludedSubtrees PRESENT }}
+
+   GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+   GeneralSubtree ::= SEQUENCE {
+        base                GeneralName,
+        minimum         [0] BaseDistance DEFAULT 0,
+        maximum         [1] BaseDistance OPTIONAL
+   }
+
+   BaseDistance ::= INTEGER (0..MAX)
+
+   -- policy constraints extension OID and syntax
+
+   ext-PolicyConstraints EXTENSION ::= { SYNTAX
+       PolicyConstraints IDENTIFIED BY id-ce-policyConstraints }
+   id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+   PolicyConstraints ::= SEQUENCE {
+        requireExplicitPolicy           [0] SkipCerts OPTIONAL,
+        inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
+   --
+   --  This is a constraint in the issued certificates by CAs,
+   --  but is not a requirement for EEs
+   --
+   -- (WITH COMPONENTS { ..., requireExplicitPolicy PRESENT} |
+   --  WITH COMPONENTS { ..., inhibitPolicyMapping PRESENT})
+
+   SkipCerts ::= INTEGER (0..MAX)
+
+   -- CRL distribution points extension OID and syntax
+
+   ext-CRLDistributionPoints EXTENSION ::= { SYNTAX
+       CRLDistributionPoints IDENTIFIED BY id-ce-cRLDistributionPoints}
+   id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+   DistributionPoint ::= SEQUENCE {
+        distributionPoint       [0] DistributionPointName OPTIONAL,
+        reasons                 [1] ReasonFlags OPTIONAL,
+        cRLIssuer               [2] GeneralNames OPTIONAL
+   }
+   --
+   --  This is not a requirement in the text, but it seems as if it
+   --      should be
+   --
+   --(WITH COMPONENTS {..., distributionPoint PRESENT} |
+   -- WITH COMPONENTS {..., cRLIssuer PRESENT})
+
+   DistributionPointName ::= CHOICE {
+        fullName                [0] GeneralNames,
+        nameRelativeToCRLIssuer [1] RelativeDistinguishedName
+   }
+
+   ReasonFlags ::= BIT STRING {
+        unused                  (0),
+        keyCompromise           (1),
+        cACompromise            (2),
+        affiliationChanged      (3),
+        superseded              (4),
+        cessationOfOperation    (5),
+        certificateHold         (6),
+        privilegeWithdrawn      (7),
+        aACompromise            (8)
+    }
+
+   -- extended key usage extension OID and syntax
+
+   ext-ExtKeyUsage EXTENSION ::= { SYNTAX
+       ExtKeyUsageSyntax IDENTIFIED BY id-ce-extKeyUsage }
+   id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+   ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+   KeyPurposeId ::= OBJECT IDENTIFIER
+
+   -- permit unspecified key uses
+
+   anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+   -- extended key purpose OIDs
+
+   id-kp-serverAuth       OBJECT IDENTIFIER ::= { id-kp 1 }
+   id-kp-clientAuth       OBJECT IDENTIFIER ::= { id-kp 2 }
+   id-kp-codeSigning      OBJECT IDENTIFIER ::= { id-kp 3 }
+   id-kp-emailProtection  OBJECT IDENTIFIER ::= { id-kp 4 }
+   id-kp-timeStamping     OBJECT IDENTIFIER ::= { id-kp 8 }
+   id-kp-OCSPSigning      OBJECT IDENTIFIER ::= { id-kp 9 }
+
+   -- inhibit any policy OID and syntax
+
+   ext-InhibitAnyPolicy EXTENSION  ::= {SYNTAX
+       SkipCerts IDENTIFIED BY id-ce-inhibitAnyPolicy }
+   id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+   -- freshest (delta)CRL extension OID and syntax
+
+   ext-FreshestCRL EXTENSION ::= {SYNTAX
+       CRLDistributionPoints IDENTIFIED BY id-ce-freshestCRL }
+   id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+   -- authority info access
+
+   ext-AuthorityInfoAccess EXTENSION ::= { SYNTAX
+       AuthorityInfoAccessSyntax IDENTIFIED BY
+       id-pe-authorityInfoAccess }
+   id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+   AuthorityInfoAccessSyntax  ::=
+           SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+   AccessDescription  ::=  SEQUENCE {
+           accessMethod          OBJECT IDENTIFIER,
+           accessLocation        GeneralName  }
+
+   -- subject info access
+
+   ext-SubjectInfoAccessSyntax EXTENSION ::= { SYNTAX
+       SubjectInfoAccessSyntax IDENTIFIED BY id-pe-subjectInfoAccess }
+   id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+   SubjectInfoAccessSyntax  ::=
+           SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+   -- CRL number extension OID and syntax
+
+   ext-CRLNumber EXTENSION ::= {SYNTAX
+       INTEGER (0..MAX) IDENTIFIED BY id-ce-cRLNumber }
+   id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+   CRLNumber ::= INTEGER (0..MAX)
+   -- issuing distribution point extension OID and syntax
+
+   ext-IssuingDistributionPoint EXTENSION ::= { SYNTAX
+       IssuingDistributionPoint IDENTIFIED BY
+       id-ce-issuingDistributionPoint }
+   id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+   IssuingDistributionPoint ::= SEQUENCE {
+        distributionPoint          [0] DistributionPointName OPTIONAL,
+        onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+        onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+        onlySomeReasons            [3] ReasonFlags OPTIONAL,
+        indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+        onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
+   }
+           -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
+           -- or onlyContainsAttributeCerts may be set to TRUE.
+
+   ext-DeltaCRLIndicator EXTENSION ::= { SYNTAX
+       CRLNumber IDENTIFIED BY id-ce-deltaCRLIndicator }
+   id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+   -- CRL reasons extension OID and syntax
+
+   ext-CRLReason EXTENSION ::= { SYNTAX
+       CRLReason IDENTIFIED BY id-ce-cRLReasons }
+   id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+   CRLReason ::= ENUMERATED {
+        unspecified             (0),
+        keyCompromise           (1),
+        cACompromise            (2),
+        affiliationChanged      (3),
+        superseded              (4),
+        cessationOfOperation    (5),
+        certificateHold         (6),
+        removeFromCRL           (8),
+        privilegeWithdrawn      (9),
+        aACompromise           (10)
+   }
+
+   -- certificate issuer CRL entry extension OID and syntax
+
+   ext-CertificateIssuer EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-certificateIssuer }
+   id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+   -- hold instruction extension OID and syntax
+   ext-HoldInstructionCode EXTENSION ::= { SYNTAX
+       OBJECT IDENTIFIER IDENTIFIED BY id-ce-holdInstructionCode }
+   id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+   -- ANSI x9 holdinstructions
+
+   holdInstruction OBJECT IDENTIFIER ::=
+             {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+   id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                   {holdInstruction 1} -- deprecated
+   id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+                   {holdInstruction 2}
+   id-holdinstruction-reject OBJECT IDENTIFIER ::=
+                   {holdInstruction 3}
+
+   -- invalidity date CRL entry extension OID and syntax
+
+   ext-InvalidityDate EXTENSION  ::=  { SYNTAX
+       GeneralizedTime IDENTIFIED BY id-ce-invalidityDate }
+   id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+   -- Upper bounds
+   ubMax INTEGER ::= 32768
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1
new file mode 100644
index 0000000000..d58bcb5b19
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1
@@ -0,0 +1,528 @@
+   PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
+     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+     id-mod-pkix1-algorithms2008-02(56) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   mda-sha224, mda-sha256, mda-sha384, mda-sha512
+   FROM PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1)
+       security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-pkix1-rsa-pkalgs-02(54)} ;
+
+   --
+   -- Public Key (pk-) Algorithms
+   --
+
+   PublicKeys PUBLIC-KEY ::= {
+    pk-rsa  |
+    pk-dsa  |
+    pk-dh   |
+    pk-kea,
+    ...,
+    pk-ec   |
+    pk-ecDH |
+    pk-ecMQV
+   }
+
+   --
+   -- Signature Algorithms (sa-)
+   --
+
+   SignatureAlgs SIGNATURE-ALGORITHM ::= {
+    sa-rsaWithMD2      |
+    sa-rsaWithMD5      |
+    sa-rsaWithSHA1     |
+    sa-dsaWithSHA1     |
+    sa-ecdsaWithSHA1,
+    ..., -- Extensible
+    sa-dsaWithSHA224   |
+    sa-dsaWithSHA256   |
+    sa-ecdsaWithSHA224 |
+    sa-ecdsaWithSHA256 |
+    sa-ecdsaWithSHA384 |
+    sa-ecdsaWithSHA512
+   }
+
+   --
+   -- S/MIME CAPS for algorithms in this document
+   --
+   -- For all of the algorithms laid out in this document, the
+   -- parameters field for the S/MIME capabilities is defined as
+   -- ABSENT as there are no specific values that need to be known
+   -- by the receiver for negotiation.
+
+   --
+
+   SMimeCaps SMIME-CAPS ::= {
+    sa-rsaWithMD2.&smimeCaps      |
+    sa-rsaWithMD5.&smimeCaps      |
+    sa-rsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA224.&smimeCaps   |
+    sa-dsaWithSHA256.&smimeCaps   |
+    sa-ecdsaWithSHA1.&smimeCaps   |
+    sa-ecdsaWithSHA224.&smimeCaps |
+    sa-ecdsaWithSHA256.&smimeCaps |
+    sa-ecdsaWithSHA384.&smimeCaps |
+    sa-ecdsaWithSHA512.&smimeCaps,
+    ... }
+
+   -- RSA PK Algorithm, Parameters, and Keys
+
+   pk-rsa PUBLIC-KEY ::= {
+    IDENTIFIER rsaEncryption
+    KEY RSAPublicKey
+    PARAMS TYPE NULL ARE absent
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {digitalSignature, nonRepudiation,
+    keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
+   }
+
+   rsaEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 1 }
+
+   RSAPublicKey ::= SEQUENCE {
+    modulus         INTEGER, -- n
+    publicExponent  INTEGER  -- e
+   }
+
+   -- DSA PK Algorithm, Parameters, and Keys
+
+   pk-dsa PUBLIC-KEY ::= {
+    IDENTIFIER id-dsa
+    KEY DSAPublicKey
+    PARAMS TYPE DSA-Params ARE inheritable
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign,
+                        cRLSign }
+   }
+
+   id-dsa OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
+
+   DSA-Params ::= SEQUENCE {
+    p  INTEGER,
+    q  INTEGER,
+    g  INTEGER
+   }
+
+   DSAPublicKey ::= INTEGER --  public key, y
+
+   -- Diffie-Hellman PK Algorithm, Parameters, and Keys
+
+   pk-dh PUBLIC-KEY ::= {
+    IDENTIFIER dhpublicnumber
+    KEY DHPublicKey
+    PARAMS TYPE DomainParameters ARE inheritable
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   dhpublicnumber OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-x942(10046)
+    number-type(2) 1 }
+
+   DomainParameters ::= SEQUENCE {
+    p                INTEGER,           -- odd prime, p=jq +1
+    g                INTEGER,           -- generator, g
+    q                INTEGER,           -- factor of p-1
+    j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
+    validationParams  ValidationParams OPTIONAL
+   }
+
+   ValidationParams ::= SEQUENCE {
+    seed         BIT STRING,
+    pgenCounter  INTEGER
+   }
+
+   DiffieHellmanPublicNumber ::= INTEGER   -- according to http://wikisec.free.fr/crypto/crypto.html
+
+   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
+
+   -- KEA PK Algorithm and Parameters
+
+   pk-kea PUBLIC-KEY ::= {
+    IDENTIFIER id-keyExchangeAlgorithm
+    -- key is not encoded --
+    PARAMS TYPE KEA-Params-Id ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+   }
+   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
+       joint-iso-itu-t(2) country(16) us(840) organization(1)
+       gov(101) dod(2) infosec(1) algorithms(1) 22 }
+
+   KEA-Params-Id ::= OCTET STRING
+
+   -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
+   --  (Section 2.1.1 of RFC 5480)
+   --
+   -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA
+
+   pk-ec PUBLIC-KEY ::= {
+    IDENTIFIER id-ecPublicKey
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
+                         keyCertSign, cRLSign }
+   }
+
+   ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions
+
+   id-ecPublicKey OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
+
+   -- Elliptic Curve (EC) Signatures: Restricted Algorithms
+   --  (Section 2.1.2 of RFC 5480)
+   --
+   -- EC Diffie-Hellman Algorithm ID
+
+   pk-ecDH PUBLIC-KEY ::= {
+    IDENTIFIER id-ecDH
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   id-ecDH OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecdh(12) }
+
+   -- EC Menezes-Qu-Vanstone Algorithm ID
+
+   pk-ecMQV PUBLIC-KEY ::= {
+    IDENTIFIER id-ecMQV
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   id-ecMQV OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecmqv(13) }
+
+   -- Parameters and Keys for both Restricted and Unrestricted EC
+
+   ECParameters ::= CHOICE {
+    namedCurve      CURVE.&id({NamedCurve})
+    -- implicitCurve   NULL
+      -- implicitCurve MUST NOT be used in PKIX
+    -- specifiedCurve  SpecifiedCurve
+      -- specifiedCurve MUST NOT be used in PKIX
+      -- Details for specifiedCurve can be found in [X9.62]
+      -- Any future additions to this CHOICE should be coordinated
+      -- with ANSI X.9.
+   }
+   -- If you need to be able to decode ANSI X.9 parameter structures,
+   -- uncomment the implicitCurve and specifiedCurve above, and also
+   -- uncomment the following:
+   --(WITH COMPONENTS {namedCurve PRESENT})
+
+   -- Sec 2.1.1.1 Named Curve
+
+   CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE }
+    WITH SYNTAX { ID &id }
+
+   NamedCurve CURVE ::= {
+   { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
+   { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
+   { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
+   { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
+   { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
+   ... -- Extensible
+   }
+
+   -- Note in [X9.62] the curves are referred to as 'ansiX9' as
+   -- opposed to 'sec'.  For example, secp192r1 is the same curve as
+   -- ansix9p192r1.
+
+   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
+   -- prime192v1 and the secp256r1 curve was referred to as
+   -- prime256v1.
+
+   -- Note that [FIPS186-3] refers to secp192r1 as P-192,
+   -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384,
+   -- and secp521r1 as P-521.
+
+   secp192r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 1 }
+
+   sect163k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 1 }
+
+   sect163r2 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 15 }
+
+   secp224r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 33 }
+
+   sect233k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 26 }
+
+   sect233r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 27 }
+
+   secp256r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 7 }
+
+   sect283k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 16 }
+
+   sect283r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 17 }
+
+   secp384r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 34 }
+
+   sect409k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 36 }
+
+   sect409r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 37 }
+
+   secp521r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 35 }
+
+   sect571k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 38 }
+
+   sect571r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 39 }
+
+   -- RSA with MD-2
+
+   sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER md2WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-md2 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption }
+   }
+
+   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 2 }
+
+   -- RSA with MD-5
+
+   sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER md5WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-md5 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption }
+   }
+
+   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 4 }
+
+   -- RSA with SHA-1
+
+   sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER sha1WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
+   }
+
+   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 5 }
+
+   -- DSA with SHA-1
+
+   sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha1
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 }
+   }
+
+   dsa-with-sha1 OBJECT IDENTIFIER ::=  {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
+
+   -- DSA with SHA-224
+
+   sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha224
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha224 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 }
+   }
+
+   dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
+
+   -- DSA with SHA-256
+
+   sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha256
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha256 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 }
+   }
+
+   dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
+
+   -- ECDSA with SHA-1
+
+   sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA1
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 }
+   }
+
+   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045)
+    signatures(4) 1 }
+
+   -- ECDSA with SHA-224
+
+   sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA224
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha224 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 }
+   }
+
+   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 1 }
+
+   -- ECDSA with SHA-256
+
+   sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA256
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha256 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 }
+   }
+
+   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 2 }
+
+   -- ECDSA with SHA-384
+
+   sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA384
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha384 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 }
+   }
+   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 3 }
+
+   -- ECDSA with SHA-512
+
+   sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA512
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha512 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
+   }
+
+   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 4 }
+
+   --
+   -- Signature Values
+   --
+
+   -- DSA
+
+   DSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   -- ECDSA
+
+   ECDSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   --
+   -- Message Digest Algorithms (mda-)
+   --
+
+   HashAlgs DIGEST-ALGORITHM ::= {
+    mda-md2    |
+    mda-md5    |
+    mda-sha1,
+    ... -- Extensible
+   }
+   -- MD-2
+
+   mda-md2 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-md2
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-md2  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 2 }
+
+   -- MD-5
+
+   mda-md5 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-md5
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-md5  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 5 }
+
+   -- SHA-1
+
+   mda-sha1 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-sha1
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-sha1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) oiw(14) secsig(3)
+    algorithm(2) 26 }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1
new file mode 100644
index 0000000000..3ab074643f
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1
@@ -0,0 +1,292 @@
+   PKIXAttributeCertificate-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47)}
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AttributeSet{}, Extensions{}, SecurityCategory{},
+           EXTENSION, ATTRIBUTE, SECURITY-CATEGORY
+   FROM PKIX-CommonTypes-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+   AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+      -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
+      -- PKIX Certificate Extensions
+
+   CertificateSerialNumber, UniqueIdentifier, id-pkix, id-pe, id-kp,
+       id-ad, id-at, SIGNED{}, SignatureAlgorithms
+   FROM PKIX1Explicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+   GeneralName, GeneralNames, id-ce, ext-AuthorityKeyIdentifier,
+       ext-AuthorityInfoAccess, ext-CRLDistributionPoints
+   FROM PKIX1Implicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+   ContentInfo
+     FROM CryptographicMessageSyntax-2009
+       { iso(1) member-body(2) us(840) rsadsi(113549)
+       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) };
+   --  Define the set of extensions that can appear.
+   --  Some of these are imported from PKIX Cert
+
+   AttributeCertExtensions EXTENSION ::= {
+       ext-auditIdentity | ext-targetInformation |
+       ext-AuthorityKeyIdentifier | ext-AuthorityInfoAccess |
+       ext-CRLDistributionPoints | ext-noRevAvail | ext-ac-proxying |
+       ext-aaControls, ... }
+
+   ext-auditIdentity EXTENSION ::= { SYNTAX
+       OCTET STRING IDENTIFIED BY id-pe-ac-auditIdentity}
+
+   ext-targetInformation EXTENSION ::= { SYNTAX
+       Targets IDENTIFIED BY id-ce-targetInformation }
+
+   ext-noRevAvail EXTENSION ::= { SYNTAX
+       NULL IDENTIFIED BY id-ce-noRevAvail}
+
+   ext-ac-proxying EXTENSION ::= { SYNTAX
+       ProxyInfo IDENTIFIED BY id-pe-ac-proxying}
+
+   ext-aaControls EXTENSION ::= { SYNTAX
+       AAControls IDENTIFIED BY id-pe-aaControls}
+
+   -- Define the set of attributes used here
+
+   AttributesDefined ATTRIBUTE ::= {  at-authenticationInfo |
+        at-accesIdentity | at-chargingIdentity | at-group |
+        at-role | at-clearance | at-encAttrs, ...}
+
+   at-authenticationInfo ATTRIBUTE ::= { TYPE SvceAuthInfo
+       IDENTIFIED BY id-aca-authenticationInfo}
+
+   at-accesIdentity ATTRIBUTE ::= { TYPE SvceAuthInfo
+       IDENTIFIED BY id-aca-accessIdentity}
+
+   at-chargingIdentity ATTRIBUTE ::= { TYPE IetfAttrSyntax
+       IDENTIFIED BY id-aca-chargingIdentity}
+
+   at-group ATTRIBUTE ::= { TYPE IetfAttrSyntax
+       IDENTIFIED BY id-aca-group}
+
+   at-role ATTRIBUTE ::= { TYPE RoleSyntax
+       IDENTIFIED BY id-at-role}
+
+   at-clearance ATTRIBUTE ::= { TYPE Clearance
+       IDENTIFIED BY id-at-clearance}
+   at-clearance-RFC3281 ATTRIBUTE ::= {TYPE Clearance-rfc3281
+       IDENTIFIED BY id-at-clearance-rfc3281 }
+
+   at-encAttrs ATTRIBUTE ::= { TYPE ContentInfo
+       IDENTIFIED BY id-aca-encAttrs}
+
+   --
+   --  OIDs used by Attribute Certificate Extensions
+   --
+
+   id-pe-ac-auditIdentity       OBJECT IDENTIFIER ::= { id-pe 4 }
+   id-pe-aaControls             OBJECT IDENTIFIER ::= { id-pe 6 }
+   id-pe-ac-proxying            OBJECT IDENTIFIER ::= { id-pe 10 }
+   id-ce-targetInformation      OBJECT IDENTIFIER ::= { id-ce 55 }
+   id-ce-noRevAvail             OBJECT IDENTIFIER ::= { id-ce 56 }
+
+   --
+   --  OIDs used by Attribute Certificate Attributes
+   --
+
+   id-aca                       OBJECT IDENTIFIER ::= { id-pkix 10 }
+
+   id-aca-authenticationInfo    OBJECT IDENTIFIER ::= { id-aca 1 }
+   id-aca-accessIdentity        OBJECT IDENTIFIER ::= { id-aca 2 }
+   id-aca-chargingIdentity      OBJECT IDENTIFIER ::= { id-aca 3 }
+   id-aca-group                 OBJECT IDENTIFIER ::= { id-aca 4 }
+   -- { id-aca 5 } is reserved
+   id-aca-encAttrs              OBJECT IDENTIFIER ::= { id-aca 6 }
+
+   id-at-role                   OBJECT IDENTIFIER ::= { id-at 72}
+   id-at-clearance              OBJECT IDENTIFIER ::= {
+        joint-iso-ccitt(2) ds(5) attributeType(4) clearance (55) }
+
+   -- Uncomment the following declaration and comment the above line if
+   -- using the id-at-clearance attribute as defined in [RFC3281]
+   -- id-at-clearance ::= id-at-clearance-3281
+
+   id-at-clearance-rfc3281              OBJECT IDENTIFIER ::= {
+       joint-iso-ccitt(2) ds(5) module(1) selected-attribute-types(5)
+       clearance (55) }
+
+   --
+   --  The syntax of an Attribute Certificate
+   --
+
+   AttributeCertificate ::= SIGNED{AttributeCertificateInfo}
+
+   AttributeCertificateInfo ::= SEQUENCE {
+       version        AttCertVersion,  -- version is v2
+       holder         Holder,
+       issuer         AttCertIssuer,
+       signature      AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                          {SignatureAlgorithms}},
+       serialNumber   CertificateSerialNumber,
+       attrCertValidityPeriod   AttCertValidityPeriod,
+       attributes     SEQUENCE OF
+                          AttributeSet{{AttributesDefined}},
+       issuerUniqueID UniqueIdentifier OPTIONAL,
+       extensions     Extensions{{AttributeCertExtensions}} OPTIONAL
+   }
+
+   AttCertVersion ::= INTEGER { v2(1) }
+
+   Holder ::= SEQUENCE {
+       baseCertificateID   [0] IssuerSerial OPTIONAL,
+                 -- the issuer and serial number of
+                 -- the holder's Public Key Certificate
+       entityName          [1] GeneralNames OPTIONAL,
+                 -- the name of the claimant or role
+       objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
+                 -- used to directly authenticate the
+                 -- holder, for example, an executable
+   }
+
+   ObjectDigestInfo    ::= SEQUENCE {
+       digestedObjectType  ENUMERATED {
+            publicKey            (0),
+            publicKeyCert        (1),
+            otherObjectTypes     (2) },
+               -- otherObjectTypes MUST NOT
+               -- be used in this profile
+       otherObjectTypeID   OBJECT IDENTIFIER  OPTIONAL,
+       digestAlgorithm     AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+       objectDigest        BIT STRING
+   }
+
+   AttCertIssuer ::= CHOICE {
+       v1Form   GeneralNames,  -- MUST NOT be used in this
+                               -- profile
+       v2Form   [0] V2Form     -- v2 only
+   }
+
+   V2Form ::= SEQUENCE {
+       issuerName            GeneralNames  OPTIONAL,
+       baseCertificateID     [0] IssuerSerial  OPTIONAL,
+       objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
+          -- issuerName MUST be present in this profile
+          -- baseCertificateID and objectDigestInfo MUST
+          -- NOT be present in this profile
+   }
+
+   IssuerSerial  ::=  SEQUENCE {
+       issuer         GeneralNames,
+       serial         CertificateSerialNumber,
+       issuerUID      UniqueIdentifier OPTIONAL
+   }
+
+   AttCertValidityPeriod  ::= SEQUENCE {
+       notBeforeTime  GeneralizedTime,
+       notAfterTime   GeneralizedTime
+   }
+
+   --
+   -- Syntax used by Attribute Certificate Extensions
+   --
+
+   Targets ::= SEQUENCE OF Target
+
+   Target  ::= CHOICE {
+       targetName     [0] GeneralName,
+       targetGroup    [1] GeneralName,
+       targetCert     [2] TargetCert
+   }
+
+   TargetCert  ::= SEQUENCE {
+       targetCertificate  IssuerSerial,
+       targetName         GeneralName OPTIONAL,
+       certDigestInfo     ObjectDigestInfo OPTIONAL
+   }
+
+   AAControls ::= SEQUENCE {
+       pathLenConstraint INTEGER (0..MAX) OPTIONAL,
+       permittedAttrs    [0] AttrSpec OPTIONAL,
+       excludedAttrs     [1] AttrSpec OPTIONAL,
+       permitUnSpecified BOOLEAN DEFAULT TRUE
+   }
+
+   AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
+
+   ProxyInfo ::= SEQUENCE OF Targets
+
+   --
+   --  Syntax used by Attribute Certificate Attributes
+   --
+   IetfAttrSyntax ::= SEQUENCE {
+      policyAuthority[0] GeneralNames    OPTIONAL,
+      values         SEQUENCE OF CHOICE {
+                     octets    OCTET STRING,
+                     oid       OBJECT IDENTIFIER,
+                     string    UTF8String
+     }
+   }
+
+   SvceAuthInfo ::=    SEQUENCE {
+       service       GeneralName,
+       ident         GeneralName,
+       authInfo      OCTET STRING OPTIONAL
+   }
+
+   RoleSyntax ::= SEQUENCE {
+       roleAuthority  [0] GeneralNames OPTIONAL,
+       roleName       [1] GeneralName
+   }
+
+   Clearance ::= SEQUENCE {
+       policyId            OBJECT IDENTIFIER,
+       classList           ClassList DEFAULT {unclassified},
+       securityCategories  SET OF SecurityCategory
+                                {{SupportedSecurityCategories}} OPTIONAL
+   }
+
+   -- Uncomment the following lines to support deprecated clearance
+   -- syntax and comment out previous Clearance.
+
+   -- Clearance ::= Clearance-rfc3281
+
+   Clearance-rfc3281  ::=  SEQUENCE {
+       policyId       [0] OBJECT IDENTIFIER,
+       classList      [1] ClassList DEFAULT {unclassified},
+       securityCategories [2] SET OF SecurityCategory-rfc3281
+                              {{SupportedSecurityCategories}} OPTIONAL
+   }
+
+   ClassList  ::=  BIT STRING {
+       unmarked       (0),
+       unclassified   (1),
+       restricted     (2),
+       confidential   (3),
+       secret         (4),
+       topSecret      (5)
+   }
+   SupportedSecurityCategories SECURITY-CATEGORY ::= { ... }
+
+   SecurityCategory-rfc3281{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
+       type      [0]  IMPLICIT SECURITY-CATEGORY.
+               &id({Supported}),
+       value     [1]  EXPLICIT SECURITY-CATEGORY.
+               &Type({Supported}{@type})
+   }
+
+   ACClearAttrs ::= SEQUENCE {
+       acIssuer          GeneralName,
+       acSerial          INTEGER,
+       attrs             SEQUENCE OF AttributeSet{{AttributesDefined}}
+   }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1
new file mode 100644
index 0000000000..968a142f28
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1
@@ -0,0 +1,495 @@
+ PKIXCMP-2009
+     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) }
+ DEFINITIONS EXPLICIT TAGS ::=
+ BEGIN
+ IMPORTS
+
+ AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE
+ FROM PKIX-CommonTypes-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+ AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
+     DIGEST-ALGORITHM, MAC-ALGORITHM
+ FROM AlgorithmInformation-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-algorithmInformation-02(58)}
+
+ Certificate, CertificateList
+ FROM PKIX1Explicit-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+ GeneralName, KeyIdentifier
+ FROM PKIX1Implicit-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+ CertTemplate, PKIPublicationInfo, EncryptedValue, CertId,
+     CertReqMessages
+ FROM PKIXCRMF-2009
+     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) }
+ -- see also the behavioral clarifications to CRMF codified in
+ -- Appendix C of this specification
+
+ CertificationRequest
+ FROM PKCS-10
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
+ -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
+ -- tags).  Alternatively, implementers may directly include
+ -- the [PKCS10] syntax in this module
+ ;
+
+ -- the rest of the module contains locally defined OIDs and
+ -- constructs
+
+ CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... }
+ -- This syntax, while bits-on-the-wire compatible with the
+ -- standard X.509 definition of "Certificate", allows the
+ -- possibility of future certificate types (such as X.509
+ -- attribute certificates, WAP WTLS certificates, or other kinds
+ -- of certificates) within this certificate management protocol,
+ -- should a need ever arise to support such generality.  Those
+ -- implementations that do not foresee a need to ever support
+ -- other certificate types MAY, if they wish, comment out the
+ -- above structure and "uncomment" the following one prior to
+ -- compiling this ASN.1 module.  (Note that interoperability
+ -- with implementations that don't do this will be unaffected by
+ -- this change.)
+
+ -- CMPCertificate ::= Certificate
+
+ PKIMessage ::= SEQUENCE {
+     header           PKIHeader,
+     body             PKIBody,
+     protection   [0] PKIProtection OPTIONAL,
+     extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                   OPTIONAL }
+
+ PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+
+ PKIHeader ::= SEQUENCE {
+     pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+     sender              GeneralName,
+     -- identifies the sender
+     recipient           GeneralName,
+     -- identifies the intended recipient
+     messageTime     [0] GeneralizedTime         OPTIONAL,
+     -- time of production of this message (used when sender
+     -- believes that the transport will be "suitable"; i.e.,
+     -- that the time will still be meaningful upon receipt)
+     protectionAlg   [1] AlgorithmIdentifier{ALGORITHM, {...}}
+                             OPTIONAL,
+     -- algorithm used for calculation of protection bits
+     senderKID       [2] KeyIdentifier           OPTIONAL,
+     recipKID        [3] KeyIdentifier           OPTIONAL,
+     -- to identify specific keys used for protection
+     transactionID   [4] OCTET STRING            OPTIONAL,
+     -- identifies the transaction; i.e., this will be the same in
+     -- corresponding request, response, certConf, and PKIConf
+     -- messages
+     senderNonce     [5] OCTET STRING            OPTIONAL,
+     recipNonce      [6] OCTET STRING            OPTIONAL,
+     -- nonces used to provide replay protection, senderNonce
+     -- is inserted by the creator of this message; recipNonce
+     -- is a nonce previously inserted in a related message by
+     -- the intended recipient of this message
+     freeText        [7] PKIFreeText             OPTIONAL,
+     -- this may be used to indicate context-specific instructions
+     -- (this field is intended for human consumption)
+     generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
+                         InfoTypeAndValue     OPTIONAL
+     -- this may be used to convey context-specific information
+     -- (this field not primarily intended for human consumption)
+ }
+
+ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+     -- text encoded as UTF-8 String [RFC3629] (note: each
+     -- UTF8String MAY include an [RFC3066] language tag
+     -- to indicate the language of the contained text;
+     -- see [RFC2482] for details)
+
+ PKIBody ::= CHOICE {       -- message-specific body elements
+     ir       [0]  CertReqMessages,        --Initialization Request
+     ip       [1]  CertRepMessage,         --Initialization Response
+     cr       [2]  CertReqMessages,        --Certification Request
+     cp       [3]  CertRepMessage,         --Certification Response
+     p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
+     popdecc  [5]  POPODecKeyChallContent, --pop Challenge
+     popdecr  [6]  POPODecKeyRespContent,  --pop Response
+     kur      [7]  CertReqMessages,        --Key Update Request
+     kup      [8]  CertRepMessage,         --Key Update Response
+     krr      [9]  CertReqMessages,        --Key Recovery Request
+     krp      [10] KeyRecRepContent,       --Key Recovery Response
+     rr       [11] RevReqContent,          --Revocation Request
+     rp       [12] RevRepContent,          --Revocation Response
+     ccr      [13] CertReqMessages,        --Cross-Cert. Request
+     ccp      [14] CertRepMessage,         --Cross-Cert. Response
+     ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
+     cann     [16] CertAnnContent,         --Certificate Ann.
+     rann     [17] RevAnnContent,          --Revocation Ann.
+     crlann   [18] CRLAnnContent,          --CRL Announcement
+     pkiconf  [19] PKIConfirmContent,      --Confirmation
+     nested   [20] NestedMessageContent,   --Nested Message
+     genm     [21] GenMsgContent,          --General Message
+     genp     [22] GenRepContent,          --General Response
+     error    [23] ErrorMsgContent,        --Error Message
+     certConf [24] CertConfirmContent,     --Certificate confirm
+     pollReq  [25] PollReqContent,         --Polling request
+     pollRep  [26] PollRepContent          --Polling response
+ }
+
+ PKIProtection ::= BIT STRING
+
+ ProtectedPart ::= SEQUENCE {
+     header    PKIHeader,
+     body      PKIBody }
+
+ id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     usa(840) nt(113533) nsn(7) algorithms(66) 13 }
+ PBMParameter ::= SEQUENCE {
+     salt                OCTET STRING,
+     -- note:  implementations MAY wish to limit acceptable sizes
+     -- of this string to values appropriate for their environment
+     -- in order to reduce the risk of denial-of-service attacks
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     iterationCount      INTEGER,
+     -- number of times the OWF is applied
+     -- note:  implementations MAY wish to limit acceptable sizes
+     -- of this integer to values appropriate for their environment
+     -- in order to reduce the risk of denial-of-service attacks
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     -- or HMAC [RFC2104, RFC2202])
+ }
+
+ id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     usa(840) nt(113533) nsn(7) algorithms(66) 30 }
+ DHBMParameter ::= SEQUENCE {
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     -- or HMAC [RFC2104, RFC2202])
+ }
+
+ PKIStatus ::= INTEGER {
+     accepted               (0),
+     -- you got exactly what you asked for
+     grantedWithMods        (1),
+     -- you got something like what you asked for; the
+     -- requester is responsible for ascertaining the differences
+     rejection              (2),
+     -- you don't get it, more information elsewhere in the message
+     waiting                (3),
+     -- the request body part has not yet been processed; expect to
+     -- hear more later (note: proper handling of this status
+     -- response MAY use the polling req/rep PKIMessages specified
+     -- in Section 5.3.22; alternatively, polling in the underlying
+     -- transport layer MAY have some utility in this regard)
+     revocationWarning      (4),
+     -- this message contains a warning that a revocation is
+     -- imminent
+     revocationNotification (5),
+     -- notification that a revocation has occurred
+     keyUpdateWarning       (6)
+     -- update already done for the oldCertId specified in
+     -- CertReqMsg
+ }
+
+ PKIFailureInfo ::= BIT STRING {
+ -- since we can fail in more than one way!
+ -- More codes may be added in the future if/when required.
+     badAlg              (0),
+     -- unrecognized or unsupported Algorithm Identifier
+     badMessageCheck     (1),
+     -- integrity check failed (e.g., signature did not verify)
+     badRequest          (2),
+     -- transaction not permitted or supported
+     badTime             (3),
+     -- messageTime was not sufficiently close to the system time,
+     -- as defined by local policy
+     badCertId           (4),
+     -- no certificate could be found matching the provided criteria
+     badDataFormat       (5),
+     -- the data submitted has the wrong format
+     wrongAuthority      (6),
+     -- the authority indicated in the request is different from the
+     -- one creating the response token
+     incorrectData       (7),
+     -- the requester's data is incorrect (for notary services)
+     missingTimeStamp    (8),
+     -- when the timestamp is missing but should be there
+     -- (by policy)
+     badPOP              (9),
+     -- the proof-of-possession failed
+     certRevoked         (10),
+     -- the certificate has already been revoked
+     certConfirmed       (11),
+     -- the certificate has already been confirmed
+     wrongIntegrity      (12),
+     -- invalid integrity, password based instead of signature or
+     -- vice versa
+     badRecipientNonce   (13),
+     -- invalid recipient nonce, either missing or wrong value
+     timeNotAvailable    (14),
+     -- the TSA's time source is not available
+     unacceptedPolicy    (15),
+     -- the requested TSA policy is not supported by the TSA
+     unacceptedExtension (16),
+     -- the requested extension is not supported by the TSA
+     addInfoNotAvailable (17),
+     -- the additional information requested could not be
+     -- understood or is not available
+     badSenderNonce      (18),
+     -- invalid sender nonce, either missing or wrong size
+     badCertTemplate     (19),
+     -- invalid cert. template or missing mandatory information
+     signerNotTrusted    (20),
+     -- signer of the message unknown or not trusted
+     transactionIdInUse  (21),
+     -- the transaction identifier is already in use
+     unsupportedVersion  (22),
+     -- the version of the message is not supported
+     notAuthorized       (23),
+     -- the sender was not authorized to make the preceding
+     -- request or perform the preceding action
+     systemUnavail       (24),
+     -- the request cannot be handled due to system unavailability
+     systemFailure       (25),
+     -- the request cannot be handled due to system failure
+     duplicateCertReq    (26)
+     -- certificate cannot be issued because a duplicate
+     -- certificate already exists
+ }
+
+ PKIStatusInfo ::= SEQUENCE {
+     status        PKIStatus,
+     statusString  PKIFreeText     OPTIONAL,
+     failInfo      PKIFailureInfo  OPTIONAL }
+
+ OOBCert ::= CMPCertificate
+
+ OOBCertHash ::= SEQUENCE {
+     hashAlg     [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
+                         OPTIONAL,
+     certId      [1] CertId                  OPTIONAL,
+     hashVal         BIT STRING
+     -- hashVal is calculated over the DER encoding of the
+     -- self-signed certificate with the identifier certID.
+ }
+
+ POPODecKeyChallContent ::= SEQUENCE OF Challenge
+ -- One Challenge per encryption key certification request (in the
+ -- same order as these requests appear in CertReqMessages).
+
+ Challenge ::= SEQUENCE {
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
+                             OPTIONAL,
+     -- MUST be present in the first Challenge; MAY be omitted in
+     -- any subsequent Challenge in POPODecKeyChallContent (if
+     -- omitted, then the owf used in the immediately preceding
+     -- Challenge is to be used).
+     witness             OCTET STRING,
+     -- the result of applying the one-way function (owf) to a
+     -- randomly-generated INTEGER, A.  [Note that a different
+     -- INTEGER MUST be used for each Challenge.]
+     challenge           OCTET STRING
+     -- the encryption (under the public key for which the cert.
+     -- request is being made) of Rand, where Rand is specified as
+     --   Rand ::= SEQUENCE {
+     --      int      INTEGER,
+     --       - the randomly-generated INTEGER A (above)
+     --      sender   GeneralName
+     --       - the sender's name (as included in PKIHeader)
+     --   }
+ }
+
+ POPODecKeyRespContent ::= SEQUENCE OF INTEGER
+ -- One INTEGER per encryption key certification request (in the
+ -- same order as these requests appear in CertReqMessages).  The
+ -- retrieved INTEGER A (above) is returned to the sender of the
+ -- corresponding Challenge.
+
+ CertRepMessage ::= SEQUENCE {
+     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                   OPTIONAL,
+     response         SEQUENCE OF CertResponse }
+
+ CertResponse ::= SEQUENCE {
+     certReqId           INTEGER,
+     -- to match this response with the corresponding request (a value
+     -- of -1 is to be used if certReqId is not specified in the
+     -- corresponding request)
+     status              PKIStatusInfo,
+     certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
+     rspInfo             OCTET STRING        OPTIONAL
+     -- analogous to the id-regInfo-utf8Pairs string defined
+     -- for regInfo in CertReqMsg [RFC4211]
+ }
+
+ CertifiedKeyPair ::= SEQUENCE {
+     certOrEncCert       CertOrEncCert,
+     privateKey      [0] EncryptedValue      OPTIONAL,
+     -- see [RFC4211] for comment on encoding
+     publicationInfo [1] PKIPublicationInfo  OPTIONAL }
+
+ CertOrEncCert ::= CHOICE {
+     certificate     [0] CMPCertificate,
+     encryptedCert   [1] EncryptedValue }
+ KeyRecRepContent ::= SEQUENCE {
+     status                  PKIStatusInfo,
+     newSigCert          [0] CMPCertificate OPTIONAL,
+     caCerts             [1] SEQUENCE SIZE (1..MAX) OF
+                                      CMPCertificate OPTIONAL,
+     keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
+                                      CertifiedKeyPair OPTIONAL }
+
+ RevReqContent ::= SEQUENCE OF RevDetails
+
+ RevDetails ::= SEQUENCE {
+     certDetails         CertTemplate,
+     -- allows requester to specify as much as they can about
+     -- the cert. for which revocation is requested
+     -- (e.g., for cases in which serialNumber is not available)
+     crlEntryDetails     Extensions{{...}}    OPTIONAL
+     -- requested crlEntryExtensions
+ }
+
+ RevRepContent ::= SEQUENCE {
+     status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+     -- in same order as was sent in RevReqContent
+     revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
+     -- IDs for which revocation was requested
+     -- (same order as status)
+     crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
+     -- the resulting CRLs (there may be more than one)
+ }
+
+ CAKeyUpdAnnContent ::= SEQUENCE {
+     oldWithNew   CMPCertificate, -- old pub signed with new priv
+     newWithOld   CMPCertificate, -- new pub signed with old priv
+     newWithNew   CMPCertificate  -- new pub signed with new priv
+ }
+
+ CertAnnContent ::= CMPCertificate
+
+ RevAnnContent ::= SEQUENCE {
+     status              PKIStatus,
+     certId              CertId,
+     willBeRevokedAt     GeneralizedTime,
+     badSinceDate        GeneralizedTime,
+     crlDetails          Extensions{{...}}  OPTIONAL
+     -- extra CRL details (e.g., crl number, reason, location, etc.)
+ }
+
+ CRLAnnContent ::= SEQUENCE OF CertificateList
+ PKIConfirmContent ::= NULL
+
+ NestedMessageContent ::= PKIMessages
+
+ INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER
+
+ InfoTypeAndValue ::= SEQUENCE {
+     infoType    INFO-TYPE-AND-VALUE.
+                     &id({SupportedInfoSet}),
+     infoValue   INFO-TYPE-AND-VALUE.
+                     &Type({SupportedInfoSet}{@infoType}) }
+
+ SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... }
+
+ -- Example InfoTypeAndValue contents include, but are not limited
+ -- to, the following (uncomment in this ASN.1 module and use as
+ -- appropriate for a given environment):
+ --
+ --   id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
+ --      CAProtEncCertValue      ::= CMPCertificate
+ --   id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
+ --      SignKeyPairTypesValue   ::= SEQUENCE OF
+ --                                      AlgorithmIdentifier{{...}}
+ --   id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
+ --      EncKeyPairTypesValue    ::= SEQUENCE OF
+ --                                      AlgorithmIdentifier{{...}}
+ --   id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
+ --      PreferredSymmAlgValue   ::= AlgorithmIdentifier{{...}}
+ --   id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
+ --      CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
+ --   id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
+ --      CurrentCRLValue         ::= CertificateList
+ --   id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
+ --      UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
+ --   id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
+ --      KeyPairParamReqValue    ::= OBJECT IDENTIFIER
+ --   id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
+ --      KeyPairParamRepValue    ::= AlgorithmIdentifer
+ --   id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
+ --      RevPassphraseValue      ::= EncryptedValue
+ --   id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
+ --      ImplicitConfirmValue    ::= NULL
+ --   id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
+ --      ConfirmWaitTimeValue    ::= GeneralizedTime
+ --   id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
+ --      OrigPKIMessageValue     ::= PKIMessages
+ --   id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
+ --      SuppLangTagsValue       ::= SEQUENCE OF UTF8String
+ --
+ -- where
+ --
+ --   id-pkix OBJECT IDENTIFIER ::= {
+ --      iso(1) identified-organization(3)
+ --      dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
+ -- and
+ --   id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
+ --
+ --
+ -- This construct MAY also be used to define new PKIX Certificate
+ -- Management Protocol request and response messages, or general-
+ -- purpose (e.g., announcement) messages for future needs or for
+ -- specific environments.
+
+ GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
+
+ -- May be sent by EE, RA, or CA (depending on message content).
+ -- The OPTIONAL infoValue parameter of InfoTypeAndValue will
+ -- typically be omitted for some of the examples given above.
+ -- The receiver is free to ignore any contained OBJECT IDs that it
+ -- does not recognize.  If sent from EE to CA, the empty set
+ -- indicates that the CA may send
+ -- any/all information that it wishes.
+
+ GenRepContent ::= SEQUENCE OF InfoTypeAndValue
+ -- Receiver MAY ignore any contained OIDs that it does not
+ -- recognize.
+
+ ErrorMsgContent ::= SEQUENCE {
+     pKIStatusInfo          PKIStatusInfo,
+     errorCode              INTEGER           OPTIONAL,
+     -- implementation-specific error codes
+     errorDetails           PKIFreeText       OPTIONAL
+     -- implementation-specific error details
+ }
+
+ CertConfirmContent ::= SEQUENCE OF CertStatus
+
+ CertStatus ::= SEQUENCE {
+     certHash    OCTET STRING,
+     -- the hash of the certificate, using the same hash algorithm
+     -- as is used to create and verify the certificate signature
+     certReqId   INTEGER,
+     -- to match this confirmation with the corresponding req/rep
+     statusInfo  PKIStatusInfo OPTIONAL }
+
+ PollReqContent ::= SEQUENCE OF SEQUENCE {
+     certReqId              INTEGER }
+
+ PollRepContent ::= SEQUENCE OF SEQUENCE {
+     certReqId              INTEGER,
+     checkAfter             INTEGER,  -- time in seconds
+     reason                 PKIFreeText OPTIONAL }
+
+ END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1
new file mode 100644
index 0000000000..1c0b780499
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1
@@ -0,0 +1,409 @@
+  PKIXCRMF-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE,
+      SingleAttribute{}
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkixCommon-02(57) }
+
+  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
+      DIGEST-ALGORITHM, MAC-ALGORITHM, PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  Version, Name, Time, SubjectPublicKeyInfo, UniqueIdentifier, id-pkix,
+      SignatureAlgorithms
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  GeneralName, CertExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  EnvelopedData, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41)}
+  maca-hMAC-SHA1
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+      { iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56) } ;
+
+  -- arc for Internet X.509 PKI protocols and their components
+
+  id-pkip  OBJECT IDENTIFIER ::= { id-pkix 5 }
+
+  id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+       us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
+
+  id-ct   OBJECT IDENTIFIER ::= { id-smime  1 }  -- content types
+
+  -- Core definitions for this module
+
+  CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
+
+  CertReqMsg ::= SEQUENCE {
+      certReq   CertRequest,
+      popo       ProofOfPossession  OPTIONAL,
+      -- content depends upon key type
+      regInfo   SEQUENCE SIZE(1..MAX) OF
+          SingleAttribute{{RegInfoSet}} OPTIONAL }
+
+  CertRequest ::= SEQUENCE {
+      certReqId     INTEGER,
+      -- ID for matching request and reply
+      certTemplate  CertTemplate,
+      -- Selected fields of cert to be issued
+      controls      Controls OPTIONAL }
+      -- Attributes affecting issuance
+
+  CertTemplate ::= SEQUENCE {
+      version      [0] Version               OPTIONAL,
+      serialNumber [1] INTEGER               OPTIONAL,
+      signingAlg   [2] AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                           {SignatureAlgorithms}}   OPTIONAL,
+      issuer       [3] Name                  OPTIONAL,
+      validity     [4] OptionalValidity      OPTIONAL,
+      subject      [5] Name                  OPTIONAL,
+      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
+      issuerUID    [7] UniqueIdentifier      OPTIONAL,
+      subjectUID   [8] UniqueIdentifier      OPTIONAL,
+      extensions   [9] Extensions{{CertExtensions}}  OPTIONAL }
+
+  OptionalValidity ::= SEQUENCE {
+      notBefore  [0] Time OPTIONAL,
+      notAfter   [1] Time OPTIONAL } -- at least one MUST be present
+
+  Controls  ::= SEQUENCE SIZE(1..MAX) OF SingleAttribute
+                    {{RegControlSet}}
+
+  ProofOfPossession ::= CHOICE {
+      raVerified        [0] NULL,
+      -- used if the RA has already verified that the requester is in
+      -- possession of the private key
+      signature         [1] POPOSigningKey,
+      keyEncipherment   [2] POPOPrivKey,
+      keyAgreement      [3] POPOPrivKey }
+
+  POPOSigningKey ::= SEQUENCE {
+      poposkInput           [0] POPOSigningKeyInput OPTIONAL,
+      algorithmIdentifier   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                {SignatureAlgorithms}},
+      signature             BIT STRING }
+      -- The signature (using "algorithmIdentifier") is on the
+      -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
+      -- certReq CertTemplate contains the subject and publicKey values,
+      -- then poposkInput MUST be omitted and the signature MUST be
+      -- computed over the DER-encoded value of CertReqMsg certReq.  If
+      -- the CertReqMsg certReq CertTemplate does not contain both the
+      -- public key and subject values (i.e., if it contains only one
+      -- of these, or neither), then poposkInput MUST be present and
+      -- MUST be signed.
+
+  POPOSigningKeyInput ::= SEQUENCE {
+      authInfo            CHOICE {
+       sender              [0] GeneralName,
+       -- used only if an authenticated identity has been
+       -- established for the sender (e.g., a DN from a
+       -- previously-issued and currently-valid certificate)
+       publicKeyMAC        PKMACValue },
+       -- used if no authenticated GeneralName currently exists for
+       -- the sender; publicKeyMAC contains a password-based MAC
+       -- on the DER-encoded value of publicKey
+      publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
+
+  PKMACValue ::= SEQUENCE {
+      algId  AlgorithmIdentifier{MAC-ALGORITHM,
+                 {Password-MACAlgorithms}},
+      value  BIT STRING }
+
+  --
+  --  Define the currently only acceptable MAC algorithm to be used
+  --  for the PKMACValue structure
+  --
+
+  id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      usa(840) nt(113533) nsn(7) algorithms(66) 13 }
+
+  Password-MACAlgorithms MAC-ALGORITHM ::= {
+      {IDENTIFIER id-PasswordBasedMac
+       PARAMS TYPE PBMParameter ARE required
+       IS-KEYED-MAC TRUE
+      }, ...
+  }
+
+  PBMParameter ::= SEQUENCE {
+     salt                OCTET STRING,
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM,
+                             {DigestAlgorithms}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     iterationCount      INTEGER,
+     -- number of times the OWF is applied
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM,
+                             {MACAlgorithms}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC, or HMAC
+  }
+
+  DigestAlgorithms DIGEST-ALGORITHM ::= {
+     mda-sha1, ...
+  }
+
+  MACAlgorithms MAC-ALGORITHM ::= {
+      -- The modules containing the ASN.1 for the DES and 3DES MAC
+      -- algorithms have not been updated at the time that this is
+      -- being published.  Users of this module should define the
+      -- appropriate MAC-ALGORITHM objects and uncomment the
+      -- following lines if they support these MAC algorithms.
+      -- maca-des-mac | maca-3des-mac --
+      maca-hMAC-SHA1,
+      ...
+  }
+
+  POPOPrivKey ::= CHOICE {
+      thisMessage       [0] BIT STRING,         -- Deprecated
+      -- possession is proven in this message (which contains
+      -- the private key itself (encrypted for the CA))
+      subsequentMessage [1] SubsequentMessage,
+      -- possession will be proven in a subsequent message
+      dhMAC             [2] BIT STRING,         -- Deprecated
+      agreeMAC          [3] PKMACValue,
+      encryptedKey      [4] EnvelopedData }
+      -- for keyAgreement (only), possession is proven in this message
+      -- (which contains a MAC (over the DER-encoded value of the
+      -- certReq parameter in CertReqMsg, which MUST include both
+      -- subject and publicKey) based on a key derived from the end
+      -- entity's private DH key and the CA's public DH key);
+
+  SubsequentMessage ::= INTEGER {
+      encrCert (0),
+      -- requests that resulting certificate be encrypted for the
+      -- end entity (following which, POP will be proven in a
+      -- confirmation message)
+      challengeResp (1) }
+      -- requests that CA engage in challenge-response exchange with
+      -- end entity in order to prove private key possession
+
+  --
+  -- id-ct-encKeyWithID content type used as the content type for the
+  -- EnvelopedData in POPOPrivKey.
+  -- It contains both a private key and an identifier for key escrow
+  -- agents to check against recovery requestors.
+  --
+
+  ct-encKeyWithID CONTENT-TYPE ::=
+      { EncKeyWithID IDENTIFIED BY id-ct-encKeyWithID }
+
+  id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21}
+
+  EncKeyWithID ::= SEQUENCE {
+      privateKey           PrivateKeyInfo,
+      identifier CHOICE {
+          string             UTF8String,
+          generalName        GeneralName
+      } OPTIONAL
+  }
+
+  PrivateKeyInfo ::= SEQUENCE {
+     version                   INTEGER,
+     privateKeyAlgorithm       AlgorithmIdentifier{PUBLIC-KEY, {...}},
+     privateKey                OCTET STRING,
+               --  Structure of public key is in PUBLIC-KEY.&PrivateKey
+     attributes                [0] IMPLICIT Attributes OPTIONAL
+  }
+
+  Attributes ::= SET OF AttributeSet{{PrivateKeyAttributes}}
+  PrivateKeyAttributes ATTRIBUTE ::= {...}
+
+  --
+  -- 6.  Registration Controls in CRMF
+  --
+
+  id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 }
+
+  RegControlSet ATTRIBUTE ::= {
+      regCtrl-regToken | regCtrl-authenticator |
+      regCtrl-pkiPublicationInfo | regCtrl-pkiArchiveOptions |
+      regCtrl-oldCertID | regCtrl-protocolEncrKey, ... }
+
+  --
+  --  6.1.  Registration Token Control
+  --
+
+  regCtrl-regToken ATTRIBUTE ::=
+      { TYPE RegToken IDENTIFIED BY id-regCtrl-regToken }
+
+  id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 }
+
+  RegToken ::= UTF8String
+
+  --
+  --  6.2.  Authenticator Control
+  --
+
+  regCtrl-authenticator ATTRIBUTE ::=
+      { TYPE Authenticator IDENTIFIED BY id-regCtrl-authenticator }
+
+  id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 }
+
+  Authenticator ::= UTF8String
+
+  --
+  --  6.3.  Publication Information Control
+  --
+
+  regCtrl-pkiPublicationInfo ATTRIBUTE ::=
+      { TYPE PKIPublicationInfo IDENTIFIED BY
+          id-regCtrl-pkiPublicationInfo }
+
+  id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 }
+
+  PKIPublicationInfo ::= SEQUENCE {
+      action     INTEGER {
+                     dontPublish (0),
+                     pleasePublish (1) },
+      pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
+      -- pubInfos MUST NOT be present if action is "dontPublish"
+      -- (if action is "pleasePublish" and pubInfos is omitted,
+      -- "dontCare" is assumed)
+
+  SinglePubInfo ::= SEQUENCE {
+      pubMethod    INTEGER {
+          dontCare    (0),
+          x500        (1),
+          web         (2),
+          ldap        (3) },
+      pubLocation  GeneralName OPTIONAL }
+
+  --
+  --  6.4.  Archive Options Control
+  --
+
+  regCtrl-pkiArchiveOptions ATTRIBUTE ::=
+      { TYPE PKIArchiveOptions IDENTIFIED BY
+          id-regCtrl-pkiArchiveOptions }
+
+  id-regCtrl-pkiArchiveOptions OBJECT IDENTIFIER ::= { id-regCtrl 4 }
+
+  PKIArchiveOptions ::= CHOICE {
+      encryptedPrivKey     [0] EncryptedKey,
+      -- the actual value of the private key
+      keyGenParameters     [1] KeyGenParameters,
+      -- parameters that allow the private key to be re-generated
+      archiveRemGenPrivKey [2] BOOLEAN }
+      -- set to TRUE if sender wishes receiver to archive the private
+      -- key of a key pair that the receiver generates in response to
+      -- this request; set to FALSE if no archive is desired.
+
+  EncryptedKey ::= CHOICE {
+      encryptedValue        EncryptedValue,   -- Deprecated
+      envelopedData     [0] EnvelopedData }
+      -- The encrypted private key MUST be placed in the envelopedData
+      -- encryptedContentInfo encryptedContent OCTET STRING.
+
+  --
+  --  We skipped doing the full constraints here since this structure
+  --      has been deprecated in favor of EnvelopedData
+  --
+
+  EncryptedValue ::= SEQUENCE {
+      intendedAlg   [0] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- the intended algorithm for which the value will be used
+      symmAlg       [1] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- the symmetric algorithm used to encrypt the value
+      encSymmKey    [2] BIT STRING           OPTIONAL,
+      -- the (encrypted) symmetric key used to encrypt the value
+      keyAlg        [3] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- algorithm used to encrypt the symmetric key
+      valueHint     [4] OCTET STRING         OPTIONAL,
+      -- a brief description or identifier of the encValue content
+      -- (may be meaningful only to the sending entity, and used only
+      -- if EncryptedValue might be re-examined by the sending entity
+      -- in the future)
+      encValue       BIT STRING }
+      -- the encrypted value itself
+  -- When EncryptedValue is used to carry a private key (as opposed to
+  -- a certificate), implementations MUST support the encValue field
+  -- containing an encrypted PrivateKeyInfo as defined in [PKCS11],
+  -- section 12.11.  If encValue contains some other format/encoding
+  -- for the private key, the first octet of valueHint MAY be used
+  -- to indicate the format/encoding (but note that the possible values
+  -- of this octet are not specified at this time).  In all cases, the
+  -- intendedAlg field MUST be used to indicate at least the OID of
+  -- the intended algorithm of the private key, unless this information
+  -- is known a priori to both sender and receiver by some other means.
+
+  KeyGenParameters ::= OCTET STRING
+
+  --
+  --  6.5.  OldCert ID Control
+  --
+
+  regCtrl-oldCertID ATTRIBUTE ::=
+      { TYPE OldCertId IDENTIFIED BY id-regCtrl-oldCertID }
+
+  id-regCtrl-oldCertID  OBJECT IDENTIFIER ::= { id-regCtrl 5 }
+
+  OldCertId ::= CertId
+
+  CertId ::= SEQUENCE {
+      issuer           GeneralName,
+      serialNumber     INTEGER }
+
+  --
+  -- 6.6.  Protocol Encryption Key Control
+  --
+
+  regCtrl-protocolEncrKey ATTRIBUTE ::=
+      { TYPE ProtocolEncrKey IDENTIFIED BY id-regCtrl-protocolEncrKey }
+  id-regCtrl-protocolEncrKey    OBJECT IDENTIFIER ::= { id-regCtrl 6 }
+
+  ProtocolEncrKey ::= SubjectPublicKeyInfo
+
+  --
+  -- 7.  Registration Info in CRMF
+  --
+
+  id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 }
+
+  RegInfoSet ATTRIBUTE ::=
+      { regInfo-utf8Pairs | regInfo-certReq }
+
+  --
+  -- 7.1.  utf8Pairs RegInfo Control
+  --
+
+  regInfo-utf8Pairs ATTRIBUTE ::=
+      { TYPE UTF8Pairs IDENTIFIED BY id-regInfo-utf8Pairs }
+
+  id-regInfo-utf8Pairs    OBJECT IDENTIFIER ::= { id-regInfo 1 }
+  --with syntax
+  UTF8Pairs ::= UTF8String
+
+  --
+  --  7.2.  certReq RegInfo Control
+  --
+
+  regInfo-certReq ATTRIBUTE ::=
+      { TYPE CertReq IDENTIFIED BY id-regInfo-certReq }
+
+  id-regInfo-certReq       OBJECT IDENTIFIER ::= { id-regInfo 2 }
+  --with syntax
+  CertReq ::= CertRequest
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1
index 5512f1590b..5512f1590b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1
index d6e88a2e47..d6e88a2e47 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1
index 258c5f0b23..258c5f0b23 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1
index c8f3a2ff33..c8f3a2ff33 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1
index 365144ff35..365144ff35 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1
index d00570b7e7..d00570b7e7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1
index 4a59cc403b..4a59cc403b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1
index e55ea3c05e..e55ea3c05e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1
index 671cf0e780..671cf0e780 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1
index b497e4126b..b497e4126b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1
index 73b49c8d7a..73b49c8d7a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1
index e526ff4600..e526ff4600 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1
new file mode 100644
index 0000000000..f74f76ff7c
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1
@@ -0,0 +1,608 @@
+  SCVP-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-scvp-02(52) }
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, PUBLIC-KEY, KEY-AGREE,
+      DIGEST-ALGORITHM, KEY-DERIVATION, MAC-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  Certificate, CertificateList, CertificateSerialNumber,
+      SignatureAlgorithms, SubjectPublicKeyInfo
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }
+
+  GeneralNames, GeneralName, KeyUsage, KeyPurposeId
+  FROM PKIX1Implicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) }
+
+  AttributeCertificate
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) }
+
+  OCSPResponse
+  FROM OCSP-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48) }
+
+  ContentInfo, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41) }
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+      { iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56) } ;
+
+  ContentTypes CONTENT-TYPE ::= {ct-scvp-certValRequest |
+      ct-scvp-certValResponse | ct-scvp-valPolRequest |
+      ct-scvp-valPolResponse, ... }
+
+  id-ct OBJECT IDENTIFIER ::=
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+      id-smime(16) 1 }
+
+  ct-scvp-certValRequest CONTENT-TYPE ::=
+      { CVRequest IDENTIFIED BY id-ct-scvp-certValRequest }
+
+  id-ct-scvp-certValRequest OBJECT IDENTIFIER ::= { id-ct 10 }
+
+  -- SCVP Certificate Validation Request
+
+  CVRequest ::= SEQUENCE {
+      cvRequestVersion           INTEGER DEFAULT 1,
+      query                      Query,
+      requestorRef           [0] GeneralNames OPTIONAL,
+      requestNonce           [1] OCTET STRING OPTIONAL,
+      requestorName          [2] GeneralName OPTIONAL,
+      responderName          [3] GeneralName OPTIONAL,
+      requestExtensions      [4] Extensions{{RequestExtensions}}
+                                     OPTIONAL,
+      signatureAlg           [5] AlgorithmIdentifier
+                                     {SIGNATURE-ALGORITHM,
+                                         {SignatureAlgorithms}}
+                                     OPTIONAL,
+      hashAlg                [6] OBJECT IDENTIFIER OPTIONAL,
+      requestorText          [7] UTF8String (SIZE (1..256)) OPTIONAL
+  }
+
+  -- Set of signature algorithms is coming from RFC 5280
+  -- SignatureAlgorithms SIGNATURE-ALGORITHM ::= {...}
+
+  -- Add supported request extensions here; all new items should
+  --      be added after the extension marker
+
+  RequestExtensions EXTENSION ::= {...}
+
+  Query ::= SEQUENCE {
+      queriedCerts             CertReferences,
+      checks                   CertChecks,
+      wantBack             [1] WantBack OPTIONAL,
+      validationPolicy         ValidationPolicy,
+      responseFlags            ResponseFlags OPTIONAL,
+      serverContextInfo    [2] OCTET STRING OPTIONAL,
+      validationTime       [3] GeneralizedTime OPTIONAL,
+      intermediateCerts    [4] CertBundle OPTIONAL,
+      revInfos             [5] RevocationInfos OPTIONAL,
+      producedAt           [6] GeneralizedTime OPTIONAL,
+      queryExtensions      [7] Extensions{{QueryExtensions}} OPTIONAL
+  }
+
+  -- Add supported query extensions here; all new items should be added
+  --      after the extension marker
+
+  QueryExtensions EXTENSION ::= {...}
+
+  CertReferences ::= CHOICE {
+      pkcRefs       [0] SEQUENCE SIZE (1..MAX) OF PKCReference,
+      acRefs        [1] SEQUENCE SIZE (1..MAX) OF ACReference
+  }
+
+  CertReference::= CHOICE {
+      pkc               PKCReference,
+      ac                ACReference
+  }
+
+  PKCReference ::= CHOICE {
+      cert          [0] Certificate,
+      pkcRef        [1] SCVPCertID
+  }
+
+  ACReference ::= CHOICE {
+      attrCert      [2] AttributeCertificate,
+      acRef         [3] SCVPCertID
+  }
+
+  HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM,
+                        {mda-sha1, ...}}
+
+  SCVPCertID ::= SEQUENCE {
+     certHash        OCTET STRING,
+     issuerSerial    SCVPIssuerSerial,
+     hashAlgorithm   HashAlgorithm
+                         DEFAULT { algorithm mda-sha1.&id }
+  }
+
+  SCVPIssuerSerial ::= SEQUENCE {
+      issuer         GeneralNames,
+      serialNumber   CertificateSerialNumber
+  }
+
+  ValidationPolicy ::= SEQUENCE {
+      validationPolRef           ValidationPolRef,
+      validationAlg          [0] ValidationAlg OPTIONAL,
+      userPolicySet          [1] SEQUENCE SIZE (1..MAX) OF OBJECT
+                                IDENTIFIER OPTIONAL,
+      inhibitPolicyMapping   [2] BOOLEAN OPTIONAL,
+      requireExplicitPolicy  [3] BOOLEAN OPTIONAL,
+      inhibitAnyPolicy       [4] BOOLEAN OPTIONAL,
+      trustAnchors           [5] TrustAnchors OPTIONAL,
+      keyUsages              [6] SEQUENCE OF KeyUsage OPTIONAL,
+      extendedKeyUsages      [7] SEQUENCE OF KeyPurposeId OPTIONAL,
+      specifiedKeyUsages     [8] SEQUENCE OF KeyPurposeId OPTIONAL
+  }
+
+  CertChecks ::= SEQUENCE SIZE (1..MAX) OF
+      OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... )
+
+  WantBack ::= SEQUENCE SIZE (1..MAX) OF
+      WANT-BACK.&id ({AllWantBacks})
+
+  POLICY ::= ATTRIBUTE
+
+  ValidationPolRefSet POLICY ::= {
+      svp-defaultValPolicy, ...
+  }
+
+  ValidationPolRef ::= SEQUENCE {
+     valPolId             POLICY.&id,
+     valPolParams         POLICY.&Type OPTIONAL
+  }
+
+  ValidationAlgSet POLICY ::= {
+          svp-basicValAlg, ...
+  }
+
+  ValidationAlg ::= SEQUENCE {
+      valAlgId               POLICY.&id,
+      parameters             POLICY.&Type OPTIONAL
+  }
+
+  NameValidationAlgSet POLICY ::= {
+      svp-nameValAlg, ...
+  }
+
+  NameValidationAlgParams ::= SEQUENCE {
+      nameCompAlgId          OBJECT IDENTIFIER (NameCompAlgSet, ... ),
+      validationNames        GeneralNames
+  }
+
+  TrustAnchors ::= SEQUENCE SIZE (1..MAX) OF PKCReference
+  KeyAgreePublicKey ::= SEQUENCE {
+      algorithm           AlgorithmIdentifier{KEY-AGREE,
+                              {SupportedKeyAgreePublicKeys}},
+      publicKey           BIT STRING,
+      macAlgorithm        AlgorithmIdentifier{MAC-ALGORITHM,
+                              {SupportedMACAlgorithms}},
+      kDF                 AlgorithmIdentifier{KEY-DERIVATION,
+                              {SupportedKeyDerivationFunctions}}
+                              OPTIONAL
+  }
+
+  SupportedKeyAgreePublicKeys KEY-AGREE ::= {...}
+  SupportedMACAlgorithms MAC-ALGORITHM ::= {...}
+  SupportedKeyDerivationFunctions KEY-DERIVATION ::= {...}
+
+  ResponseFlags ::= SEQUENCE {
+      fullRequestInResponse      [0] BOOLEAN DEFAULT FALSE,
+      responseValidationPolByRef [1] BOOLEAN DEFAULT TRUE,
+      protectResponse            [2] BOOLEAN DEFAULT TRUE,
+      cachedResponse             [3] BOOLEAN DEFAULT TRUE
+  }
+
+  CertBundle ::= SEQUENCE SIZE (1..MAX) OF Certificate
+
+  RevocationInfos ::= SEQUENCE SIZE (1..MAX) OF RevocationInfo
+
+  RevocationInfo ::= CHOICE {
+      crl                    [0] CertificateList,
+      delta-crl              [1] CertificateList,
+      ocsp                   [2] OCSPResponse,
+      other                  [3] OtherRevInfo
+  }
+
+  REV-INFO ::= TYPE-IDENTIFIER
+
+  OtherRevInfo ::= SEQUENCE {
+      riType                     REV-INFO.&id,
+      riValue                    REV-INFO.&Type
+  }
+
+  -- SCVP Certificate Validation Response
+
+  ct-scvp-certValResponse CONTENT-TYPE ::=
+      { CVResponse IDENTIFIED BY id-ct-scvp-certValResponse }
+
+  id-ct-scvp-certValResponse OBJECT IDENTIFIER ::= { id-ct 11 }
+
+  CVResponse ::= SEQUENCE {
+      cvResponseVersion          INTEGER,
+      serverConfigurationID      INTEGER,
+      producedAt                 GeneralizedTime,
+      responseStatus             ResponseStatus,
+      respValidationPolicy   [0] RespValidationPolicy OPTIONAL,
+      requestRef             [1] RequestReference OPTIONAL,
+      requestorRef           [2] GeneralNames OPTIONAL,
+      requestorName          [3] GeneralNames OPTIONAL,
+      replyObjects           [4] ReplyObjects OPTIONAL,
+      respNonce              [5] OCTET STRING OPTIONAL,
+      serverContextInfo      [6] OCTET STRING OPTIONAL,
+      cvResponseExtensions   [7] Extensions{{CVResponseExtensions}}
+                                     OPTIONAL,
+      requestorText          [8] UTF8String (SIZE (1..256)) OPTIONAL
+  }
+
+  --  This document defines no extensions
+  CVResponseExtensions EXTENSION ::= {...}
+
+  ResponseStatus ::= SEQUENCE {
+     statusCode               CVStatusCode DEFAULT  okay,
+     errorMessage             UTF8String OPTIONAL
+  }
+
+  CVStatusCode ::= ENUMERATED {
+     okay                               (0),
+     skipUnrecognizedItems              (1),
+     tooBusy                           (10),
+     invalidRequest                    (11),
+     internalError                     (12),
+     badStructure                      (20),
+     unsupportedVersion                (21),
+     abortUnrecognizedItems            (22),
+     unrecognizedSigKey                (23),
+     badSignatureOrMAC                 (24),
+     unableToDecode                    (25),
+     notAuthorized                     (26),
+     unsupportedChecks                 (27),
+     unsupportedWantBacks              (28),
+     unsupportedSignatureOrMAC         (29),
+     invalidSignatureOrMAC             (30),
+     protectedResponseUnsupported      (31),
+     unrecognizedResponderName         (32),
+     relayingLoop                      (40),
+     unrecognizedValPol                (50),
+     unrecognizedValAlg                (51),
+     fullRequestInResponseUnsupported  (52),
+     fullPolResponseUnsupported        (53),
+     inhibitPolicyMappingUnsupported   (54),
+     requireExplicitPolicyUnsupported  (55),
+     inhibitAnyPolicyUnsupported       (56),
+     validationTimeUnsupported         (57),
+     unrecognizedCritQueryExt          (63),
+     unrecognizedCritRequestExt        (64),
+     ...
+  }
+
+  RespValidationPolicy ::= ValidationPolicy
+
+  RequestReference ::= CHOICE {
+      requestHash   [0] HashValue, -- hash of CVRequest
+      fullRequest   [1] CVRequest }
+
+  HashValue ::= SEQUENCE {
+      algorithm         HashAlgorithm
+                            DEFAULT { algorithm mda-sha1.&id },
+      value             OCTET STRING }
+
+  ReplyObjects ::= SEQUENCE SIZE (1..MAX) OF CertReply
+
+  CertReply ::= SEQUENCE {
+      cert                       CertReference,
+      replyStatus                ReplyStatus DEFAULT success,
+      replyValTime               GeneralizedTime,
+      replyChecks                ReplyChecks,
+      replyWantBacks             ReplyWantBacks,
+      validationErrors       [0] SEQUENCE SIZE (1..MAX) OF
+          OBJECT IDENTIFIER ( BasicValidationErrorSet |
+                              NameValidationErrorSet,
+                              ... ) OPTIONAL,
+      nextUpdate             [1] GeneralizedTime OPTIONAL,
+      certReplyExtensions    [2] Extensions{{...}} OPTIONAL
+  }
+
+  ReplyStatus ::= ENUMERATED {
+      success                    (0),
+      malformedPKC               (1),
+      malformedAC                (2),
+      unavailableValidationTime  (3),
+      referenceCertHashFail      (4),
+      certPathConstructFail      (5),
+      certPathNotValid           (6),
+      certPathNotValidNow        (7),
+      wantBackUnsatisfied        (8)
+  }
+  ReplyChecks ::= SEQUENCE OF ReplyCheck
+
+  ReplyCheck ::= SEQUENCE {
+      check    OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... ),
+      status   INTEGER DEFAULT 0
+  }
+
+  ReplyWantBacks ::= SEQUENCE OF ReplyWantBack
+
+  ReplyWantBack::= SEQUENCE {
+      wb     WANT-BACK.&id({AllWantBacks}),
+      value  OCTET STRING
+                 (CONTAINING WANT-BACK.&Type({AllWantBacks}{@wb}))
+  }
+
+  WANT-BACK ::= TYPE-IDENTIFIER
+
+  AllWantBacks WANT-BACK ::= {
+      WantBackSet | ACertWantBackSet | AnyWantBackSet, ...
+  }
+
+  CertBundles ::= SEQUENCE SIZE (1..MAX) OF CertBundle
+
+  RevInfoWantBack ::= SEQUENCE {
+      revocationInfo             RevocationInfos,
+      extraCerts                 CertBundle OPTIONAL
+  }
+
+  SCVPResponses ::= SEQUENCE OF ContentInfo
+
+  -- SCVP Validation Policies Request
+
+  ct-scvp-valPolRequest CONTENT-TYPE ::=
+      { ValPolRequest IDENTIFIED BY id-ct-scvp-valPolRequest }
+
+  id-ct-scvp-valPolRequest OBJECT IDENTIFIER ::= { id-ct 12 }
+
+  ValPolRequest ::= SEQUENCE {
+      vpRequestVersion           INTEGER DEFAULT 1,
+      requestNonce               OCTET STRING
+  }
+
+  -- SCVP Validation Policies Response
+
+  ct-scvp-valPolResponse CONTENT-TYPE ::=
+      { ValPolResponse IDENTIFIED BY id-ct-scvp-valPolResponse }
+
+  id-ct-scvp-valPolResponse OBJECT IDENTIFIER ::= { id-ct 13 }
+  ValPolResponse ::= SEQUENCE {
+      vpResponseVersion       INTEGER,
+      maxCVRequestVersion     INTEGER,
+      maxVPRequestVersion     INTEGER,
+      serverConfigurationID   INTEGER,
+      thisUpdate              GeneralizedTime,
+      nextUpdate              GeneralizedTime OPTIONAL,
+      supportedChecks         CertChecks,
+      supportedWantBacks      WantBack,
+      validationPolicies      SEQUENCE OF OBJECT IDENTIFIER,
+      validationAlgs          SEQUENCE OF OBJECT IDENTIFIER,
+      authPolicies            SEQUENCE OF AuthPolicy,
+      responseTypes           ResponseTypes,
+      defaultPolicyValues     RespValidationPolicy,
+      revocationInfoTypes     RevocationInfoTypes,
+      signatureGeneration     SEQUENCE OF AlgorithmIdentifier
+                                  {SIGNATURE-ALGORITHM,
+                                      {SignatureAlgorithms}},
+      signatureVerification   SEQUENCE OF AlgorithmIdentifier
+                                  {SIGNATURE-ALGORITHM,
+                                      {SignatureAlgorithms}},
+      hashAlgorithms          SEQUENCE SIZE (1..MAX) OF
+                                 OBJECT IDENTIFIER,
+      serverPublicKeys        SEQUENCE OF KeyAgreePublicKey
+                                 OPTIONAL,
+      clockSkew               INTEGER DEFAULT 10,
+      requestNonce            OCTET STRING OPTIONAL
+  }
+
+  ResponseTypes  ::= ENUMERATED {
+      cached-only                (0),
+      non-cached-only            (1),
+      cached-and-non-cached      (2)
+  }
+
+  RevocationInfoTypes ::= BIT STRING {
+      fullCRLs                   (0),
+      deltaCRLs                  (1),
+      indirectCRLs               (2),
+      oCSPResponses              (3)
+  }
+
+  AuthPolicy ::= OBJECT IDENTIFIER
+
+  -- SCVP Check Identifiers
+
+  id-stc OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 17 }
+
+  CertCheckSet OBJECT IDENTIFIER ::= {
+      id-stc-build-pkc-path | id-stc-build-valid-pkc-path |
+      id-stc-build-status-checked-pkc-path, ... }
+
+  id-stc-build-pkc-path        OBJECT IDENTIFIER ::= { id-stc 1 }
+  id-stc-build-valid-pkc-path  OBJECT IDENTIFIER ::= { id-stc 2 }
+  id-stc-build-status-checked-pkc-path
+                              OBJECT IDENTIFIER ::= { id-stc 3 }
+
+  ACertCheckSet OBJECT IDENTIFIER ::= {
+      id-stc-build-aa-path | id-stc-build-valid-aa-path |
+      id-stc-build-status-checked-aa-path |
+      id-stc-status-check-ac-and-build-status-checked-aa-path
+  }
+
+  id-stc-build-aa-path         OBJECT IDENTIFIER ::= { id-stc 4 }
+  id-stc-build-valid-aa-path   OBJECT IDENTIFIER ::= { id-stc 5 }
+  id-stc-build-status-checked-aa-path
+                              OBJECT IDENTIFIER ::= { id-stc 6 }
+  id-stc-status-check-ac-and-build-status-checked-aa-path
+                              OBJECT IDENTIFIER ::= { id-stc 7 }
+
+  -- SCVP WantBack Identifiers
+
+  id-swb OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 18 }
+
+  WantBackSet WANT-BACK ::= {
+      swb-pkc-cert | swb-pkc-best-cert-path |
+      swb-pkc-revocation-info | swb-pkc-public-key-info |
+      swb-pkc-all-cert-paths | swb-pkc-ee-revocation-info |
+      swb-pkc-CAs-revocation-info
+  }
+
+  ACertWantBackSet WANT-BACK ::= {
+      swb-ac-cert | swb-aa-cert-path |
+      swb-aa-revocation-info | swb-ac-revocation-info
+  }
+
+  AnyWantBackSet WANT-BACK ::= { swb-relayed-responses }
+
+  swb-pkc-best-cert-path WANT-BACK ::=
+      { CertBundle IDENTIFIED BY id-swb-pkc-best-cert-path }
+  id-swb-pkc-best-cert-path       OBJECT IDENTIFIER ::= { id-swb 1 }
+  swb-pkc-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-revocation-info }
+  id-swb-pkc-revocation-info      OBJECT IDENTIFIER ::= { id-swb 2 }
+
+  swb-pkc-public-key-info WANT-BACK ::=
+      { SubjectPublicKeyInfo IDENTIFIED BY id-swb-pkc-public-key-info }
+  id-swb-pkc-public-key-info      OBJECT IDENTIFIER ::= { id-swb 4 }
+
+  swb-aa-cert-path WANT-BACK ::=
+      {CertBundle IDENTIFIED BY id-swb-aa-cert-path }
+  id-swb-aa-cert-path             OBJECT IDENTIFIER ::= { id-swb 5 }
+
+  swb-aa-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-aa-revocation-info }
+  id-swb-aa-revocation-info       OBJECT IDENTIFIER ::= { id-swb 6 }
+
+  swb-ac-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-ac-revocation-info }
+  id-swb-ac-revocation-info       OBJECT IDENTIFIER ::= { id-swb 7 }
+
+  swb-relayed-responses WANT-BACK ::=
+      {SCVPResponses IDENTIFIED BY id-swb-relayed-responses }
+
+  id-swb-relayed-responses        OBJECT IDENTIFIER ::= { id-swb 9 }
+
+  swb-pkc-all-cert-paths WANT-BACK ::=
+      {CertBundles IDENTIFIED BY id-swb-pkc-all-cert-paths }
+  id-swb-pkc-all-cert-paths       OBJECT IDENTIFIER ::= { id-swb 12}
+
+  swb-pkc-ee-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-ee-revocation-info }
+  id-swb-pkc-ee-revocation-info   OBJECT IDENTIFIER ::= { id-swb 13}
+
+  swb-pkc-CAs-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-CAs-revocation-info }
+  id-swb-pkc-CAs-revocation-info  OBJECT IDENTIFIER ::= { id-swb 14}
+
+  swb-pkc-cert WANT-BACK ::=
+      { Certificate IDENTIFIED BY id-swb-pkc-cert }
+  id-swb-pkc-cert OBJECT IDENTIFIER ::= { id-swb 10}
+
+  swb-ac-cert WANT-BACK ::=
+      { AttributeCertificate IDENTIFIED BY id-swb-ac-cert }
+  id-swb-ac-cert OBJECT IDENTIFIER ::= { id-swb 11}
+
+  -- SCVP Validation Policy and Algorithm Identifiers
+
+  id-svp OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 19 }
+
+  svp-defaultValPolicy POLICY ::=
+      { IDENTIFIED BY id-svp-defaultValPolicy }
+
+  id-svp-defaultValPolicy OBJECT IDENTIFIER ::= { id-svp 1 }
+
+  -- SCVP Basic Validation Algorithm Identifier
+
+  svp-basicValAlg POLICY ::= {IDENTIFIED BY id-svp-basicValAlg }
+
+  id-svp-basicValAlg OBJECT IDENTIFIER ::= { id-svp 3 }
+
+  -- SCVP Basic Validation Algorithm Errors
+
+  id-bvae OBJECT IDENTIFIER ::= id-svp-basicValAlg
+
+  BasicValidationErrorSet OBJECT IDENTIFIER ::= {
+      id-bvae-expired | id-bvae-not-yet-valid |
+      id-bvae-wrongTrustAnchor | id-bvae-noValidCertPath |
+      id-bvae-revoked | id-bvae-invalidKeyPurpose |
+      id-bvae-invalidKeyUsage | id-bvae-invalidCertPolicy
+  }
+
+  id-bvae-expired              OBJECT IDENTIFIER ::= { id-bvae 1 }
+  id-bvae-not-yet-valid        OBJECT IDENTIFIER ::= { id-bvae 2 }
+  id-bvae-wrongTrustAnchor     OBJECT IDENTIFIER ::= { id-bvae 3 }
+  id-bvae-noValidCertPath      OBJECT IDENTIFIER ::= { id-bvae 4 }
+  id-bvae-revoked              OBJECT IDENTIFIER ::= { id-bvae 5 }
+  id-bvae-invalidKeyPurpose    OBJECT IDENTIFIER ::= { id-bvae 9 }
+  id-bvae-invalidKeyUsage      OBJECT IDENTIFIER ::= { id-bvae 10 }
+  id-bvae-invalidCertPolicy    OBJECT IDENTIFIER ::= { id-bvae 11 }
+
+  -- SCVP Name Validation Algorithm Identifier
+
+  svp-nameValAlg POLICY ::=
+      {TYPE NameValidationAlgParams IDENTIFIED BY id-svp-nameValAlg }
+
+  id-svp-nameValAlg OBJECT IDENTIFIER ::= { id-svp 2 }
+
+  -- SCVP Name Validation Algorithm DN comparison algorithm
+
+  NameCompAlgSet OBJECT IDENTIFIER ::= {
+      id-nva-dnCompAlg
+  }
+
+  id-nva-dnCompAlg   OBJECT IDENTIFIER ::= { id-svp 4 }
+  -- SCVP Name Validation Algorithm Errors
+
+  id-nvae OBJECT IDENTIFIER ::= id-svp-nameValAlg
+
+  NameValidationErrorSet OBJECT IDENTIFIER ::= {
+      id-nvae-name-mismatch | id-nvae-no-name | id-nvae-unknown-alg |
+      id-nvae-bad-name | id-nvae-bad-name-type | id-nvae-mixed-names
+  }
+
+  id-nvae-name-mismatch   OBJECT IDENTIFIER ::= { id-nvae 1 }
+  id-nvae-no-name         OBJECT IDENTIFIER ::= { id-nvae 2 }
+  id-nvae-unknown-alg     OBJECT IDENTIFIER ::= { id-nvae 3 }
+  id-nvae-bad-name        OBJECT IDENTIFIER ::= { id-nvae 4 }
+  id-nvae-bad-name-type   OBJECT IDENTIFIER ::= { id-nvae 5 }
+  id-nvae-mixed-names     OBJECT IDENTIFIER ::= { id-nvae 6 }
+
+  -- SCVP Extended Key Usage Key Purpose Identifiers
+
+  id-kp OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 3 }
+
+  SvcpExtKeyUsageSet OBJECT IDENTIFIER ::= {
+      id-kp-scvpServer | id-kp-scvpClient
+  }
+
+  id-kp-scvpServer   OBJECT IDENTIFIER ::= { id-kp 15 }
+
+  id-kp-scvpClient   OBJECT IDENTIFIER ::= { id-kp 16 }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1
new file mode 100644
index 0000000000..2bd2aaa435
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1
@@ -0,0 +1,122 @@
+ SecureMimeMessageV3dot1-2009
+       {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+       smime(16) modules(0) id-mod-msg-v3dot1-02(39)}
+ DEFINITIONS IMPLICIT TAGS ::=
+ BEGIN
+ IMPORTS
+
+ SMIME-CAPS, SMIMECapabilities{}
+ FROM AlgorithmInformation-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-algorithmInformation-02(58)}
+
+ ATTRIBUTE
+ FROM PKIX-CommonTypes-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+ SubjectKeyIdentifier, IssuerAndSerialNumber, RecipientKeyIdentifier
+ FROM CryptographicMessageSyntax-2009
+     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) modules(0) id-mod-cms-2004-02(41)}
+
+ rc2-cbc, SMimeCaps
+ FROM CryptographicMessageSyntaxAlgorithms-2009
+     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) modules(0) id-mod-cmsalg-2001-02(37)}
+
+ SMimeCaps
+ FROM PKIXAlgs-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-pkix1-algorithms2008-02(56)}
+
+ SMimeCaps
+ FROM PKIX1-PSS-OAEP-Algorithms-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-rsa-pkalgs-02(54)};
+
+ SMimeAttributeSet ATTRIBUTE ::=
+     { aa-smimeCapabilities | aa-encrypKeyPref, ... }
+
+ --  id-aa is the arc with all new authenticated and unauthenticated
+ --  attributes produced by the S/MIME Working Group
+
+ id-aa OBJECT IDENTIFIER ::=
+     { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) attributes(2)}
+
+ -- The S/MIME Capabilities attribute provides a method of broadcasting
+ -- the symmetric capabilities understood.  Algorithms SHOULD be ordered
+ -- by preference and grouped by type
+
+ aa-smimeCapabilities ATTRIBUTE ::=
+     { TYPE SMIMECapabilities{{SMimeCapsSet}} IDENTIFIED BY
+           smimeCapabilities }
+ smimeCapabilities OBJECT IDENTIFIER ::=
+     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     15 }
+
+ SMimeCapsSet SMIME-CAPS ::=
+     { cap-preferBinaryInside | cap-RC2CBC |
+     PKIXAlgs-2009.SMimeCaps |
+     CryptographicMessageSyntaxAlgorithms-2009.SMimeCaps |
+     PKIX1-PSS-OAEP-Algorithms-2009.SMimeCaps, ... }
+
+ -- Encryption Key Preference provides a method of broadcasting the
+ -- preferred encryption certificate.
+
+ aa-encrypKeyPref ATTRIBUTE ::=
+     { TYPE SMIMEEncryptionKeyPreference
+         IDENTIFIED BY id-aa-encrypKeyPref }
+
+ id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
+
+ SMIMEEncryptionKeyPreference ::= CHOICE {
+    issuerAndSerialNumber   [0] IssuerAndSerialNumber,
+    receipentKeyId          [1] RecipientKeyIdentifier,
+    subjectAltKeyIdentifier [2] SubjectKeyIdentifier
+ }
+
+ -- receipentKeyId is spelt incorrectly, but kept for historical
+ -- reasons.
+
+ id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
+
+ id-cap  OBJECT IDENTIFIER ::= { id-smime 11 }
+
+ -- The preferBinaryInside indicates an ability to receive messages
+ -- with binary encoding inside the CMS wrapper
+
+ cap-preferBinaryInside SMIME-CAPS ::=
+     { -- No value -- IDENTIFIED BY id-cap-preferBinaryInside }
+
+ id-cap-preferBinaryInside  OBJECT IDENTIFIER ::= { id-cap 1 }
+
+ --  The following list OIDs to be used with S/MIME V3
+
+ -- Signature Algorithms Not Found in [RFC3370]
+ --
+ -- md2WithRSAEncryption OBJECT IDENTIFIER ::=
+ --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+ --     2}
+ --
+ -- Other Signed Attributes
+ --
+ -- signingTime OBJECT IDENTIFIER ::=
+ --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+ --     5}
+ --    See [RFC5652] for a description of how to encode the attribute
+ --    value.
+
+ cap-RC2CBC SMIME-CAPS ::=
+     { TYPE SMIMECapabilitiesParametersForRC2CBC
+         IDENTIFIED BY rc2-cbc}
+
+ SMIMECapabilitiesParametersForRC2CBC ::= INTEGER (40 | 128, ...)
+ --    (RC2 Key Length (number of bits))
+
+ END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1
index 07bba30690..07bba30690 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1
index 2917122e94..2917122e94 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1
index 02205bd64c..02205bd64c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1
index 8f033eab6f..8f033eab6f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1
index bfcd0b5dbc..bfcd0b5dbc 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1
index 9633995e3b..9633995e3b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1
index ccc64a52f5..ccc64a52f5 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1
index c97c83a569..c97c83a569 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1
index d9601bb7d0..d9601bb7d0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1
index 18e51cbc0d..18e51cbc0d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/test_records.erl b/lib/asn1/test/asn1_SUITE_data/test_records.erl
index 1fdfbb40df..adfc98600c 100644
--- a/lib/asn1/test/asn1_SUITE_data/test_records.erl
+++ b/lib/asn1/test/asn1_SUITE_data/test_records.erl
@@ -3,16 +3,17 @@
 %% 
 %% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %% 
 %% %CopyrightEnd%
 %%
diff --git a/lib/asn1/test/asn1_SUITE_data/testobj.erl b/lib/asn1/test/asn1_SUITE_data/testobj.erl
index 2cc909c35e..efb1cf4713 100644
--- a/lib/asn1/test/asn1_SUITE_data/testobj.erl
+++ b/lib/asn1/test/asn1_SUITE_data/testobj.erl
@@ -3,16 +3,17 @@
 %%
 %% Copyright Ericsson AB 2001-2013. All Rights Reserved.
 %%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
 %%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %%
 %% %CopyrightEnd%
 %%