175 files changed, 9727 insertions, 401 deletions

diff --git a/lib/asn1/test/Makefile b/lib/asn1/test/Makefile
index b1b08aa9f9..ea5a0f857e 100644
--- a/lib/asn1/test/Makefile
+++ b/lib/asn1/test/Makefile
@@ -78,6 +78,7 @@ MODULES= \
 	testEnumExt \
 	testInfObjectClass \
 	testInfObj \
+	testInfObjExtract \
 	testParameterizedInfObj \
 	testFragmented \
 	testMergeCompile \
@@ -104,14 +105,19 @@ MODULES= \
 	test_compile_options \
 	testDoubleEllipses \
 	test_modified_x420 \
-	testX420 \
 	test_x691 \
 	testWSParamClass \
+	testValueTest \
+	testUniqueObjectSets \
+	testRfcs \
+	testImporting \
+	testExtensibilityImplied \
 	asn1_test_lib \
 	asn1_app_test \
 	asn1_appup_test \
 	asn1_SUITE \
-	error_SUITE
+	error_SUITE \
+	syntax_SUITE
 
 ERL_FILES= $(MODULES:%=%.erl)
 
diff --git a/lib/asn1/test/asn1_SUITE.erl b/lib/asn1/test/asn1_SUITE.erl
index 432197eec0..9dfcc3f571 100644
--- a/lib/asn1/test/asn1_SUITE.erl
+++ b/lib/asn1/test/asn1_SUITE.erl
@@ -52,9 +52,7 @@ all() ->
 groups() ->
     Parallel = asn1_test_lib:parallel(),
     [{compile, Parallel,
-      [c_syntax,
-       c_string,
-       c_implicit_before_choice,
+      [c_string,
        constraint_equivalence]},
 
      {ber, Parallel,
@@ -89,6 +87,7 @@ groups() ->
                     ber_other,
 		    der,
                     h323test]},
+       testExtensibilityImplied,
        testChoPrim,
        testChoExtension,
        testChoOptional,
@@ -135,19 +134,19 @@ groups() ->
        testChoiceIndefinite,
        per_open_type,
        testInfObjectClass,
+       testUniqueObjectSets,
+       testInfObjExtract,
        testParam,
        testFragmented,
        testMergeCompile,
        testobj,
        testDeepTConstr,
-       testExport,
        testImport,
        testDER,
        testDEFAULT,
        testMvrasn6,
        testContextSwitchingTypes,
        testOpenTypeImplicitTag,
-       duplicate_tags,
        testROSE,
        testINSTANCE_OF,
        testTCAP,
@@ -158,16 +157,19 @@ groups() ->
        testNortel,
        % Uses 'PKCS7', 'InformationFramework'
        {group, [], [test_WS_ParamClass,
-		    test_modified_x420,
-                    testX420]},
-       testTcapsystem,
-       testNBAPsystem,
-       testS1AP,
+		    test_modified_x420]},
+       %% Don't run all these at the same time.
+       {group, [],
+	[testTcapsystem,
+	 testNBAPsystem,
+	 testS1AP,
+	 testRfcs]},
        test_compile_options,
        testDoubleEllipses,
        test_x691,
        ticket_6143,
-       test_OTP_9688]},
+       test_OTP_9688,
+       testValueTest]},
 
      {performance, [],
       [testTimer_ber,
@@ -196,7 +198,7 @@ init_per_testcase(Func, Config) ->
     true = code:add_patha(CaseDir),
 
     Dog = case Func of
-              testX420 -> ct:timetrap({minutes, 90});
+              testRfcs -> ct:timetrap({minutes, 90});
               _        -> ct:timetrap({minutes, 60})
           end,
     [{case_dir, CaseDir}, {watchdog, Dog}|Config].
@@ -374,6 +376,12 @@ testExternal(Config, Rule, Opts) ->
     testSetOfTag:main(Rule),
     testSetTag:main(Rule).
 
+testExtensibilityImplied(Config) ->
+    test(Config, fun testExtensibilityImplied/3).
+testExtensibilityImplied(Config, Rule, Opts) ->
+    asn1_test_lib:compile("ExtensibilityImplied", Config,
+			  [Rule,no_ok_wrapper|Opts]),
+    testExtensibilityImplied:main().
 
 testChoPrim(Config) -> test(Config, fun testChoPrim/3).
 testChoPrim(Config, Rule, Opts) ->
@@ -561,39 +569,21 @@ testSetOfCho(Config, Rule, Opts) ->
     asn1_test_lib:compile("SetOfCho", Config, [Rule|Opts]),
     testSetOfCho:main(Rule).
 
-c_syntax(Config) ->
-    DataDir = ?config(data_dir, Config),
-    [{error, _} = asn1ct:compile(filename:join(DataDir, F))
-     || F <-["Syntax",
-             "BadTypeEnding",
-             "BadValueAssignment1",
-             "BadValueAssignment2",
-             "BadValueSet",
-             "ChoiceBadExtension",
-             "EnumerationBadExtension",
-             "Example",
-             "Export1",
-             "MissingEnd",
-             "SequenceBadComma",
-             "SequenceBadComponentName",
-             "SequenceBadComponentType",
-             "SeqBadComma"]].
-
 c_string(Config) ->
     test(Config, fun c_string/3).
 c_string(Config, Rule, Opts) ->
     asn1_test_lib:compile("String", Config, [Rule|Opts]),
     asn1ct:test('String').
 
-c_implicit_before_choice(Config) ->
-    test(Config, fun c_implicit_before_choice/3, [ber]).
-c_implicit_before_choice(Config, Rule, Opts) ->
-    DataDir = ?config(data_dir, Config),
-    CaseDir = ?config(case_dir, Config),
-    {error, _R2} = asn1ct:compile(filename:join(DataDir, "CCSNARG3"),
-                                  [Rule, {outdir, CaseDir}|Opts]).
-
 constraint_equivalence(Config) ->
+    constraint_equivalence_abs(Config),
+    test(Config, fun constraint_equivalence/3).
+
+constraint_equivalence(Config, Rule, Opts) ->
+    M = 'ConstraintEquivalence',
+    asn1_test_lib:compile(M, Config, [Rule|Opts]).
+
+constraint_equivalence_abs(Config) ->
     DataDir = ?config(data_dir, Config),
     CaseDir = ?config(case_dir, Config),
     Asn1Spec = "ConstraintEquivalence",
@@ -765,6 +755,16 @@ testInfObjectClass(Config, Rule, Opts) ->
     testInfObjectClass:main(Rule),
     testInfObj:main(Rule).
 
+testUniqueObjectSets(Config) -> test(Config, fun testUniqueObjectSets/3).
+testUniqueObjectSets(Config, Rule, Opts) ->
+    CaseDir = ?config(case_dir, Config),
+    testUniqueObjectSets:main(CaseDir, Rule, Opts).
+
+testInfObjExtract(Config) -> test(Config, fun testInfObjExtract/3).
+testInfObjExtract(Config, Rule, Opts) ->
+    asn1_test_lib:compile("InfObjExtract", Config, [Rule|Opts]),
+    testInfObjExtract:main().
+
 testParam(Config) ->
     test(Config, fun testParam/3, [ber,{ber,[der]},per,uper]).
 testParam(Config, Rule, Opts) ->
@@ -804,18 +804,14 @@ testDeepTConstr(Config, Rule, Opts) ->
                               [Rule|Opts]),
     testDeepTConstr:main(Rule).
 
-testExport(Config) ->
-    {error, _} =
-	asn1ct:compile(filename:join(?config(data_dir, Config),
-				     "IllegalExport"),
-		       [{outdir, ?config(case_dir, Config)}]).
-
 testImport(Config) ->
     test(Config, fun testImport/3).
 testImport(Config, Rule, Opts) ->
-    Files = ["ImportsFrom","ImportsFrom2","ImportsFrom3"],
+    Files = ["ImportsFrom","ImportsFrom2","ImportsFrom3",
+	     "Importing","Exporting"],
     asn1_test_lib:compile_all(Files, Config, [Rule|Opts]),
     42 = 'ImportsFrom':i(),
+    testImporting:main(),
     ok.
 
 testMegaco(Config) -> test(Config, fun testMegaco/3).
@@ -839,24 +835,20 @@ testContextSwitchingTypes(Config, Rule, Opts) ->
 
 testTypeValueNotation(Config) -> test(Config, fun testTypeValueNotation/3).
 testTypeValueNotation(Config, Rule, Opts) ->
-    asn1_test_lib:compile_all(["SeqTypeRefPrim", "ValueTest"], Config,
-                              [Rule|Opts]),
+    asn1_test_lib:compile("SeqTypeRefPrim", Config, [Rule|Opts]),
     testTypeValueNotation:main(Rule, Opts).
 
+testValueTest(Config) -> test(Config, fun testValueTest/3).
+testValueTest(Config, Rule, Opts) ->
+    asn1_test_lib:compile("ValueTest", Config, [Rule|Opts]),
+    testValueTest:main().
+
 testOpenTypeImplicitTag(Config) ->
     test(Config, fun testOpenTypeImplicitTag/3).
 testOpenTypeImplicitTag(Config, Rule, Opts) ->
     asn1_test_lib:compile("OpenTypeImplicitTag", Config, [Rule|Opts]),
     testOpenTypeImplicitTag:main(Rule).
 
-duplicate_tags(Config) ->
-    DataDir = ?config(data_dir, Config),
-    CaseDir = ?config(case_dir, Config),
-    {error, [{error, {type, _, _, 'SeqOpt1Imp',
-			     {asn1, {duplicates_of_the_tags, _}}}}]} =
-	asn1ct:compile(filename:join(DataDir, "SeqOptional2"),
-		       [abs, {outdir, CaseDir}]).
-
 rtUI(Config) -> test(Config, fun rtUI/3).
 rtUI(Config, Rule, Opts) ->
     asn1_test_lib:compile("Prim", Config, [Rule|Opts]),
@@ -990,13 +982,22 @@ testS1AP(Config, Rule, Opts) ->
 	    ok
     end.
 
+testRfcs(Config) ->  test(Config, fun testRfcs/3, [{ber,[der]}]).
+testRfcs(Config, Rule, Opts) ->
+    case erlang:system_info(system_architecture) of
+	"sparc-sun-solaris2.10" ->
+	    {skip,"Too slow for an old Sparc"};
+	_ ->
+	    testRfcs:compile(Config, Rule, Opts),
+	    testRfcs:test()
+    end.
+
 test_compile_options(Config) ->
     ok = test_compile_options:wrong_path(Config),
     ok = test_compile_options:path(Config),
     ok = test_compile_options:noobj(Config),
     ok = test_compile_options:record_name_prefix(Config),
-    ok = test_compile_options:verbose(Config),
-    ok = test_compile_options:warnings_as_errors(Config).
+    ok = test_compile_options:verbose(Config).
 
 testDoubleEllipses(Config) -> test(Config, fun testDoubleEllipses/3).
 testDoubleEllipses(Config, Rule, Opts) ->
@@ -1084,6 +1085,7 @@ test_modules() ->
      "CommonDataTypes",
      "Constraints",
      "ContextSwitchingTypes",
+     "CoverParser",
      "DS-EquipmentUser-CommonFunctionOrig-TransmissionPath",
      "Enum",
      "From",
@@ -1118,7 +1120,9 @@ test_modules() ->
      "Def",
      "Opt",
      "ELDAPv3",
-     "LDAP"].
+     "LDAP",
+     "SeqOptional2",
+     "CCSNARG3"].
 
 test_OTP_9688(Config) ->
     PrivDir = ?config(case_dir, Config),
diff --git a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn b/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn
deleted file mode 100644
index 3ccd838ac0..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn
+++ /dev/null
@@ -1,6 +0,0 @@
-BadTypeEnding  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ;
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1
deleted file mode 100644
index a5d4984e60..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1
+++ /dev/null
@@ -1,8 +0,0 @@
-BadValueAssignment1  DEFINITIONS ::=
-BEGIN
-
-int INTEGER ::= 3
-
-int2 integer ::= 3
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1
deleted file mode 100644
index 7a96406001..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1
+++ /dev/null
@@ -1,8 +0,0 @@
-BadValueAssignment2  DEFINITIONS ::=
-BEGIN
-
-int INTEGER ::= 3
-
-int2 ::= 3
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1
deleted file mode 100644
index 68bd4380b7..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1
+++ /dev/null
@@ -1,9 +0,0 @@
-BadValueSet  DEFINITIONS ::=
-BEGIN
-
-Int INTEGER ::= {1|2|3}
-
-Int2 INTEGER ::= {
-    1,2,3}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
index 23c1f32ceb..8932238adc 100644
--- a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
+++ b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn
@@ -3,7 +3,7 @@ BEGIN
 
 CallCentreServiceNotificationArg ::= SEQUENCE {
    scriptInformation      [0] ScriptToScriptInformation,
-   eventInformation       [1] IMPLICIT EventInformation OPTIONAL
+   eventInformation       [1] EventInformation OPTIONAL
     
    
 }
diff --git a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
index f6fe18be10..18473bae30 100644
--- a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1
@@ -41,10 +41,4 @@ ChoExt4 ::= CHOICE
   str OCTET STRING
 }
 
-ChoEmptyRoot ::= CHOICE {
-  ...,
-  bool BOOLEAN,
-  int INTEGER (0..7)
-}
-
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1
deleted file mode 100644
index d0789d7414..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1
+++ /dev/null
@@ -1,27 +0,0 @@
-ChoiceBadExtension DEFINITIONS ::=
-BEGIN
-
-Seq ::= SEQUENCE {
-    ...,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-Cho1 ::= CHOICE {
-    name PrintableString,
-    ...,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-Cho2 ::= CHOICE {
-    ...,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER 
-    }
-
-END
-
-
diff --git a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
index 8b3d151502..648275dd66 100644
--- a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1
@@ -11,6 +11,10 @@ BEGIN
  SingleValueX8 ::= INTEGER (integer42)
  SingleValueX9 ::= INTEGER (integer42..integer42)
  SingleValueX10 ::= INTEGER ((integer42) INTERSECTION (40..49))
+ SingleValueX11 ::= INTEGER (40..49) (integer42)
+ SingleValueX12 ::= INTEGER ((MIN..0) ^ (1..10) | integer42)
+ SingleValueX13 ::= INTEGER ((11..20) ^ (1..10) | integer42)
+ SingleValueX14 ::= INTEGER ((MIN..42) ^ (1..100) ^ (42..50))
 
  UnconstrainedX0 ::= INTEGER
  UnconstrainedX1 ::= INTEGER (MIN..MAX)
@@ -19,6 +23,10 @@ BEGIN
  UnconstrainedX4 ::= INTEGER ((MIN..MAX)|9|10)
  UnconstrainedX5 ::= INTEGER ((MIN..MAX)|10..20)
  UnconstrainedX6 ::= INTEGER ((MIN..MAX) UNION (10..20))
+ UnconstrainedX7 ::= INTEGER ((MIN..MAX) ^ ((MIN..MAX) UNION (10..20)))
+ UnconstrainedX8 ::= INTEGER ((-100..MAX) ^ (42..MAX) | (MIN..41))
+ UnconstrainedX9 ::= INTEGER (UnconstrainedX0)
+ UnconstrainedX10 ::= INTEGER (UnconstrainedX0)(MIN..MAX)
 
  RangeX00 ::= INTEGER (5..10)
  RangeX01 ::= INTEGER (4<..<11)
@@ -38,22 +46,66 @@ BEGIN
  RangeX16 ::= INTEGER ((5|6) UNION (7) UNION (7<..<11))
 
  RangeX20 ::= INTEGER (0..20) (5..10)
- RangeX21 ::= INTEGER (0..10) (5..20)
- RangeX22 ::= INTEGER (0..10) (5..20) (MIN..MAX)
- RangeX23 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX))
- RangeX24 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX))
+ RangeX21 ::= INTEGER ((0..10) ^ (5..20))
+ RangeX22 ::= INTEGER ((0..10) ^ (5..20) ^ (MIN..MAX))
+ RangeX23 ::= INTEGER (MIN..MAX) (-100..20) (5..10)
+ RangeX24 ::= INTEGER (MIN..MAX) (0..100) (5..20) (5..10)
+ RangeX25 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX))
+ RangeX26 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX))
+
+ RangeX30 ::= INTEGER (((5|6) | (5..20)) ^ (0..10))
+ RangeX31 ::= INTEGER (((((5|6) | (5..20)) ^ (0..10))) ^ (MIN..MAX))
+ RangeX32 ::= INTEGER ((5|7) | (5..10))
+
+ Semi00 ::= INTEGER (0..MAX)
+ Semi01 ::= INTEGER (0..MAX) (MIN..MAX)
+ Semi02 ::= INTEGER ((0..100) UNION (200..MAX) UNION (50..1024))
+
+ RangeExtX00 ::= INTEGER (5..10, ...)
+ RangeExtX01 ::= INTEGER (0..20) (5..10, ...)
+ RangeExtX02 ::= INTEGER (RangeX26) (5..10, ...)
+-- RangeExtX03 ::= RangeX26 (5..10, ...)
+
+ MinRangeX00 ::= INTEGER (MIN..10)
+ MinRangeX01 ::= INTEGER ((MIN..0) | (0..10))
+ MinRangeX02 ::= INTEGER (MIN..MAX) (MIN..100) (MIN..10)
+ MinRangeX03 ::= INTEGER (((MIN..-100)|(-60..-50)) | (MIN..10))
+
+ DisjointRangeX00 ::= INTEGER (0..5 UNION 95..99)
+ DisjointRangeX01 ::= INTEGER (0|1|2|3|4|5|95|96|97|98|99)
+ DisjointRangeX02 ::= INTEGER (0..100) (0..2 UNION 95..99 UNION 3|4|5)
+ DisjointRangeX03 ::= INTEGER (MIN..MAX) (0..2 UNION 95..99 UNION 3|4|5)
+
+ MinDisjointRangeX00 ::= INTEGER (MIN..-100 UNION 100..1000)
+ MinDisjointRangeX01 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-100))
+ MinDisjointRangeX02 ::= INTEGER (MIN..-50000 UNION 100..1000 UNION (MIN..-100))
+ MinDisjointRangeX03 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000))
+ MinDisjointRangeX04 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000))
+ MinDisjointRangeX05 ::= INTEGER (MIN..-100 ^ (MIN..-100) UNION 100..1000)
+ MinDisjointRangeX06 ::= INTEGER (MIN..-100 ^ (MIN..0) UNION 100..1000)
 
  UnconstrainedStringX00 ::= IA5String
  UnconstrainedStringX01 ::= IA5String (SIZE (0..MAX))
+ UnconstrainedStringX02 ::= IA5String (SIZE (0..42|43..MAX))
 
  ConstrainedStringX00 ::= IA5String (SIZE (0..5))
  ConstrainedStringX01 ::= IA5String (SIZE (0|1|2|3|4|5))
 
+ StringExtFromX00 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20))
+ StringExtFromX01 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20))
+ StringExtFromX02 ::= IA5String ((FROM ("AB", ..., "CD")) ^ ((SIZE (1..10, ..., 15..20))))
+ StringExtFromX03 ::= IA5String ((FROM ("AB", ..., "CD")) ^ (SIZE (1..10, ..., 15..20)))
+ StringExtFromX04 ::= IA5String (StringExtFromX00)
+
  -- Note: None of the back-ends care about the exact values
  -- outside of the root range.
  ExtConstrainedStringX00 ::= IA5String (SIZE (1..2, ...))
  ExtConstrainedStringX01 ::= IA5String (SIZE (1|2, ..., 3))
  ExtConstrainedStringX02 ::= IA5String (SIZE (1|2, ..., 3|4|5))
+ ExtConstrainedStringX03 ::= IA5String (SIZE (1|2, ...,  1|2|3|4|5))
+ ExtConstrainedStringX04 ::= IA5String (SIZE (1|2), ..., SIZE (1|2|3|4|5))
+ ExtConstrainedStringX05 ::= IA5String (SIZE (1|2, ...), ...,
+                                        SIZE (1|2|3|4|5, ...))
 
  integer4 INTEGER ::= 4
  integer11 INTEGER ::= 11
diff --git a/lib/asn1/test/asn1_SUITE_data/Constraints.py b/lib/asn1/test/asn1_SUITE_data/Constraints.py
index 3495cd841b..a40c513141 100644
--- a/lib/asn1/test/asn1_SUITE_data/Constraints.py
+++ b/lib/asn1/test/asn1_SUITE_data/Constraints.py
@@ -81,7 +81,7 @@ maxNrOfCellPortionsPerCell-1 INTEGER ::= 35
 CellPortionID	::= INTEGER (0..maxNrOfCellPortionsPerCell-1,...)
 
 -- OTP-6763
-T ::=  IA5String (SIZE (1|2, ..., SIZE (1|2|3))) -- Dubuisson 268
+T ::=  IA5String (SIZE (1|2), ..., SIZE (1|2|3)) -- Dubuisson 268
 T2 ::= IA5String (SIZE (1|2, ..., 3)) -- equal with T
 
 -- OTP-8046
@@ -144,5 +144,47 @@ NonOverlapping ::= INTEGER (7280..7560 |
 23000..24000 |
 24960..26900)
 
+--
+-- Test INTEGER constraints from fields in objects.
+--
+
+INT-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INT-HOLDER OPTIONAL
+} WITH SYNTAX {
+  ID &id
+  [OBJ &obj]
+}
+
+int-holder-1 INT-HOLDER ::= { ID 2 }
+int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 }
+
+IntObjectConstr ::= INTEGER (int-holder-2.&obj.&id..int-holder-2.&id)
+
+--
+-- INTEGER constraints defined using named INTEGERs.
+--
+
+ConstrainedNamedInt ::= INTEGER {v1(42)} (v1)
+constrainedNamedInt-1 INTEGER {v1(42)} (v1) ::= 42
+constrainedNamedInt-2 ConstrainedNamedInt ::= 100
+
+SeqWithNamedInt ::= SEQUENCE {
+   int INTEGER {v2(7)} (v2)
+}
+
+--
+-- Cover simpletable constraint checking code.
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType ContentType
+}
+
+Contents TYPE-IDENTIFIER ::= {
+  {OCTET STRING IDENTIFIED BY {2 1 1 1 1 1 1}}
+}
+
+ContentType ::= TYPE-IDENTIFIER.&id({Contents})
 
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1
new file mode 100644
index 0000000000..75d40188ca
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1
@@ -0,0 +1,57 @@
+CoverParser DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+ Cho1 ::= CHOICE {
+   i INTEGER,
+   ... ! 42,
+   [[ b BOOLEAN ]]
+ }
+
+ Cho2 ::= CHOICE {
+   i INTEGER,
+   ...,
+   [[ b BOOLEAN,
+      s IA5String ]],
+   ...
+ }
+
+ Int1 ::= INTEGER (CONSTRAINED BY {INTEGER:1,INTEGER:2})
+
+ Seq1 ::= SEQUENCE {
+   ... ! INTEGER:1
+ }
+
+ Seq2 ::= SEQUENCE {
+   ... ! INTEGER:1,
+   i INTEGER
+ }
+
+ Seq3 ::= SEQUENCE {
+   b BOOLEAN,
+   ... ! INTEGER:1,
+   i INTEGER
+ }
+
+ Seq4 ::= SEQUENCE {
+   a INTEGER OPTIONAL,
+   b OCTET STRING OPTIONAL
+ } (WITH COMPONENTS {a ABSENT, b OPTIONAL} |
+    WITH COMPONENTS {a PRESENT, b PRESENT})
+
+ SeqOf1 ::= SEQUENCE OF INTEGER
+ SeqOf2 ::= SeqOf1 (WITH COMPONENT (0..7))
+
+ SegOf3 ::= SEQUENCE (SIZE (1..10)) OF id INTEGER
+
+ Set1 ::= SET {
+   ... ! INTEGER:1
+ }
+
+ Set2 ::= SET {
+   ... ! INTEGER:1,
+   a INTEGER
+ }
+
+ SetOf3 ::= SET (SIZE (1..10)) OF id INTEGER
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn b/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
index e90cf55d61..a96425cbea 100644
--- a/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
+++ b/lib/asn1/test/asn1_SUITE_data/DoubleEllipses.asn
@@ -12,6 +12,15 @@ Seq ::= SEQUENCE
    c  BOOLEAN
  }
 
+SeqV1 ::= SEQUENCE
+ {
+   a  INTEGER,
+   ...,
+   b  BOOLEAN,
+   ...
+ }
+
+
 SeqV2 ::= SEQUENCE
  {
    a  INTEGER,
@@ -57,6 +66,14 @@ Set ::= SET {
    c  BOOLEAN
  }
 
+
+SetV1 ::= SET {
+   a  INTEGER,
+   ...,
+   b  BOOLEAN,
+   ...
+ }
+
 SetV2 ::= SET
  {
    a  INTEGER,
@@ -96,4 +113,4 @@ SetAltV2 ::= SET
  }
 
 
-END
\ No newline at end of file
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
index 74fa97e7aa..55ad5a01a1 100644
--- a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1
@@ -53,5 +53,7 @@ SeqBig ::= SEQUENCE {
   i INTEGER
 }
 
+EnumSkip ::= ENUMERATED {a(2), ..., b, c, d, e, f}
+
 END
 
diff --git a/lib/asn1/test/asn1_SUITE_data/Example.asn1 b/lib/asn1/test/asn1_SUITE_data/Example.asn1
deleted file mode 100644
index 2639f63940..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Example.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
-Example  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a b,
-    c Typ}
---ECLASS ::= CLASS {
---    &num       INTEGER UNIQUE,
---    &Typo
---    } WITH SYNTAX {
---    &Typo DETERMINED BY &num
---    }
-
---v1 ECLASS ::= {INTEGER DETERMINED BY 12}
-
---v2 INTEGER ::= 13
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Export1.asn b/lib/asn1/test/asn1_SUITE_data/Export1.asn
deleted file mode 100644
index 78ead8f4d2..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Export1.asn
+++ /dev/null
@@ -1,7 +0,0 @@
-Export1  DEFINITIONS ::=
-BEGIN
-EXPORTS T
-
-T ::= Typ	
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Exporting.asn1 b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1
new file mode 100644
index 0000000000..e4f32f6788
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1
@@ -0,0 +1,18 @@
+Exporting DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+  Seq ::= SEQUENCE { id INTEGER, f BOOLEAN }
+  PtSeq{T} ::= SEQUENCE { a T }
+
+  CL ::= CLASS {
+     &id INTEGER UNIQUE,
+     &Type
+  } WITH SYNTAX {
+     ID &id TYPE &Type
+  }
+
+  obj CL ::= { ID 1 TYPE OCTET STRING }
+
+  pt-object{CL:ob} CL ::= {ID ob.&id TYPE OCTET STRING}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1
new file mode 100644
index 0000000000..d59b0edda5
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1
@@ -0,0 +1,30 @@
+ExtensibilityImplied DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED
+::=
+BEGIN
+
+Enum1 ::= ENUMERATED { root, ..., ext }
+Enum2 ::= ENUMERATED { root }
+
+Seq1 ::= SEQUENCE {
+  b BOOLEAN,
+  ...,
+  i INTEGER
+}
+
+Seq2 ::= SEQUENCE {
+  b BOOLEAN
+}
+
+Set1 ::= SET {
+  b BOOLEAN,
+  ...,
+  i INTEGER
+}
+
+Set2 ::= SET {
+  b BOOLEAN
+}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 b/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1
deleted file mode 100644
index 1b5e42ad3c..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1
+++ /dev/null
@@ -1,7 +0,0 @@
-IllegalExport  DEFINITIONS ::=
-BEGIN
-EXPORTS T, KalleAnka;
-
-T ::= INTEGER	
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Importing.asn1 b/lib/asn1/test/asn1_SUITE_data/Importing.asn1
new file mode 100644
index 0000000000..2f2699c576
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/Importing.asn1
@@ -0,0 +1,20 @@
+Importing DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+ Seq ::= Exporting.PtSeq{ INTEGER(0..7) }
+ OtherSeq ::= Exporting.Seq
+
+ seq Exporting.Seq ::= { id 42, f TRUE }
+
+ o1 Exporting.CL ::= { ID 2 TYPE INTEGER (0..63) }
+
+ ObjSet Exporting.CL ::= { o1 | Exporting.obj }
+
+ ObjSeq ::= SEQUENCE {
+   id Exporting.CL.&id ({ObjSet}),
+   type Exporting.CL.&Type ({ObjSet}{@id})
+ }
+
+ o1-cloned Exporting.CL ::= Exporting.pt-object{o1}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/InfObj.asn b/lib/asn1/test/asn1_SUITE_data/InfObj.asn
index 719119f418..3b88770d78 100644
--- a/lib/asn1/test/asn1_SUITE_data/InfObj.asn
+++ b/lib/asn1/test/asn1_SUITE_data/InfObj.asn
@@ -206,7 +206,9 @@ ConstructedDefaultSet CONSTRUCTED-DEFAULT ::= {
   { &id 4, &Type SET { a INTEGER, b BIT STRING } } |
   { &id 5, &Type CHOICE { i INTEGER, b BIT STRING } } |
   { &id 6, &Type SEQUENCE OF INTEGER (1..16) } |
-  { &id 7, &Type SET OF INTEGER (1..64) }
+  { &id 7, &Type SET OF INTEGER (1..64) } |
+  { &id 8, &Type SEQUENCE OF SEQUENCE { x INTEGER, y INTEGER } } |
+  { &id 9, &Type SET OF SEQUENCE { x INTEGER, y INTEGER } }
 }
 
 ConstructedPdu ::= SEQUENCE {
@@ -288,18 +290,196 @@ OstSeq1234 ::= ObjectSetTest{ {Ost1234} }
 OstSeq45 ::= ObjectSetTest{ {Ost45} }
 OstSeq12345 ::= ObjectSetTest{ {Ost12345} }
 
+OstSeq12Except ::= ObjectSetTest{ {Ost123 EXCEPT ost3} }
+OstSeq123Except ::= ObjectSetTest{ {Ost12345 EXCEPT Ost45} }
+
+ExOst1    OBJECT-SET-TEST ::= { ost1, ... }
 ExOst12    OBJECT-SET-TEST ::= { ost1, ..., ost2 }
 ExOst123   OBJECT-SET-TEST ::= { ost3, ..., ExOst12 }
---ExOst1234  OBJECT-SET-TEST ::= { ExOst123, ..., ost4 }
+ExOst1234  OBJECT-SET-TEST ::= { ExOst123, ..., ost4 }
 ExOst45    OBJECT-SET-TEST ::= { ost4, ..., ost5 }
 ExOst12345 OBJECT-SET-TEST ::= { ExOst123, ..., ExOst45 }
 
+ExOstSeq1 ::= ObjectSetTest{ {ExOst1} }
 ExOstSeq12 ::= ObjectSetTest{ {ExOst12} }
 ExOstSeq123 ::= ObjectSetTest{ {ExOst123} }
---ExOstSeq1234 ::= ObjectSetTest{ {ExOst1234} }
+ExOstSeq1234 ::= ObjectSetTest{ {ExOst1234} }
 ExOstSeq45 ::= ObjectSetTest{ {ExOst45} }
 ExOstSeq12345 ::= ObjectSetTest{ {ExOst12345} }
 
-END
+ExOstSeq12Except ::= ObjectSetTest{ {ExOst123 EXCEPT ost3} }
+ExOstSeq123Except ::= ObjectSetTest{ {ExOst12345 EXCEPT ExOst45} }
+
+ExInlOst1    OBJECT-SET-TEST ::= {
+    { 1 IS BIT STRING },
+    ...
+}
+ExInlOst12   OBJECT-SET-TEST ::= {
+    { 1 IS BIT STRING },
+    ...,
+    { 2 IS OCTET STRING }
+}
+
+ExInlOstSeq1 ::= ObjectSetTest{ {ExInlOst1} }
+ExInlOstSeq12 ::= ObjectSetTest{ {ExInlOst12} }
+
+--
+-- Test that extensions in a simple class works.
+--
+
+ExtClassSeq ::= SEQUENCE {
+  arg      EXT-CLASS.&id({Extend})
+}
+
+EXT-CLASS ::= CLASS {
+    &id INTEGER UNIQUE
+} WITH SYNTAX {
+    ID &id
+}
+
+Extend EXT-CLASS ::= { { ID alt1 } | { ID alt2 }, ... }
+
+alt1 INTEGER ::= 4
+alt2 INTEGER ::= 5
+
+
+--
+-- Test a BIT STRING which is optional in the simplified syntax.
+--
+
+PUBLIC-KEY ::= CLASS {
+    &id             INTEGER UNIQUE,
+    &keyUsage       KeyUsage OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [OPTIONAL-BIT-STRING &keyUsage]
+}
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2)
+ }
+
+object-with-optional-bit-string PUBLIC-KEY ::= {
+ IDENTIFIER 42
+ OPTIONAL-BIT-STRING {digitalSignature, nonRepudiation, keyEncipherment}
+}
+
+-- Test object identifiers from objects.
+
+CONTAINER ::= CLASS {
+ &id   OBJECT IDENTIFIER UNIQUE,
+ &rid  RELATIVE-OID OPTIONAL,
+ &Type OPTIONAL
+} WITH SYNTAX {
+  IDENTIFIED BY &id
+  [REL-OID &rid]
+  [TYPE &Type]
+}
+
+id1 OBJECT IDENTIFIER ::= {1 2 42}
+obj1 CONTAINER ::= { IDENTIFIED BY id1 REL-OID {100 101} }
+
+value-2 OBJECT IDENTIFIER ::= { value-1 25 }
+value-1 OBJECT IDENTIFIER ::= obj1.&id
+value-3 RELATIVE-OID ::= obj1.&rid
+value-4 OBJECT IDENTIFIER ::= { 1 2 value-3 }
+
+
+-- Test an obscure issue when ATTRIBUTE.&id was not
+-- properly evaluated.
+
+Rdn ::= SingleAttribute { {SupportedAttributes} }
+
+ATTRIBUTE ::= CLASS {
+   &id             OBJECT IDENTIFIER UNIQUE,
+   &Type           OPTIONAL
+}
+
+SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+   type      ATTRIBUTE.&id({AttrSet}),
+   value     ATTRIBUTE.&Type({AttrSet}{@type})
+}
 
+AttributeType ::= ATTRIBUTE.&id
 
+SupportedAttributes ATTRIBUTE ::= { at-name }
+
+id-at OBJECT IDENTIFIER ::= { 2 5 4 41 }
+id-at-name AttributeType ::= id-at
+at-name ATTRIBUTE ::= { &Type PrintableString, &id id-at-name }
+
+--
+-- Test using an alias for TYPE-IDENTIFIER.
+--
+
+TiAliasParameterized { TI-ALIAS:InfoObjectSet } ::= SEQUENCE {
+  algorithm TI-ALIAS.&id({InfoObjectSet}),
+  parameters TI-ALIAS.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+TI-ALIAS ::= TYPE-IDENTIFIER
+
+TiAliasSeq ::= SEQUENCE {
+  prf TiAliasParameterized {{TiAliasSet}}
+}
+
+TiAliasSet TI-ALIAS ::= {
+  {NULL IDENTIFIED BY {2 1 2}},
+   ...
+}
+
+--
+-- Test using an alias for a class.
+--
+
+ALIAS-CONTAINER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INDIRECT-CLASS
+}
+
+INDIRECTED-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Type
+}
+
+INDIRECT-CLASS ::= INDIRECTED-CLASS
+
+--
+-- Indirect ObjectClassFieldType in a SEQUENCE.
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType  ContentType, -- Indirect ObjectClassFieldType
+  content      TYPE-IDENTIFIER.&Type({Contents}{@contentType})
+OPTIONAL
+}
+
+Contents TYPE-IDENTIFIER ::= {
+  {IA5String IDENTIFIED BY id-content-type}
+}
+
+ContentType ::= TYPE-IDENTIFIER.&id({Contents})
+id-content-type ContentType ::= { 2 7 8 9 }
+
+--
+-- Tricky parsing of simplified syntax.
+--
+
+TrickyType-1 ::= BIT STRING
+TrickyType-2 ::= OCTET STRING
+
+TRICKY ::= CLASS {
+  &Type1,
+  &Type2
+} WITH SYNTAX {
+   TYPE &Type1 &Type2
+}
+
+tricky-object TRICKY ::= {TYPE TrickyType-1 TrickyType-2}
+
+tricky-bit-string tricky-object.&Type1 ::= '1011'B
+tricky-octet-string tricky-object.&Type1 ::= 'CAFE'H
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1
new file mode 100644
index 0000000000..13981b546d
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1
@@ -0,0 +1,136 @@
+InfObjExtract DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+DATA-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Type
+} WITH SYNTAX {
+  ID &id
+  TYPE &Type
+}
+
+data-object-1 DATA-CLASS ::= { ID 1 TYPE BOOLEAN }
+data-object-2 DATA-CLASS ::= { ID 2 TYPE OCTET STRING }
+data-object-3 DATA-CLASS ::= { ID 3 TYPE BIT STRING }
+
+ObjSet DATA-CLASS ::= {
+  holder-object-1.&obj |
+  data-object-2 |
+  data-object-3,
+  ...
+}
+
+OBJ-SET DATA-CLASS ::= {
+  holder-object-1.&obj |
+  data-object-2 |
+  data-object-3,
+  ...
+}
+
+SingleElementSet DATA-CLASS ::= {
+  holder-object-1.&obj
+}
+
+holder-object-1 HOLDER-CLASS ::= {
+  OBJ data-object-1
+}
+
+holder-object-2 HOLDER-CLASS ::= {
+  OBJ-SET {data-object-1}
+}
+
+holder-object-3 HOLDER-CLASS ::= {
+  OBJ-SET {holder-object-2.&ObjSet}
+}
+
+-- Note: References to object sets with names in all uppercase/hyphens
+-- may be represented differently compared to object sets with names
+-- that contain lowercase letters. CAVEAT TESTOR.
+
+HOLDER-OBJECTS HOLDER-CLASS ::= { holder-object-2 }
+HolderObjects HOLDER-CLASS ::= { holder-object-3 }
+
+holder-object-4 HOLDER-CLASS ::= {
+  OBJ-SET { HOLDER-OBJECTS.&ObjSet }
+}
+
+holder-object-5 HOLDER-CLASS ::= {
+  OBJ-SET { HolderObjects.&ObjSet }
+}
+
+holder-object-6 HOLDER-CLASS ::= {
+  OBJ-SET { OBJ-SET }
+}
+
+holder-object-7 HOLDER-CLASS ::= {
+  OBJ-SET { ObjSet  }
+}
+
+HOLDER-CLASS ::= CLASS {
+  &obj DATA-CLASS OPTIONAL,
+  &ObjSet DATA-CLASS OPTIONAL
+} WITH SYNTAX {
+  [OBJ &obj]
+  [OBJ-SET &ObjSet]
+}
+
+TestSeq{DATA-CLASS:ObjectSet} ::= SEQUENCE {
+  id DATA-CLASS.&id ({ObjectSet}),
+  data DATA-CLASS.&Type ({ObjectSet}{@id})
+}
+
+DataSeq-1 ::= TestSeq{ {ObjSet} }
+DataSeq-2 ::= TestSeq{ {holder-object-3.&ObjSet} }
+
+DataSeq-3 ::= TestSeq{ {holder-object-4.&ObjSet} }
+DataSeq-4 ::= TestSeq{ {holder-object-5.&ObjSet} }
+DataSeq-5 ::= TestSeq{ {holder-object-6.&ObjSet} }
+DataSeq-6 ::= TestSeq{ {holder-object-7.&ObjSet} }
+
+DataSeqSingleSet-1 ::= TestSeq{ {SingleElementSet} }
+DataSeqSingleSet-2 ::= TestSeq{ {holder-object-1.&obj} }
+
+--
+-- Test ObjectSetFromObjects.
+--
+
+OBJ-CLASS ::= CLASS {
+  &id INTEGER UNIQUE,
+  &Data OPTIONAL,
+  &Obj OBJ-CLASS OPTIONAL,
+  &obj OBJ-CLASS OPTIONAL
+}
+
+obj-class-obj-1 OBJ-CLASS ::= { &id 1, &Data BOOLEAN }
+
+obj-class-obj-2 OBJ-CLASS ::= { &id 2, &Data BOOLEAN,
+			         &Obj {obj-class-obj-1} }
+
+obj-class-obj-3 OBJ-CLASS ::= { &id 3, &Data BOOLEAN,
+			         &obj {&id 99, &Obj {obj-class-obj-1}} }
+
+obj-class-obj-4 OBJ-CLASS ::= { &id 4, &Data BOOLEAN, &obj obj-class-obj-2 }
+
+obj-class-obj-5 OBJ-CLASS ::= { &id 5, &Data BOOLEAN,
+		                &Obj {obj-class-obj-4.&obj} }
+
+ObjClassSet OBJ-CLASS ::= { obj-class-obj-3.&obj.&Obj |
+			    obj-class-obj-4.&Obj | -- Non-existing field
+			    obj-class-obj-5.&Obj
+			   }
+
+TestObjClassSeq{OBJ-CLASS:ObjectSet} ::= SEQUENCE {
+  id OBJ-CLASS.&id ({ObjectSet}),
+  data OBJ-CLASS.&Data ({ObjectSet}{@id})
+}
+
+ObjClassSeq-1 ::= TestObjClassSeq{{ObjClassSet}}
+
+--
+-- Test several levels of inlined definitions.
+--
+
+obj-class-obj-6 OBJ-CLASS ::= { &id 6, &Obj {{&id 100, &Data INTEGER}},
+		                &Data INTEGER }
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 b/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1
deleted file mode 100644
index 66912ef693..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1
+++ /dev/null
@@ -1,5 +0,0 @@
-MissingEnd  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ	
-
diff --git a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
index 9368e8dceb..9193ed495c 100644
--- a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1
@@ -50,6 +50,7 @@ itu-t-o OBJECT IDENTIFIER ::= {itu-t recommendation o}
 itu-t-p OBJECT IDENTIFIER ::= {itu-t recommendation p}
 itu-t-q OBJECT IDENTIFIER ::= {itu-t recommendation q}
 itu-t-r OBJECT IDENTIFIER ::= {itu-t recommendation r}
+itu-t-s OBJECT IDENTIFIER ::= {itu-t recommendation s}
 itu-t-t OBJECT IDENTIFIER ::= {itu-t recommendation t}
 itu-t-u OBJECT IDENTIFIER ::= {itu-t recommendation u}
 itu-t-v OBJECT IDENTIFIER ::= {itu-t recommendation v}
diff --git a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
index 68fc782f33..d203b6c816 100644
--- a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1
@@ -42,4 +42,37 @@ SIGNATURE-ALGORITHM ::= CLASS {
     KEY &id CONTAINING &Type
 }
 
+alg-seq-1 AnAlgorithm ::= { algorithm 1, type 42 }
+alg-seq-2 AnAlgorithm ::= { algorithm 2, type TRUE }
+
+--
+-- Test that indirect classes references are resolved.
+--
+
+AlgorithmIdentifier2 { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
+  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
+  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
+
+Seq ::= SEQUENCE {
+  c1 AlgorithmIdentifier2 {{ObjectSet-1}},
+  c2 AlgorithmIdentifier2 {{ObjectSet-2}}
+}
+
+ObjectSet-1 ALGORITHM-IDENTIFIER ::= { {INTEGER IDENTIFIED BY {2 1 1}}, ... }
+ObjectSet-2 ALGORITHM-IDENTIFIER ::= { ... }
+
+-- Test a value that uses the instantiation of a parameterized type inline.
+-- (Adapted from PKCS-5.)
+--
+
+algid-hmacWithSHA1 AlgorithmIdentifier2 {{ObjectSet-3}} ::=
+  {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+
+ObjectSet-3 TYPE-IDENTIFIER ::= { {NULL IDENTIFIED BY id-hmacWithSHA1} }
+
+id-hmacWithSHA1 OBJECT IDENTIFIER ::= {2 9 9 9 7}
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/Prim.asn1 b/lib/asn1/test/asn1_SUITE_data/Prim.asn1
index cc0e61422a..b4c011fd39 100644
--- a/lib/asn1/test/asn1_SUITE_data/Prim.asn1
+++ b/lib/asn1/test/asn1_SUITE_data/Prim.asn1
@@ -24,6 +24,8 @@ BEGIN
                         friday(5),saturday(6),sunday(7)}
   SingleEnumVal ::= ENUMERATED {true}
   SingleEnumValExt ::= ENUMERATED {true, ...}
+  NegEnumVal ::= ENUMERATED {neg(-1), ..., zero(0)}
+  EnumVal128 ::= ENUMERATED {val(128)}
 
   ObjId ::= OBJECT IDENTIFIER
   
diff --git a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
index d7bfbf1788..6163f390dd 100644
--- a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn
@@ -14,7 +14,7 @@ Element ::= CHOICE {bool BOOLEAN,
 		    utf UTF8String,
 		    ro RELATIVE-OID,
 		    nums NumericString,
-		    symbol  PrintableString,
+		    symbol PrintableString,
 		    telet TeletexString,
 		    t61 T61String,
 		    video VideotexString,
@@ -23,13 +23,14 @@ Element ::= CHOICE {bool BOOLEAN,
 		    generalizedTime GeneralizedTime,
 		    gs GraphicString,
 		    vs VisibleString,
---		    iso64 ISO646String,
 		    generalString GeneralString,
 		    univ UniversalString,
 		    cs CHARACTER STRING,
 		    bmp BMPString}
 
-MendeleyevTable ::= SEQUENCE  OF symbol < Element
+MendeleyevTable ::= SEQUENCE OF symbol < Element
+MendeleyevSet ::= SET OF atomic-no < Element
+
 BoolType ::= bool < Element
 
 einsteinium symbol < Element ::= "Es"
@@ -51,7 +52,6 @@ utctimev utctime < Element ::= "9805281429Z"
 gTime generalizedTime < Element ::= "19980528142905.1"
 gsv gs < Element ::= "graphic"
 vsv vs  < Element ::= "visible"
---iso64v iso64 < Element ::= "iso"
 gStringv generalString < Element ::= "general"
 univv univ < Element ::= "Universal"
 bmov bmp < Element ::= "bmp"
diff --git a/lib/asn1/test/asn1_SUITE_data/Seq.py b/lib/asn1/test/asn1_SUITE_data/Seq.py
index f345373ab5..b68f9045a6 100644
--- a/lib/asn1/test/asn1_SUITE_data/Seq.py
+++ b/lib/asn1/test/asn1_SUITE_data/Seq.py
@@ -142,7 +142,10 @@ SeqImp3 ::= SET
   set  Set1
 }
 
-
+SeqCompOf ::= SEQUENCE {
+  ...,
+  COMPONENTS OF SeqS3
+}
 
 END
 
diff --git a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
index 7de9134096..bb85c9e418 100644
--- a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn
@@ -15,10 +15,10 @@ SeqOpt1Imp ::= SEQUENCE
   bool1 [1] BOOLEAN OPTIONAL,
   int1  INTEGER,
   seq1  [2] SeqIn OPTIONAL,
-  seq2  [2] SeqIn OPTIONAL,
+  seq2  [3] SeqIn OPTIONAL,
   ...,
-  int2  [3] SeqIn,
-  int3  [3] SeqIn
+  int2  [4] SeqIn,
+  int3  [5] SeqIn
 }
 
 SeqOpt1Exp ::= SEQUENCE 
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn b/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn
deleted file mode 100644
index 436815aa9b..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComma DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-EXPORTS Person;
-
-Person ::= [PRIVATE 19] SEQUENCE {,
-    name PrintableString,
-    location INTEGER {home(0),field(1),roving(2)},
-    age INTEGER OPTIONAL
-    }
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1
deleted file mode 100644
index 8b2b8816db..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComponentName  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a INTEGER,
-    C Typ}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1
deleted file mode 100644
index 0c33f48906..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1
+++ /dev/null
@@ -1,10 +0,0 @@
-SequenceBadComponentType  DEFINITIONS ::=
-BEGIN
-
-T ::= Typ
-
-Typ ::= SEQUENCE {
-    a b,
-    c T}
-
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/Syntax.py b/lib/asn1/test/asn1_SUITE_data/Syntax.py
deleted file mode 100644
index 867d1148e1..0000000000
--- a/lib/asn1/test/asn1_SUITE_data/Syntax.py
+++ /dev/null
@@ -1,10 +0,0 @@
-Syntax DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-EXPORTS Person;
-
-Person ::= [PRIVATE 19] SEQUENCE {,
-	name PrintableString,
-	location INTEGER {home(0),field(1),roving(2)},
-	age INTEGER OPTIONAL
-	}
-END
diff --git a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
index dae9ae498a..b2c59d686a 100644
--- a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
+++ b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn
@@ -1,4 +1,4 @@
-ValueTest DEFINITIONS  ::= 
+ValueTest DEFINITIONS AUTOMATIC TAGS ::=
 
 BEGIN
 
@@ -23,8 +23,15 @@ vENUMERATED RadioButton ::= button1
 vBS BSNNL ::= {zero,two}
 vNULL NULL ::= NULL
 vOS OCTET STRING ::= '313233'H
-vOD OBJECT IDENTIFIER ::= {2 1 1}
 
+-- OBJECT IDENTIFIER
+vOD OBJECT IDENTIFIER ::= {2 1 1}
+one INTEGER ::= 1
+integer-first OBJECT IDENTIFIER ::= {one 2}
+rel-oid-1 RELATIVE-OID ::= {2 4 5}
+include-roid OBJECT IDENTIFIER ::= {0 rel-oid-1}
+include-oid OBJECT IDENTIFIER ::= {integer-first 1}
+include-all OBJECT IDENTIFIER ::= {integer-first 1 rel-oid-1 42}
 
 --Character strings
 numericstring NumericString ::= "01234567"
@@ -41,7 +48,6 @@ objectdescriptor ObjectDescriptor ::= "ObjectDescriptor"
 graphicstring GraphicString ::= "GraphicString"
 generalstring GeneralString ::= "GeneralString"
 bmpstring1 BMPString ::= "BMPString"
---bmpstring2 BMPString ::= [{0,0,0,66},{0,0,0,77},{0,0,0,80},{0,0,0,115},{0,0,0,116},{0,0,0,114},{0,0,0,105},{0,0,0,110},{0,0,0,103}]
 latinCapitalLetterA UniversalString ::= {0,0,0,65}
 greekCapitalLetterSigma UniversalString ::= {0,0,3,145}
 my-universalstring UniversalString ::= {"This is a capital A: ",
@@ -50,4 +56,88 @@ my-universalstring UniversalString ::= {"This is a capital A: ",
 					greekCapitalLetterSigma,
 					"; try and spot the difference!"}
 
+-- Useful parameterized SEQUENCE.
+ParamSeq{Type} ::= SEQUENCE {
+    a Type
+}
+
+-- Integer values.
+IntegerSeq ::= ParamSeq{INTEGER}
+someInteger INTEGER ::= 42
+integerSeq1 IntegerSeq ::= { a otherInteger }
+otherInteger INTEGER ::= someInteger
+
+--
+-- Values from objects.
+--
+int-from-object-1 INTEGER ::= int-holder-2.&obj.&id
+int-from-object-2 INTEGER ::= int-holder-2.&id
+
+INT-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &obj INT-HOLDER OPTIONAL
+} WITH SYNTAX {
+  ID &id
+  [OBJ &obj]
+}
+
+int-holder-1 INT-HOLDER ::= { ID 2 }
+int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 }
+
+II ::= INTEGER (int-from-object-1..int-from-object-2)
+
+-- Recursive OCTET STRING definitions.
+
+OS-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &os OCTET STRING
+} WITH SYNTAX {
+  ID &id OS &os
+}
+
+os-holder-1 OS-HOLDER ::= { ID 1 OS '4041FF'H }
+
+OctetStringSeq ::= ParamSeq{OCTET STRING}
+
+someOctetString OCTET STRING ::= '404142'H
+
+octetStringSeq1 OctetStringSeq ::= { a someOctetString }
+octetStringSeq2 OctetStringSeq ::= { a otherOctetString }
+octetStringSeq3 OctetStringSeq ::= { a os-holder-1.&os }
+
+otherOctetString OCTET STRING ::= someOctetString
+
+os-1 OCTET STRING ::= os-2
+os-2 OCTET STRING ::= os-holder-1.&os
+
+-- Recursive BIT STRING definitions.
+
+BS-HOLDER ::= CLASS {
+  &id INTEGER UNIQUE,
+  &bs BIT STRING,
+  &named-bs NamedBsType
+} WITH SYNTAX {
+  ID &id BS &bs NAMED-BS &named-bs
+}
+bs-holder-1 BS-HOLDER ::= { ID 1 BS '101'B NAMED-BS {a,c} }
+
+NamedBsType ::= BIT STRING {a(0),b(1),c(2)}
+BsSeq ::= SEQUENCE {
+  a BIT STRING,
+  b NamedBsType
+}
+
+someBitString BIT STRING ::= '101101'B
+
+bsSeq1 BsSeq ::= { a someBitString, b someNamedBs }
+bsSeq2 BsSeq ::= { a otherBitString, b someOtherNamedBs }
+bsSeq3 BsSeq ::= { a bs-holder-1.&bs, b bs-holder-1.&named-bs }
+
+otherBitString BIT STRING ::= someBitString
+bsFromObjectInd BIT STRING ::= bsFromObject
+bsFromObject BIT STRING ::= bs-holder-1.&bs
+
+someOtherNamedBs NamedBsType ::= someNamedBs
+someNamedBs NamedBsType ::= {c}
+
 END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1
index 3f1385323a..3f1385323a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1
new file mode 100644
index 0000000000..f912966c72
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1
@@ -0,0 +1,466 @@
+AlgorithmInformation-2009
+    {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+    mechanisms(5) pkix(7) id-mod(0)
+    id-mod-algorithmInformation-02(58)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+EXPORTS ALL;
+IMPORTS
+
+KeyUsage
+FROM PKIX1Implicit-2009
+    {iso(1) identified-organization(3) dod(6) internet(1)
+    security(5) mechanisms(5) pkix(7) id-mod(0)
+    id-mod-pkix1-implicit-02(59)} ;
+
+--  Suggested prefixes for algorithm objects are:
+--
+--  mda-   Message Digest Algorithms
+--  sa-    Signature Algorithms
+--  kta-   Key Transport Algorithms (Asymmetric)
+--  kaa-   Key Agreement Algorithms  (Asymmetric)
+--  kwa-   Key Wrap Algorithms (Symmetric)
+--  kda-   Key Derivation Algorithms
+--  maca-  Message Authentication Code Algorithms
+--  pk-    Public Key
+--  cea-   Content (symmetric) Encryption Algorithms
+--  cap-   S/MIME Capabilities
+
+ParamOptions ::= ENUMERATED {
+   required,         -- Parameters MUST be encoded in structure
+   preferredPresent, -- Parameters SHOULD be encoded in structure
+   preferredAbsent,  -- Parameters SHOULD NOT be encoded in structure
+   absent,           -- Parameters MUST NOT be encoded in structure
+   inheritable,      -- Parameters are inherited if not present
+   optional,         -- Parameters MAY be encoded in the structure
+   ...
+}
+
+--  DIGEST-ALGORITHM
+--
+--  Describes the basic information for ASN.1 and a digest
+--      algorithm.
+--
+--  &id - contains the OID identifying the digest algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--
+--  Additional information such as the length of the hash could have
+--      been encoded.  Without a clear understanding of what information
+--      is needed by applications, such extraneous information was not
+--      considered to be of sufficent importance.
+--
+--  Example:
+--  mda-sha1 DIGEST-ALGORITHM ::= {
+--      IDENTIFIER id-sha1
+--      PARAMS TYPE NULL ARE preferredAbsent
+--  }
+
+DIGEST-ALGORITHM ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence ]
+}
+
+--  SIGNATURE-ALGORITHM
+--
+--  Describes the basic properties of a signature algorithm
+--
+--  &id - contains the OID identifying the signature algorithm
+--  &Value - contains a type definition for the value structure of
+--              the signature; if absent, implies that no ASN.1
+--              encoding is performed on the value
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &HashSet - The set of hash algorithms used with this
+--                  signature algorithm
+--  &PublicKeySet - the set of public key algorithms for this
+--                  signature algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  sig-RSA-PSS SIGNATURE-ALGORITHM ::= {
+--     IDENTIFIER id-RSASSA-PSS
+--     PARAMS TYPE RSASSA-PSS-params ARE required
+--     HASHES { mda-sha1 | mda-md5, ... }
+--     PUBLIC-KEYS { pk-rsa | pk-rsa-pss }
+-- }
+
+SIGNATURE-ALGORITHM ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &Value          OPTIONAL,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &HashSet        DIGEST-ALGORITHM OPTIONAL,
+    &PublicKeySet   PUBLIC-KEY OPTIONAL,
+    &smimeCaps      SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [VALUE &Value]
+    [PARAMS [TYPE &Params] ARE &paramPresence ]
+    [HASHES &HashSet]
+    [PUBLIC-KEYS &PublicKeySet]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  PUBLIC-KEY
+--
+--  Describes the basic properties of a public key
+--
+--  &id - contains the OID identifying the public key
+--  &KeyValue - contains the type for the key value
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &keyUsage - contains the set of bits that are legal for this
+--              key type.  Note that is does not make any statement
+--              about how bits may be paired.
+--  &PrivateKey - contains a type structure for encoding the private
+--              key information.
+--
+--  Example:
+--  pk-rsa-pss PUBLIC-KEY ::= {
+--      IDENTIFIER id-RSASSA-PSS
+--      KEY RSAPublicKey
+--      PARAMS TYPE RSASSA-PSS-params ARE optional
+--      CERT-KEY-USAGE { .... }
+--  }
+
+PUBLIC-KEY ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &KeyValue       OPTIONAL,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &keyUsage       KeyUsage OPTIONAL,
+    &PrivateKey     OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [KEY &KeyValue]
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [CERT-KEY-USAGE &keyUsage]
+    [PRIVATE-KEY &PrivateKey]
+}
+
+--  KEY-TRANSPORT
+--
+--  Describes the basic properties of a key transport algorithm
+--
+--  &id - contains the OID identifying the key transport algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &PublicKeySet - specifies which public keys are used with
+--                       this algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kta-rsaTransport KEY-TRANSPORT ::= {
+--      IDENTIFIER &id
+--      PARAMS TYPE NULL ARE required
+--      PUBLIC-KEYS  { pk-rsa | pk-rsa-pss }
+--  }
+
+KEY-TRANSPORT ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent,
+    &PublicKeySet       PUBLIC-KEY OPTIONAL,
+    &smimeCaps          SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [PUBLIC-KEYS &PublicKeySet]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  KEY-AGREE
+--
+--  Describes the basic properties of a key agreement algorithm
+--
+--  &id - contains the OID identifying the key agreement algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &PublicKeySet - specifies which public keys are used with
+--                        this algorithm
+--  &Ukm - type of user keying material used
+--  &ukmPresence - specifies the requirements to define the UKM field
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kaa-dh-static-ephemeral KEY-AGREE ::= {
+--      IDENTIFIER id-alg-ESDH
+--      PARAMS TYPE KeyWrapAlgorithm ARE required
+--      PUBLIC-KEYS {
+--         {IDENTIFIER dh-public-number KEY DHPublicKey
+--            PARAMS TYPE DHDomainParameters ARE inheritable }
+--      }
+--      - - UKM should be present but is not separately ASN.1-encoded
+--      UKM ARE preferredPresent
+--  }
+
+KEY-AGREE ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &Params         OPTIONAL,
+    &paramPresence  ParamOptions DEFAULT absent,
+    &PublicKeySet   PUBLIC-KEY OPTIONAL,
+    &Ukm            OPTIONAL,
+    &ukmPresence    ParamOptions DEFAULT absent,
+    &smimeCaps      SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [PUBLIC-KEYS &PublicKeySet]
+    [UKM [TYPE &Ukm] ARE &ukmPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  KEY-WRAP
+--
+--  Describes the basic properties of a key wrap algorithm
+--
+--  &id - contains the OID identifying the key wrap algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kwa-cms3DESwrap KEY-WRAP ::= {
+--      IDENTIFIER id-alg-CMS3DESwrap
+--      PARAMS TYPE NULL ARE required
+--  }
+
+KEY-WRAP ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+--  KEY-DERIVATION
+--
+--  Describes the basic properties of a key derivation algorithm
+--
+--  &id - contains the OID identifying the key derivation algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  kda-pbkdf2 KEY-DERIVATION ::= {
+--      IDENTIFIER id-PBKDF2
+--      PARAMS TYPE PBKDF2-params ARE required
+--  }
+
+KEY-DERIVATION ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- MAC-ALGORITHM
+--
+--  Describes the basic properties of a message
+--      authentication code (MAC) algorithm
+--
+--  &id - contains the OID identifying the MAC algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &keyed - MAC algorithm is a keyed MAC algorithm
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Some parameters that perhaps should have been added would be
+--  fields with the minimum and maximum MAC lengths for
+--  those MAC algorithms that allow truncations.
+--
+--  Example:
+--  maca-hmac-sha1 MAC-ALGORITHM ::= {
+--      IDENTIFIER hMAC-SHA1
+--      PARAMS TYPE NULL ARE preferredAbsent
+--      IS KEYED MAC TRUE
+--      SMIME-CAPS {IDENTIFIED BY hMAC-SHA1}
+--  }
+
+MAC-ALGORITHM ::= CLASS {
+    &id                 OBJECT IDENTIFIER UNIQUE,
+    &Params             OPTIONAL,
+    &paramPresence      ParamOptions DEFAULT absent,
+    &keyed              BOOLEAN,
+    &smimeCaps          SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    IS-KEYED-MAC &keyed
+    [SMIME-CAPS &smimeCaps]
+}
+
+--  CONTENT-ENCRYPTION
+--
+--  Describes the basic properties of a content encryption
+--      algorithm
+--
+--  &id - contains the OID identifying the content
+--        encryption algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  Example:
+--  cea-3DES-cbc CONTENT-ENCRYPTION ::= {
+--      IDENTIFIER des-ede3-cbc
+--      PARAMS TYPE IV ARE required
+--      SMIME-CAPS { IDENTIFIED BY des-ede3-cbc }
+--  }
+
+CONTENT-ENCRYPTION ::= CLASS {
+    &id                OBJECT IDENTIFIER UNIQUE,
+    &Params            OPTIONAL,
+    &paramPresence     ParamOptions DEFAULT absent,
+    &smimeCaps         SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- ALGORITHM
+--
+-- Describes a generic algorithm identifier
+--
+--  &id - contains the OID identifying the algorithm
+--  &Params - if present, contains the type for the algorithm
+--               parameters; if absent, implies no parameters
+--  &paramPresence - parameter presence requirement
+--  &smimeCaps - contains the object describing how the S/MIME
+--              capabilities are presented.
+--
+--  This would be used for cases where an algorithm of an unknown
+--  type is used.  In general however, one should either define
+--  a more complete algorithm structure (such as the one above)
+--  or use the TYPE-IDENTIFIER class.
+
+ALGORITHM ::= CLASS {
+    &id OBJECT   IDENTIFIER UNIQUE,
+    &Params      OPTIONAL,
+    &paramPresence ParamOptions DEFAULT absent,
+    &smimeCaps   SMIME-CAPS OPTIONAL
+} WITH SYNTAX {
+    IDENTIFIER &id
+    [PARAMS [TYPE &Params] ARE &paramPresence]
+    [SMIME-CAPS &smimeCaps]
+}
+
+-- AlgorithmIdentifier
+--
+-- Provides the generic structure that is used to encode algorithm
+--    identification and the parameters associated with the
+--    algorithm.
+--
+-- The first parameter represents the type of the algorithm being
+--    used.
+-- The second parameter represents an object set containing the
+--    algorithms that may occur in this situation.
+--    The initial list of required algorithms should occur to the
+--      left of an extension marker; all other algorithms should
+--      occur to the right of an extension marker.
+--
+-- The object class ALGORITHM can be used for generic unspecified
+--     items.
+-- If new ALGORITHM classes are defined, the fields &id and &Params
+--     need to be present as fields in the object in order to use
+--     this parameterized type.
+--
+-- Example:
+--    SignatureAlgorithmIdentifier ::=
+--       AlgorithmIdentifier{SIGNATURE-ALGORITHM, {SignatureAlgSet}}
+
+AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
+        SEQUENCE {
+            algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
+            parameters  ALGORITHM-TYPE.
+                   &Params({AlgorithmSet}{@algorithm}) OPTIONAL
+        }
+
+--  S/MIME Capabilities
+--
+--  We have moved the SMIME-CAPS from the module for RFC 3851 to here
+--  because it is used in RFC 4262 (X.509 Certificate Extension for
+--  S/MIME Capabilities)
+--
+--
+--  This class is used to represent an S/MIME capability.  S/MIME
+--  capabilities are used to represent what algorithm capabilities
+--  an individual has.  The classic example was the content encryption
+--  algorithm RC2 where the algorithm id and the RC2 key lengths
+--  supported needed to be advertised, but the IV used is not fixed.
+--  Thus, for RC2 we used
+--
+--  cap-RC2CBC SMIME-CAPS ::= {
+--      TYPE INTEGER ( 40 | 128 ) IDENTIFIED BY rc2-cbc }
+--
+--  where 40 and 128 represent the RC2 key length in number of bits.
+--
+--  Another example where information needs to be shown is for
+--  RSA-OAEP where only specific hash functions or mask generation
+--  functions are supported, but the saltLength is specified by the
+--  sender and not the recipient.  In this case, one can either
+--  generate a number of capability items,
+--  or a new S/MIME capability type could be generated where
+--  multiple hash functions could be specified.
+--
+--
+--  SMIME-CAP
+--
+--  This class is used to associate the type that describes the
+--  capabilities with the object identifier.
+--
+
+SMIME-CAPS ::= CLASS {
+    &id         OBJECT IDENTIFIER UNIQUE,
+    &Type       OPTIONAL
+}
+WITH SYNTAX { [TYPE &Type] IDENTIFIED BY &id }
+
+--
+--  Generic type - this is used for defining values.
+--
+
+--  Define a single S/MIME capability encoding
+
+SMIMECapability{SMIME-CAPS:CapabilitySet} ::= SEQUENCE {
+    capabilityID        SMIME-CAPS.&id({CapabilitySet}),
+    parameters          SMIME-CAPS.&Type({CapabilitySet}
+                            {@capabilityID}) OPTIONAL
+}
+
+--  Define a sequence of S/MIME capability values
+
+SMIMECapabilities { SMIME-CAPS:CapabilitySet } ::=
+        SEQUENCE SIZE (1..MAX) OF SMIMECapability{{CapabilitySet} }
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1
new file mode 100644
index 0000000000..46b431af40
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1
@@ -0,0 +1,59 @@
+  AttributeCertificateVersion1-2009
+      {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-v1AttrCert-02(49)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  SIGNATURE-ALGORITHM, ALGORITHM, AlgorithmIdentifier{}
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+  CertificateSerialNumber, UniqueIdentifier, SIGNED{}
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }
+
+  GeneralNames
+  FROM PKIX1Implicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) }
+
+  AttCertValidityPeriod, IssuerSerial
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } ;
+
+  -- Definition extracted from X.509-1997 [X.509-97], but
+  -- different type names are used to avoid collisions.
+
+  AttributeCertificateV1 ::= SIGNED{AttributeCertificateInfoV1}
+
+  AttributeCertificateInfoV1 ::= SEQUENCE {
+     version AttCertVersionV1 DEFAULT v1,
+     subject CHOICE {
+        baseCertificateID [0] IssuerSerial,
+        -- associated with a Public Key Certificate
+        subjectName [1] GeneralNames },
+     -- associated with a name
+     issuer GeneralNames,
+     signature AlgorithmIdentifier{SIGNATURE-ALGORITHM, {...}},
+     serialNumber CertificateSerialNumber,
+     attCertValidityPeriod AttCertValidityPeriod,
+     attributes SEQUENCE OF AttributeSet{{AttrList}},
+     issuerUniqueID UniqueIdentifier OPTIONAL,
+     extensions Extensions{{AttributeCertExtensionsV1}} OPTIONAL }
+
+  AttCertVersionV1 ::= INTEGER { v1(0) }
+
+  AttrList ATTRIBUTE ::= {...}
+  AttributeCertExtensionsV1 EXTENSION ::= {...}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1
index 5cfa9062f0..5cfa9062f0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1
index d8b2b687ae..d8b2b687ae 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1
index 0daf2208e9..0daf2208e9 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1
index 04060cf060..04060cf060 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1
index aed48ac26b..aed48ac26b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1
index 7ba5bf194a..7ba5bf194a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1
index 24c7fafc38..24c7fafc38 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1
new file mode 100644
index 0000000000..3e350294be
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1
@@ -0,0 +1,463 @@
+  CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
+      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
+      AlgorithmIdentifier
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+  SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs,
+      MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs,
+      KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  Certificate, CertificateList, CertificateSerialNumber,
+      Name, ATTRIBUTE
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-explicit-02(51) }
+
+  AttributeCertificate
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-attribute-cert-02(47) }
+
+  AttributeCertificateV1
+  FROM AttributeCertificateVersion1-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-v1AttrCert-02(49) } ;
+
+  -- Cryptographic Message Syntax
+
+  -- The following are used for version numbers using the ASN.1
+  --   idiom "[[n:"
+  --   Version 1 = PKCS #7
+  --   Version 2 = S/MIME V2
+  --   Version 3 = RFC 2630
+  --   Version 4 = RFC 3369
+  --   Version 5 = RFC 3852
+
+  CONTENT-TYPE ::= TYPE-IDENTIFIER
+  ContentType ::= CONTENT-TYPE.&id
+
+  ContentInfo ::= SEQUENCE {
+      contentType        CONTENT-TYPE.
+                      &id({ContentSet}),
+      content            [0] EXPLICIT CONTENT-TYPE.
+                      &Type({ContentSet}{@contentType})}
+
+  ContentSet CONTENT-TYPE ::= {
+      --  Define the set of content types to be recognized.
+      ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData |
+      ct-AuthenticatedData | ct-DigestedData, ... }
+
+  SignedData ::= SEQUENCE {
+      version CMSVersion,
+      digestAlgorithms SET OF DigestAlgorithmIdentifier,
+      encapContentInfo EncapsulatedContentInfo,
+      certificates [0] IMPLICIT CertificateSet OPTIONAL,
+      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+      signerInfos SignerInfos }
+
+  SignerInfos ::= SET OF SignerInfo
+
+  EncapsulatedContentInfo ::= SEQUENCE {
+      eContentType       CONTENT-TYPE.&id({ContentSet}),
+      eContent           [0] EXPLICIT OCTET STRING
+              ( CONTAINING CONTENT-TYPE.
+                  &Type({ContentSet}{@eContentType})) OPTIONAL }
+
+  SignerInfo ::= SEQUENCE {
+      version CMSVersion,
+      sid SignerIdentifier,
+      digestAlgorithm DigestAlgorithmIdentifier,
+      signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+      signatureAlgorithm SignatureAlgorithmIdentifier,
+      signature SignatureValue,
+      unsignedAttrs [1] IMPLICIT Attributes
+          {{UnsignedAttributes}} OPTIONAL }
+
+  SignedAttributes ::= Attributes {{ SignedAttributesSet }}
+
+  SignerIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      ...,
+      [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }
+
+  SignedAttributesSet ATTRIBUTE ::=
+      { aa-signingTime | aa-messageDigest | aa-contentType, ... }
+
+  UnsignedAttributes ATTRIBUTE ::= { aa-countersignature, ... }
+
+  SignatureValue ::= OCTET STRING
+
+  EnvelopedData ::= SEQUENCE {
+      version CMSVersion,
+      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+      recipientInfos RecipientInfos,
+      encryptedContentInfo EncryptedContentInfo,
+      ...,
+      [[2: unprotectedAttrs [1] IMPLICIT Attributes
+          {{ UnprotectedAttributes }} OPTIONAL ]] }
+
+  OriginatorInfo ::= SEQUENCE {
+      certs [0] IMPLICIT CertificateSet OPTIONAL,
+      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
+
+  RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
+
+  EncryptedContentInfo ::= SEQUENCE {
+      contentType        CONTENT-TYPE.&id({ContentSet}),
+      contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+      encryptedContent   [0] IMPLICIT OCTET STRING OPTIONAL }
+
+  -- If you want to do constraints, you might use:
+  -- EncryptedContentInfo ::= SEQUENCE {
+  --  contentType        CONTENT-TYPE.&id({ContentSet}),
+  --  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+  --  encryptedContent   [0] IMPLICIT ENCRYPTED {CONTENT-TYPE.
+  --      &Type({ContentSet}{@contentType}) OPTIONAL }
+  -- ENCRYPTED {ToBeEncrypted} ::= OCTET STRING ( CONSTRAINED BY
+  --        { ToBeEncrypted } )
+
+  UnprotectedAttributes ATTRIBUTE ::=  { ... }
+
+  RecipientInfo ::= CHOICE {
+      ktri           KeyTransRecipientInfo,
+      ...,
+      [[3: kari  [1] KeyAgreeRecipientInfo ]],
+      [[4: kekri [2] KEKRecipientInfo]],
+      [[5: pwri  [3] PasswordRecipientInfo,
+           ori   [4] OtherRecipientInfo ]] }
+
+  EncryptedKey ::= OCTET STRING
+
+  KeyTransRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 0 or 2
+      rid RecipientIdentifier,
+      keyEncryptionAlgorithm AlgorithmIdentifier
+          {KEY-TRANSPORT, {KeyTransportAlgorithmSet}},
+      encryptedKey EncryptedKey }
+
+  KeyTransportAlgorithmSet KEY-TRANSPORT ::= { KeyTransportAlgs, ... }
+
+  RecipientIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      ...,
+      [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }
+  KeyAgreeRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 3
+      originator [0] EXPLICIT OriginatorIdentifierOrKey,
+      ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+      keyEncryptionAlgorithm AlgorithmIdentifier
+          {KEY-AGREE, {KeyAgreementAlgorithmSet}},
+      recipientEncryptedKeys RecipientEncryptedKeys }
+
+  KeyAgreementAlgorithmSet KEY-AGREE ::= { KeyAgreementAlgs, ... }
+
+  OriginatorIdentifierOrKey ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      subjectKeyIdentifier [0] SubjectKeyIdentifier,
+      originatorKey [1] OriginatorPublicKey }
+
+  OriginatorPublicKey ::= SEQUENCE {
+      algorithm AlgorithmIdentifier {PUBLIC-KEY, {OriginatorKeySet}},
+      publicKey BIT STRING }
+
+  OriginatorKeySet PUBLIC-KEY ::= { KeyAgreePublicKeys, ... }
+
+  RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+  RecipientEncryptedKey ::= SEQUENCE {
+      rid KeyAgreeRecipientIdentifier,
+      encryptedKey EncryptedKey }
+
+  KeyAgreeRecipientIdentifier ::= CHOICE {
+      issuerAndSerialNumber IssuerAndSerialNumber,
+      rKeyId [0] IMPLICIT RecipientKeyIdentifier }
+
+  RecipientKeyIdentifier ::= SEQUENCE {
+      subjectKeyIdentifier SubjectKeyIdentifier,
+      date GeneralizedTime OPTIONAL,
+      other OtherKeyAttribute OPTIONAL }
+
+  SubjectKeyIdentifier ::= OCTET STRING
+
+  KEKRecipientInfo ::= SEQUENCE {
+      version CMSVersion,  -- always set to 4
+      kekid KEKIdentifier,
+      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+      encryptedKey EncryptedKey }
+
+  KEKIdentifier ::= SEQUENCE {
+      keyIdentifier OCTET STRING,
+      date GeneralizedTime OPTIONAL,
+      other OtherKeyAttribute OPTIONAL }
+  PasswordRecipientInfo ::= SEQUENCE {
+      version CMSVersion,   -- always set to 0
+      keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
+                              OPTIONAL,
+      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+      encryptedKey EncryptedKey }
+
+  OTHER-RECIPIENT ::= TYPE-IDENTIFIER
+
+  OtherRecipientInfo ::= SEQUENCE {
+      oriType    OTHER-RECIPIENT.
+              &id({SupportedOtherRecipInfo}),
+      oriValue   OTHER-RECIPIENT.
+              &Type({SupportedOtherRecipInfo}{@oriType})}
+
+  SupportedOtherRecipInfo OTHER-RECIPIENT ::= { ... }
+
+  DigestedData ::= SEQUENCE {
+      version CMSVersion,
+      digestAlgorithm DigestAlgorithmIdentifier,
+      encapContentInfo EncapsulatedContentInfo,
+      digest Digest, ... }
+
+  Digest ::= OCTET STRING
+
+  EncryptedData ::= SEQUENCE {
+      version CMSVersion,
+      encryptedContentInfo EncryptedContentInfo,
+      ...,
+      [[2: unprotectedAttrs [1] IMPLICIT Attributes
+          {{UnprotectedAttributes}} OPTIONAL ]] }
+
+  AuthenticatedData ::= SEQUENCE {
+      version CMSVersion,
+      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+      recipientInfos RecipientInfos,
+      macAlgorithm MessageAuthenticationCodeAlgorithm,
+      digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+      encapContentInfo EncapsulatedContentInfo,
+      authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
+      mac MessageAuthenticationCode,
+      unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
+
+  AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+      {{AuthAttributeSet}}
+
+  AuthAttributeSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest
+                                       | aa-signingTime, ...}
+  MessageAuthenticationCode ::= OCTET STRING
+
+  UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+      {{UnauthAttributeSet}}
+
+  UnauthAttributeSet ATTRIBUTE ::= {...}
+
+  --
+  --  General algorithm definitions
+  --
+
+  DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+      {DIGEST-ALGORITHM, {DigestAlgorithmSet}}
+
+  DigestAlgorithmSet DIGEST-ALGORITHM ::= {
+      CryptographicMessageSyntaxAlgorithms-2009.MessageDigestAlgs, ... }
+
+  SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+      {SIGNATURE-ALGORITHM, {SignatureAlgorithmSet}}
+
+  SignatureAlgorithmSet SIGNATURE-ALGORITHM ::=
+      { SignatureAlgs, ... }
+
+  KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+      {KEY-WRAP, {KeyEncryptionAlgorithmSet}}
+
+  KeyEncryptionAlgorithmSet KEY-WRAP ::= { KeyWrapAlgs, ... }
+
+  ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+      {CONTENT-ENCRYPTION, {ContentEncryptionAlgorithmSet}}
+
+  ContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::=
+      { ContentEncryptionAlgs, ... }
+
+  MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+      {MAC-ALGORITHM, {MessageAuthenticationCodeAlgorithmSet}}
+
+  MessageAuthenticationCodeAlgorithmSet MAC-ALGORITHM ::=
+      { MessageAuthAlgs, ... }
+
+  KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
+      {KEY-DERIVATION, {KeyDerivationAlgs, ...}}
+
+  RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
+  RevocationInfoChoice ::= CHOICE {
+      crl CertificateList,
+      ...,
+      [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] }
+
+  OTHER-REVOK-INFO ::= TYPE-IDENTIFIER
+
+  OtherRevocationInfoFormat ::= SEQUENCE {
+      otherRevInfoFormat    OTHER-REVOK-INFO.
+              &id({SupportedOtherRevokInfo}),
+      otherRevInfo          OTHER-REVOK-INFO.
+              &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})}
+
+  SupportedOtherRevokInfo OTHER-REVOK-INFO ::= { ... }
+
+  CertificateChoices ::= CHOICE {
+      certificate Certificate,
+      extendedCertificate [0] IMPLICIT ExtendedCertificate,
+           -- Obsolete
+      ...,
+      [[3: v1AttrCert [1] IMPLICIT AttributeCertificateV1]],
+           -- Obsolete
+      [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]],
+      [[5: other      [3] IMPLICIT OtherCertificateFormat]] }
+
+  AttributeCertificateV2 ::= AttributeCertificate
+
+  OTHER-CERT-FMT ::= TYPE-IDENTIFIER
+
+  OtherCertificateFormat ::= SEQUENCE {
+      otherCertFormat OTHER-CERT-FMT.
+              &id({SupportedCertFormats}),
+      otherCert       OTHER-CERT-FMT.
+              &Type({SupportedCertFormats}{@otherCertFormat})}
+
+  SupportedCertFormats OTHER-CERT-FMT ::= { ... }
+
+  CertificateSet ::= SET OF CertificateChoices
+
+  IssuerAndSerialNumber ::= SEQUENCE {
+      issuer Name,
+      serialNumber CertificateSerialNumber }
+
+  CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
+
+  UserKeyingMaterial ::= OCTET STRING
+
+  KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
+
+  OtherKeyAttribute ::= SEQUENCE {
+      keyAttrId  KEY-ATTRIBUTE.
+
+              &id({SupportedKeyAttributes}),
+      keyAttr    KEY-ATTRIBUTE.
+              &Type({SupportedKeyAttributes}{@keyAttrId})}
+
+  SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... }
+
+  -- Content Type Object Identifiers
+
+  id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
+
+  ct-Data CONTENT-TYPE ::= {OCTET STRING IDENTIFIED BY id-data}
+
+  id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
+
+  ct-SignedData CONTENT-TYPE ::=
+      { SignedData IDENTIFIED BY id-signedData}
+
+  id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
+
+  ct-EnvelopedData CONTENT-TYPE ::=
+      { EnvelopedData IDENTIFIED BY id-envelopedData}
+
+  id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
+
+  ct-DigestedData CONTENT-TYPE ::=
+      { DigestedData IDENTIFIED BY id-digestedData}
+
+  id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
+
+  ct-EncryptedData CONTENT-TYPE ::=
+      { EncryptedData IDENTIFIED BY id-encryptedData}
+
+  id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
+
+  ct-AuthenticatedData CONTENT-TYPE ::=
+      { AuthenticatedData IDENTIFIED BY id-ct-authData}
+
+  id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
+
+  --
+  -- The CMS Attributes
+  --
+
+  MessageDigest ::= OCTET STRING
+
+  SigningTime  ::= Time
+
+  Time ::= CHOICE {
+      utcTime UTCTime,
+      generalTime GeneralizedTime }
+
+  Countersignature ::= SignerInfo
+
+  -- Attribute Object Identifiers
+
+  aa-contentType ATTRIBUTE ::=
+      { TYPE ContentType IDENTIFIED BY id-contentType }
+  id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
+
+  aa-messageDigest ATTRIBUTE ::=
+      { TYPE MessageDigest IDENTIFIED BY id-messageDigest}
+  id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
+
+  aa-signingTime ATTRIBUTE ::=
+      { TYPE SigningTime IDENTIFIED BY id-signingTime }
+  id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+
+  aa-countersignature ATTRIBUTE ::=
+      { TYPE Countersignature IDENTIFIED BY id-countersignature }
+  id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
+
+  --
+  -- Obsolete Extended Certificate syntax from PKCS#6
+  --
+
+  ExtendedCertificateOrCertificate ::= CHOICE {
+      certificate Certificate,
+      extendedCertificate [0] IMPLICIT ExtendedCertificate }
+
+  ExtendedCertificate ::= SEQUENCE {
+      extendedCertificateInfo ExtendedCertificateInfo,
+      signatureAlgorithm SignatureAlgorithmIdentifier,
+      signature Signature }
+
+  ExtendedCertificateInfo ::= SEQUENCE {
+      version CMSVersion,
+      certificate Certificate,
+      attributes UnauthAttributes }
+
+  Signature ::= BIT STRING
+
+  Attribute{ ATTRIBUTE:AttrList } ::= SEQUENCE {
+      attrType           ATTRIBUTE.
+              &id({AttrList}),
+      attrValues         SET OF ATTRIBUTE.
+              &Type({AttrList}{@attrType})  }
+
+  Attributes { ATTRIBUTE:AttrList } ::=
+      SET SIZE (1..MAX) OF Attribute {{ AttrList }}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1
new file mode 100644
index 0000000000..72e8b270db
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1
@@ -0,0 +1,248 @@
+   CryptographicMessageSyntaxAlgorithms-2009
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+       smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
+      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
+      AlgorithmIdentifier{}, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   pk-rsa, pk-dh, pk-dsa, rsaEncryption, DHPublicKey, dhpublicnumber
+   FROM PKIXAlgs-2009
+        {iso(1) identified-organization(3) dod(6)
+        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-algorithms2008-02(56)}
+
+   cap-RC2CBC
+   FROM SecureMimeMessageV3dot1-2009
+        {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+        smime(16) modules(0) id-mod-msg-v3dot1-02(39)};
+
+   --  2. Hash algorithms in this document
+
+   MessageDigestAlgs DIGEST-ALGORITHM ::= {
+   --   mda-md5 | mda-sha1,
+        ... }
+
+   --  3. Signature algorithms in this document
+
+   SignatureAlgs SIGNATURE-ALGORITHM ::= {
+   --  See RFC 3279
+   --  sa-dsaWithSHA1 |  sa-rsaWithMD5 | sa-rsaWithSHA1,
+       ... }
+
+   --  4.  Key Management Algorithms
+   --  4.1 Key Agreement Algorithms
+
+   KeyAgreementAlgs KEY-AGREE ::= { kaa-esdh | kaa-ssdh, ...}
+   KeyAgreePublicKeys PUBLIC-KEY ::= { pk-dh, ...}
+
+   --  4.2  Key Transport Algorithms
+
+   KeyTransportAlgs KEY-TRANSPORT ::= { kt-rsa, ... }
+
+   --  4.3  Symmetric Key-Encryption Key Algorithms
+
+   KeyWrapAlgs KEY-WRAP ::= { kwa-3DESWrap | kwa-RC2Wrap, ... }
+
+   --  4.4  Key Derivation Algorithms
+
+   KeyDerivationAlgs KEY-DERIVATION ::= { kda-PBKDF2, ... }
+
+   --  5.  Content Encryption Algorithms
+
+   ContentEncryptionAlgs CONTENT-ENCRYPTION ::=
+       { cea-3DES-cbc | cea-RC2-cbc, ... }
+
+   --  6.  Message Authentication Code Algorithms
+
+   MessageAuthAlgs MAC-ALGORITHM ::= { maca-hMAC-SHA1, ... }
+
+   --  S/MIME Capabilities for these items
+
+   SMimeCaps SMIME-CAPS ::= {
+       kaa-esdh.&smimeCaps         |
+       kaa-ssdh.&smimeCaps         |
+       kt-rsa.&smimeCaps           |
+       kwa-3DESWrap.&smimeCaps     |
+       kwa-RC2Wrap.&smimeCaps      |
+       cea-3DES-cbc.&smimeCaps     |
+       cea-RC2-cbc.&smimeCaps      |
+       maca-hMAC-SHA1.&smimeCaps,
+       ...}
+
+   --
+   --
+   --
+
+   -- Algorithm Identifiers
+
+   -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+   --    us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
+
+   id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
+
+   id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 }
+
+   id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
+
+   id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
+
+   des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
+
+   rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) encryptionAlgorithm(3) 2 }
+
+   hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+      dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
+
+   id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-5(5) 12 }
+
+   -- Algorithm Identifier Parameter Types
+
+   KeyWrapAlgorithm ::=
+       AlgorithmIdentifier {KEY-WRAP, {KeyWrapAlgs }}
+
+   RC2wrapParameter ::= RC2ParameterVersion
+   RC2ParameterVersion ::= INTEGER
+
+   CBCParameter ::= IV
+
+   IV ::= OCTET STRING  -- exactly 8 octets
+
+   RC2CBCParameter ::= SEQUENCE {
+       rc2ParameterVersion INTEGER (1..256),
+       iv OCTET STRING  }  -- exactly 8 octets
+
+   maca-hMAC-SHA1 MAC-ALGORITHM ::= {
+       IDENTIFIER hMAC-SHA1
+       PARAMS TYPE NULL ARE preferredAbsent
+       IS-KEYED-MAC TRUE
+       SMIME-CAPS {IDENTIFIED BY hMAC-SHA1}
+   }
+
+   PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{ ALGORITHM,
+                                          {PBKDF2-PRFs} }
+
+   alg-hMAC-SHA1 ALGORITHM ::=
+       { IDENTIFIER hMAC-SHA1 PARAMS TYPE NULL ARE required }
+
+   PBKDF2-PRFs ALGORITHM ::= { alg-hMAC-SHA1, ... }
+
+   PBKDF2-SaltSources ALGORITHM ::= { ... }
+
+   PBKDF2-SaltSourcesAlgorithmIdentifier ::=
+       AlgorithmIdentifier {ALGORITHM, {PBKDF2-SaltSources}}
+
+   defaultPBKDF2 PBKDF2-PRFsAlgorithmIdentifier ::=
+       { algorithm alg-hMAC-SHA1.&id, parameters NULL:NULL }
+
+   PBKDF2-params ::= SEQUENCE {
+       salt CHOICE {
+           specified OCTET STRING,
+           otherSource PBKDF2-SaltSourcesAlgorithmIdentifier },
+       iterationCount INTEGER (1..MAX),
+       keyLength INTEGER (1..MAX) OPTIONAL,
+       prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT
+               defaultPBKDF2
+           }
+
+   --
+   --  This object is included for completeness.  It should not be used
+   --      for encoding of signatures, but was sometimes used in older
+   --      versions of CMS for encoding of RSA signatures.
+   --
+   --
+   -- sa-rsa SIGNATURE-ALGORITHM ::= {
+   --         IDENTIFIER rsaEncryption
+   --         - - value is not ASN.1 encoded
+   --         PARAMS TYPE NULL ARE required
+   --         HASHES {mda-sha1 | mda-md5, ...}
+   --         PUBLIC-KEYS { pk-rsa}
+   -- }
+   --
+   -- No ASN.1 encoding is applied to the signature value
+   --    for these items
+
+   kaa-esdh KEY-AGREE ::= {
+        IDENTIFIER id-alg-ESDH
+        PARAMS TYPE KeyWrapAlgorithm ARE required
+        PUBLIC-KEYS { pk-dh }
+        -- UKM is not ASN.1 encoded
+        UKM ARE optional
+        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-ESDH}
+   }
+
+   kaa-ssdh KEY-AGREE ::= {
+        IDENTIFIER id-alg-SSDH
+        PARAMS TYPE KeyWrapAlgorithm ARE required
+        PUBLIC-KEYS {pk-dh}
+        -- UKM is not ASN.1 encoded
+        UKM ARE optional
+        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-SSDH}
+   }
+
+   dh-public-number OBJECT IDENTIFIER ::= dhpublicnumber
+
+   pk-originator-dh PUBLIC-KEY ::= {
+       IDENTIFIER dh-public-number
+       KEY DHPublicKey
+       PARAMS ARE absent
+       CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly}
+   }
+
+   kwa-3DESWrap KEY-WRAP ::= {
+        IDENTIFIER id-alg-CMS3DESwrap
+        PARAMS TYPE NULL ARE required
+        SMIME-CAPS {IDENTIFIED BY id-alg-CMS3DESwrap}
+   }
+
+   kwa-RC2Wrap KEY-WRAP ::= {
+        IDENTIFIER id-alg-CMSRC2wrap
+        PARAMS TYPE RC2wrapParameter ARE required
+        SMIME-CAPS { IDENTIFIED BY id-alg-CMSRC2wrap }
+   }
+
+   kda-PBKDF2 KEY-DERIVATION ::= {
+       IDENTIFIER id-PBKDF2
+       PARAMS TYPE PBKDF2-params ARE required
+       -- No S/MIME caps defined
+   }
+
+   cea-3DES-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER des-ede3-cbc
+       PARAMS TYPE IV ARE required
+       SMIME-CAPS { IDENTIFIED BY des-ede3-cbc }
+   }
+
+   cea-RC2-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER rc2-cbc
+       PARAMS TYPE RC2CBCParameter ARE required
+       SMIME-CAPS cap-RC2CBC
+   }
+
+   kt-rsa KEY-TRANSPORT ::= {
+       IDENTIFIER rsaEncryption
+       PARAMS TYPE NULL ARE required
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS {IDENTIFIED BY rsaEncryption}
+   }
+
+   --  S/MIME Capabilities - most have no label.
+
+   cap-3DESwrap SMIME-CAPS ::= { IDENTIFIED BY id-alg-CMS3DESwrap }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1
index cd3330dc56..cd3330dc56 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1
index df5e8489ea..df5e8489ea 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1
index ef1187ba8c..ef1187ba8c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1
index 5a5d310729..5a5d310729 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1
index 10d6979f6d..10d6979f6d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1
index 91c0a865f7..91c0a865f7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1
index e3e1f95621..e3e1f95621 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1
index 9df5d2783a..9df5d2783a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1
index 37c6cac261..37c6cac261 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1
index acbb692b6f..acbb692b6f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1
index cace79d109..cace79d109 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1
index 72e791f10c..72e791f10c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1
index d8c15b7afa..d8c15b7afa 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1
index 9991a59454..9991a59454 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1
new file mode 100644
index 0000000000..17a45a0a6b
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1
@@ -0,0 +1,543 @@
+  EnrollmentMessageSyntax-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmc2002-02(53)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  EXPORTS ALL;
+  IMPORTS
+
+  AttributeSet{}, Extension{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, KEY-WRAP, KEY-DERIVATION,
+      MAC-ALGORITHM, SIGNATURE-ALGORITHM, PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  CertificateSerialNumber, GeneralName, CRLReason, ReasonFlags,
+      CertExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  Name, id-pkix, PublicKeyAlgorithms, SignatureAlgorithms
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  ContentInfo, IssuerAndSerialNumber, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41)}
+
+  CertReqMsg, PKIPublicationInfo, CertTemplate
+  FROM PKIXCRMF-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)}
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+       { iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-pkix1-algorithms2008-02(56)}
+
+  kda-PBKDF2, maca-hMAC-SHA1
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  mda-sha256
+  FROM PKIX1-PSS-OAEP-Algorithms-2009
+       { iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-pkix1-rsa-pkalgs-02(54) } ;
+
+  --  CMS Content types defined in this document
+  CMC-ContentTypes CONTENT-TYPE ::= { ct-PKIData | ct-PKIResponse, ... }
+
+  --  Signature Algorithms defined in this document
+
+  SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-noSignature }
+
+  --  CMS Unsigned Attributes
+
+  CMC-UnsignedAtts ATTRIBUTE ::= { aa-cmc-unsignedData }
+
+  --
+  --
+
+  id-cmc OBJECT IDENTIFIER ::= {id-pkix 7}   -- CMC controls
+  id-cct OBJECT IDENTIFIER ::= {id-pkix 12}  -- CMC content types
+
+  -- This is the content type for a request message in the protocol
+
+  ct-PKIData CONTENT-TYPE ::=
+      { PKIData IDENTIFIED BY id-cct-PKIData }
+  id-cct-PKIData OBJECT IDENTIFIER ::= { id-cct 2 }
+
+  PKIData ::= SEQUENCE {
+      controlSequence    SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
+      reqSequence        SEQUENCE SIZE(0..MAX) OF TaggedRequest,
+      cmsSequence        SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
+      otherMsgSequence   SEQUENCE SIZE(0..MAX) OF OtherMsg
+  }
+
+  BodyPartID ::= INTEGER(0..4294967295)
+
+  TaggedAttribute ::= SEQUENCE {
+      bodyPartID         BodyPartID,
+      attrType           CMC-CONTROL.&id({Cmc-Control-Set}),
+      attrValues         SET OF CMC-CONTROL.
+                             &Type({Cmc-Control-Set}{@attrType})
+  }
+
+  Cmc-Control-Set CMC-CONTROL ::= {
+      cmc-identityProof | cmc-dataReturn | cmc-regInfo |
+      cmc-responseInfo | cmc-queryPending | cmc-popLinkRandom |
+      cmc-popLinkWitness | cmc-identification | cmc-transactionId |
+      cmc-senderNonce | cmc-recipientNonce | cmc-statusInfo |
+      cmc-addExtensions | cmc-encryptedPOP | cmc-decryptedPOP |
+      cmc-lraPOPWitness | cmc-getCert | cmc-getCRL |
+      cmc-revokeRequest | cmc-confirmCertAcceptance |
+      cmc-statusInfoV2 | cmc-trustedAnchors | cmc-authData |
+      cmc-batchRequests | cmc-batchResponses | cmc-publishCert |
+      cmc-modCertTemplate | cmc-controlProcessed |
+      cmc-identityProofV2 | cmc-popLinkWitnessV2, ... }
+
+  OTHER-REQUEST ::= TYPE-IDENTIFIER
+
+  --  We do not define any other requests in this document;
+  --     examples might be attribute certification requests
+
+  OtherRequests OTHER-REQUEST ::= {...}
+
+  TaggedRequest ::= CHOICE {
+      tcr               [0] TaggedCertificationRequest,
+      crm               [1] CertReqMsg,
+      orm               [2] SEQUENCE {
+          bodyPartID            BodyPartID,
+          requestMessageType    OTHER-REQUEST.&id({OtherRequests}),
+          requestMessageValue   OTHER-REQUEST.&Type({OtherRequests}
+                                    {@.requestMessageType})
+      }
+  }
+
+  TaggedCertificationRequest ::= SEQUENCE {
+      bodyPartID            BodyPartID,
+      certificationRequest  CertificationRequest
+  }
+
+  AttributeList ATTRIBUTE ::= {at-extension-req, ...}
+
+  CertificationRequest ::= SEQUENCE {
+     certificationRequestInfo  SEQUENCE {
+         version                   INTEGER,
+         subject                   Name,
+         subjectPublicKeyInfo      SEQUENCE {
+             algorithm                 AlgorithmIdentifier{PUBLIC-KEY,
+                                           {PublicKeyAlgorithms}},
+             subjectPublicKey          BIT STRING
+         },
+         attributes                [0] IMPLICIT SET OF
+                                       AttributeSet{{AttributeList}}
+      },
+      signatureAlgorithm        AlgorithmIdentifier
+                                    {SIGNATURE-ALGORITHM,
+                                        {SignatureAlgorithms}},
+      signature                 BIT STRING
+  }
+
+  TaggedContentInfo ::= SEQUENCE {
+      bodyPartID              BodyPartID,
+      contentInfo             ContentInfo
+  }
+
+  OTHER-MSG ::= TYPE-IDENTIFIER
+
+  --  No other messages currently defined
+
+  OtherMsgSet OTHER-MSG ::= {...}
+
+  OtherMsg ::= SEQUENCE {
+      bodyPartID        BodyPartID,
+      otherMsgType      OTHER-MSG.&id({OtherMsgSet}),
+      otherMsgValue     OTHER-MSG.&Type({OtherMsgSet}{@otherMsgType}) }
+
+  --  This defines the response message in the protocol
+
+  ct-PKIResponse CONTENT-TYPE ::=
+      { PKIResponse IDENTIFIED BY id-cct-PKIResponse }
+  id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
+
+  ResponseBody ::= PKIResponse
+
+  PKIResponse ::= SEQUENCE {
+      controlSequence   SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
+      cmsSequence       SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
+      otherMsgSequence  SEQUENCE SIZE(0..MAX) OF OtherMsg
+  }
+
+  CMC-CONTROL ::= TYPE-IDENTIFIER
+
+  -- The following controls have the type OCTET STRING
+
+  cmc-identityProof CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-identityProof }
+  id-cmc-identityProof OBJECT IDENTIFIER ::= {id-cmc 3}
+
+  cmc-dataReturn CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-dataReturn }
+  id-cmc-dataReturn OBJECT IDENTIFIER ::= {id-cmc 4}
+
+  cmc-regInfo CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-regInfo }
+  id-cmc-regInfo OBJECT IDENTIFIER ::= {id-cmc 18}
+
+  cmc-responseInfo CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-responseInfo }
+  id-cmc-responseInfo OBJECT IDENTIFIER ::= {id-cmc 19}
+
+  cmc-queryPending CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-queryPending }
+  id-cmc-queryPending OBJECT IDENTIFIER ::= {id-cmc 21}
+
+  cmc-popLinkRandom CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-popLinkRandom }
+  id-cmc-popLinkRandom OBJECT IDENTIFIER ::= {id-cmc 22}
+
+  cmc-popLinkWitness CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-popLinkWitness }
+  id-cmc-popLinkWitness OBJECT IDENTIFIER ::= {id-cmc 23}
+
+  -- The following controls have the type UTF8String
+
+  cmc-identification CMC-CONTROL ::=
+      { UTF8String IDENTIFIED BY id-cmc-identification }
+  id-cmc-identification OBJECT IDENTIFIER ::= {id-cmc 2}
+
+  -- The following controls have the type INTEGER
+
+  cmc-transactionId CMC-CONTROL ::=
+      { INTEGER IDENTIFIED BY id-cmc-transactionId }
+  id-cmc-transactionId OBJECT IDENTIFIER ::= {id-cmc 5}
+
+  -- The following controls have the type OCTET STRING
+
+  cmc-senderNonce CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-senderNonce }
+
+  id-cmc-senderNonce OBJECT IDENTIFIER ::= {id-cmc 6}
+
+  cmc-recipientNonce CMC-CONTROL ::=
+      { OCTET STRING IDENTIFIED BY id-cmc-recipientNonce }
+  id-cmc-recipientNonce OBJECT IDENTIFIER ::= {id-cmc 7}
+
+  -- Used to return status in a response
+
+  cmc-statusInfo CMC-CONTROL ::=
+      { CMCStatusInfo IDENTIFIED BY id-cmc-statusInfo }
+  id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
+
+  CMCStatusInfo ::= SEQUENCE {
+      cMCStatus       CMCStatus,
+      bodyList        SEQUENCE SIZE (1..MAX) OF BodyPartID,
+      statusString    UTF8String OPTIONAL,
+      otherInfo       CHOICE {
+         failInfo         CMCFailInfo,
+         pendInfo         PendInfo
+      } OPTIONAL
+  }
+
+  PendInfo ::= SEQUENCE {
+      pendToken        OCTET STRING,
+      pendTime         GeneralizedTime
+  }
+
+  CMCStatus ::= INTEGER {
+      success         (0),
+      failed          (2),
+      pending         (3),
+      noSupport       (4),
+      confirmRequired (5),
+      popRequired     (6),
+      partial         (7)
+  }
+
+  -- Note:
+  -- The spelling of unsupportedExt is corrected in this version.
+  -- In RFC 2797, it was unsuportedExt.
+
+  CMCFailInfo ::= INTEGER {
+      badAlg          (0),
+      badMessageCheck (1),
+      badRequest      (2),
+      badTime         (3),
+      badCertId       (4),
+      unsuportedExt   (5),
+      mustArchiveKeys (6),
+      badIdentity     (7),
+      popRequired     (8),
+      popFailed       (9),
+      noKeyReuse      (10),
+      internalCAError (11),
+      tryLater        (12),
+      authDataFail    (13)
+  }
+
+  -- Used for RAs to add extensions to certification requests
+
+  cmc-addExtensions CMC-CONTROL ::=
+      { AddExtensions IDENTIFIED BY id-cmc-addExtensions }
+  id-cmc-addExtensions OBJECT IDENTIFIER ::= {id-cmc 8}
+
+  AddExtensions ::= SEQUENCE {
+      pkiDataReference    BodyPartID,
+      certReferences      SEQUENCE OF BodyPartID,
+      extensions          SEQUENCE OF Extension{{CertExtensions}}
+  }
+
+  cmc-encryptedPOP CMC-CONTROL ::=
+      { EncryptedPOP IDENTIFIED BY id-cmc-encryptedPOP }
+  cmc-decryptedPOP CMC-CONTROL ::=
+      { DecryptedPOP IDENTIFIED BY id-cmc-decryptedPOP }
+  id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
+  id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
+
+  EncryptedPOP ::= SEQUENCE {
+      request       TaggedRequest,
+      cms             ContentInfo,
+      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witnessAlgID    AlgorithmIdentifier{DIGEST-ALGORITHM,
+                          {WitnessAlgs}},
+      witness         OCTET STRING
+  }
+
+  POPAlgs MAC-ALGORITHM ::= {maca-hMAC-SHA1, ...}
+  WitnessAlgs DIGEST-ALGORITHM ::= {mda-sha1, ...}
+
+  DecryptedPOP ::= SEQUENCE {
+      bodyPartID      BodyPartID,
+      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      thePOP          OCTET STRING
+  }
+
+  cmc-lraPOPWitness CMC-CONTROL ::=
+      { LraPopWitness IDENTIFIED BY id-cmc-lraPOPWitness }
+
+  id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
+
+  LraPopWitness ::= SEQUENCE {
+      pkiDataBodyid   BodyPartID,
+      bodyIds         SEQUENCE OF BodyPartID
+  }
+
+  --
+
+  cmc-getCert CMC-CONTROL ::=
+      { GetCert IDENTIFIED BY id-cmc-getCert }
+  id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
+
+  GetCert ::= SEQUENCE {
+      issuerName      GeneralName,
+      serialNumber    INTEGER }
+
+  cmc-getCRL CMC-CONTROL ::=
+      { GetCRL IDENTIFIED BY id-cmc-getCRL }
+  id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
+  GetCRL ::= SEQUENCE {
+      issuerName    Name,
+      cRLName       GeneralName OPTIONAL,
+      time          GeneralizedTime OPTIONAL,
+      reasons       ReasonFlags OPTIONAL }
+
+  cmc-revokeRequest CMC-CONTROL ::=
+      { RevokeRequest IDENTIFIED BY id-cmc-revokeRequest}
+  id-cmc-revokeRequest OBJECT IDENTIFIER ::= {id-cmc 17}
+
+  RevokeRequest ::= SEQUENCE {
+      issuerName            Name,
+      serialNumber          INTEGER,
+      reason                CRLReason,
+      invalidityDate         GeneralizedTime OPTIONAL,
+      passphrase            OCTET STRING OPTIONAL,
+      comment               UTF8String OPTIONAL }
+
+  cmc-confirmCertAcceptance CMC-CONTROL ::=
+      { CMCCertId IDENTIFIED BY id-cmc-confirmCertAcceptance }
+  id-cmc-confirmCertAcceptance OBJECT IDENTIFIER ::= {id-cmc 24}
+
+  CMCCertId ::= IssuerAndSerialNumber
+
+  -- The following is used to request v3 extensions be added
+  --     to a certificate
+
+  at-extension-req ATTRIBUTE ::=
+      { TYPE ExtensionReq IDENTIFIED BY id-ExtensionReq }
+  id-ExtensionReq OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) 14}
+
+  ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF
+      Extension{{CertExtensions}}
+
+  -- The following allows Diffie-Hellman Certification Request
+  --     Messages to be well-formed
+
+  sa-noSignature SIGNATURE-ALGORITHM ::= {
+      IDENTIFIER id-alg-noSignature
+      VALUE NoSignatureValue
+      PARAMS TYPE NULL ARE required
+      HASHES { mda-sha1 }
+  }
+  id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}
+
+  NoSignatureValue ::= OCTET STRING
+  --  Unauthenticated attribute to carry removable data.
+
+  id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2)}
+
+  aa-cmc-unsignedData ATTRIBUTE ::=
+      { TYPE CMCUnsignedData IDENTIFIED BY id-aa-cmc-unsignedData }
+  id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
+
+  CMCUnsignedData ::= SEQUENCE {
+      bodyPartPath        BodyPartPath,
+      identifier          TYPE-IDENTIFIER.&id,
+      content             TYPE-IDENTIFIER.&Type
+  }
+
+  --  Replaces CMC Status Info
+  --
+
+  cmc-statusInfoV2 CMC-CONTROL ::=
+      { CMCStatusInfoV2 IDENTIFIED BY id-cmc-statusInfoV2 }
+  id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
+
+  EXTENDED-FAILURE-INFO ::= TYPE-IDENTIFIER
+
+  ExtendedFailures EXTENDED-FAILURE-INFO ::= {...}
+
+  CMCStatusInfoV2 ::= SEQUENCE {
+     cMCStatus             CMCStatus,
+     bodyList              SEQUENCE SIZE (1..MAX) OF
+                                    BodyPartReference,
+     statusString          UTF8String OPTIONAL,
+     otherInfo             CHOICE {
+         failInfo               CMCFailInfo,
+         pendInfo               PendInfo,
+         extendedFailInfo       [1] SEQUENCE {
+            failInfoOID            TYPE-IDENTIFIER.&id
+                                       ({ExtendedFailures}),
+            failInfoValue          TYPE-IDENTIFIER.&Type
+                                       ({ExtendedFailures}
+                                           {@.failInfoOID})
+         }
+      } OPTIONAL
+  }
+
+  BodyPartReference ::= CHOICE {
+     bodyPartID           BodyPartID,
+     bodyPartPath         BodyPartPath
+  }
+
+  BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
+
+  --  Allow for distribution of trust anchors
+  --
+
+  cmc-trustedAnchors CMC-CONTROL ::=
+      { PublishTrustAnchors IDENTIFIED BY id-cmc-trustedAnchors }
+  id-cmc-trustedAnchors OBJECT IDENTIFIER ::= {id-cmc 26}
+
+  PublishTrustAnchors ::= SEQUENCE {
+      seqNumber      INTEGER,
+      hashAlgorithm  AlgorithmIdentifier{DIGEST-ALGORITHM,
+                         {HashAlgorithms}},
+      anchorHashes   SEQUENCE OF OCTET STRING
+  }
+
+  HashAlgorithms DIGEST-ALGORITHM ::= {
+     mda-sha1 | mda-sha256, ...
+  }
+
+  cmc-authData CMC-CONTROL ::=
+      { AuthPublish IDENTIFIED BY id-cmc-authData }
+  id-cmc-authData OBJECT IDENTIFIER ::= {id-cmc 27}
+
+  AuthPublish ::= BodyPartID
+
+  --   These two items use BodyPartList
+
+  cmc-batchRequests CMC-CONTROL ::=
+      { BodyPartList IDENTIFIED BY id-cmc-batchRequests }
+  id-cmc-batchRequests OBJECT IDENTIFIER ::= {id-cmc 28}
+
+  cmc-batchResponses CMC-CONTROL ::=
+      { BodyPartList IDENTIFIED BY id-cmc-batchResponses }
+  id-cmc-batchResponses OBJECT IDENTIFIER ::= {id-cmc 29}
+
+  BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
+
+  cmc-publishCert CMC-CONTROL ::=
+      { CMCPublicationInfo IDENTIFIED BY id-cmc-publishCert }
+  id-cmc-publishCert OBJECT IDENTIFIER ::= {id-cmc 30}
+
+  CMCPublicationInfo ::= SEQUENCE {
+      hashAlg        AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {HashAlgorithms}},
+      certHashes     SEQUENCE OF OCTET STRING,
+      pubInfo        PKIPublicationInfo
+  }
+
+  cmc-modCertTemplate CMC-CONTROL ::=
+      { ModCertTemplate IDENTIFIED BY id-cmc-modCertTemplate }
+  id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
+
+  ModCertTemplate ::= SEQUENCE {
+      pkiDataReference             BodyPartPath,
+      certReferences               BodyPartList,
+      replace                      BOOLEAN DEFAULT TRUE,
+      certTemplate                 CertTemplate
+  }
+
+  -- Inform follow-on servers that one or more controls have
+  --     already been processed
+
+  cmc-controlProcessed CMC-CONTROL ::=
+      { ControlsProcessed IDENTIFIED BY id-cmc-controlProcessed }
+  id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
+
+  ControlsProcessed ::= SEQUENCE {
+      bodyList              SEQUENCE SIZE(1..MAX) OF BodyPartReference
+  }
+
+  --  Identity Proof control w/ algorithm agility
+
+  cmc-identityProofV2 CMC-CONTROL ::=
+      { IdentityProofV2 IDENTIFIED BY id-cmc-identityProofV2 }
+  id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
+
+  IdentityProofV2 ::= SEQUENCE {
+      proofAlgID       AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {WitnessAlgs}},
+      macAlgId         AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witness          OCTET STRING
+  }
+
+  cmc-popLinkWitnessV2 CMC-CONTROL ::=
+      { PopLinkWitnessV2 IDENTIFIED BY id-cmc-popLinkWitnessV2 }
+  id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
+
+  PopLinkWitnessV2 ::= SEQUENCE {
+      keyGenAlgorithm   AlgorithmIdentifier{KEY-DERIVATION,
+                            {KeyDevAlgs}},
+      macAlgorithm      AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}},
+      witness           OCTET STRING
+  }
+
+  KeyDevAlgs KEY-DERIVATION ::= {kda-PBKDF2, ...}
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1
index 9a7d4936a6..9a7d4936a6 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1
index 9b6a426ca2..9b6a426ca2 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1
index c59451dcdb..c59451dcdb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1
index 60acbb3b5c..60acbb3b5c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1
index 84c1ee9851..84c1ee9851 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1
index 28daa467e1..28daa467e1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1
index 336b824174..336b824174 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1
index db2725c37d..db2725c37d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1
index 4e0084b079..4e0084b079 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1
index 3fec8ae64a..3fec8ae64a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1
index 8c0c8138e2..8c0c8138e2 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1
index 9805a6189d..9805a6189d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1
index b39e03c3b6..b39e03c3b6 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1
index 171f4b4223..171f4b4223 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1
index 59de6d1b04..59de6d1b04 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1
index 57faac6587..57faac6587 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1
index 4e46c7679b..4e46c7679b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1
index 09ef4de282..09ef4de282 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1
index 752e8d05e1..752e8d05e1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1
index 3fb0463ee7..3fb0463ee7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1
index 719bca4987..719bca4987 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1
index 6e5c01ab40..6e5c01ab40 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1
index 2b46b27b3e..2b46b27b3e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1
index 8c692ccb31..8c692ccb31 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1
index 27324f614f..27324f614f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1
index b7efd7417e..b7efd7417e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1
index a57a276704..a57a276704 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1
index 0149602040..0149602040 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1
index bd1d8d3c48..bd1d8d3c48 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1
index 813ac9c6a0..813ac9c6a0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1
index 2c78360b7b..2c78360b7b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1
index 92c887bb06..92c887bb06 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1
index 64fc4436e4..64fc4436e4 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1
index 5de6491621..5de6491621 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1
index fab36bf12a..fab36bf12a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1
index 187c3c8ad4..187c3c8ad4 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1
index 40f53b9458..40f53b9458 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1
index 052b3b2041..052b3b2041 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1
index b69d72b3ed..b69d72b3ed 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1
index 99d34b2883..99d34b2883 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1
index eceae4ab44..eceae4ab44 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1
index 37c894da86..37c894da86 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1
index df194f838c..df194f838c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1
index 6494fbd3ef..6494fbd3ef 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1
index 38035c77ae..38035c77ae 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1
index 68a5118bc8..68a5118bc8 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1
index f66d117f35..f66d117f35 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1
index 03181c5951..03181c5951 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1
index 1615b241ee..1615b241ee 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1
index 10eac962cb..10eac962cb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1
index 96dfc39b6a..96dfc39b6a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
new file mode 100644
index 0000000000..db500fe9a1
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
@@ -0,0 +1,183 @@
+  OCSP-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  AuthorityInfoAccessSyntax, GeneralName, CrlEntryExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  Name, CertificateSerialNumber, id-kp, id-ad-ocsp, Certificate
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  sa-dsaWithSHA1, sa-rsaWithMD2, sa-rsaWithMD5, sa-rsaWithSHA1
+  FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56)};
+
+  OCSPRequest     ::=     SEQUENCE {
+      tbsRequest                  TBSRequest,
+      optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+
+  TBSRequest      ::=     SEQUENCE {
+      version             [0] EXPLICIT Version DEFAULT v1,
+      requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+      requestList             SEQUENCE OF Request,
+      requestExtensions   [2] EXPLICIT Extensions {{re-ocsp-nonce |
+                                  re-ocsp-response, ...}} OPTIONAL }
+
+  Signature       ::=     SEQUENCE {
+      signatureAlgorithm   AlgorithmIdentifier
+                               { SIGNATURE-ALGORITHM, {...}},
+      signature            BIT STRING,
+      certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  Version  ::=  INTEGER  {  v1(0) }
+
+  Request ::=     SEQUENCE {
+      reqCert                    CertID,
+      singleRequestExtensions    [0] EXPLICIT Extensions
+                                         { {re-ocsp-service-locator,
+                                                ...}} OPTIONAL }
+
+  CertID ::= SEQUENCE {
+      hashAlgorithm            AlgorithmIdentifier
+                                   {DIGEST-ALGORITHM, {...}},
+      issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+      issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key
+      serialNumber       CertificateSerialNumber }
+
+  OCSPResponse ::= SEQUENCE {
+     responseStatus         OCSPResponseStatus,
+     responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+
+  OCSPResponseStatus ::= ENUMERATED {
+      successful            (0), --Response has valid confirmations
+      malformedRequest      (1), --Illegal confirmation request
+      internalError         (2), --Internal error in issuer
+      tryLater              (3), --Try again later
+                                 -- (4) is not used
+      sigRequired           (5), --Must sign the request
+      unauthorized          (6)  --Request unauthorized
+  }
+
+  RESPONSE ::= TYPE-IDENTIFIER
+
+  ResponseSet RESPONSE ::= {basicResponse, ...}
+
+  ResponseBytes ::=       SEQUENCE {
+      responseType        RESPONSE.
+                              &id ({ResponseSet}),
+      response            OCTET STRING (CONTAINING RESPONSE.
+                              &Type({ResponseSet}{@responseType}))}
+
+  basicResponse RESPONSE ::=
+      { BasicOCSPResponse IDENTIFIED BY id-pkix-ocsp-basic }
+
+  BasicOCSPResponse       ::= SEQUENCE {
+     tbsResponseData      ResponseData,
+     signatureAlgorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                              {sa-dsaWithSHA1 | sa-rsaWithSHA1 |
+                                   sa-rsaWithMD5 | sa-rsaWithMD2, ...}},
+     signature            BIT STRING,
+     certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  ResponseData ::= SEQUENCE {
+     version              [0] EXPLICIT Version DEFAULT v1,
+     responderID              ResponderID,
+     producedAt               GeneralizedTime,
+     responses                SEQUENCE OF SingleResponse,
+     responseExtensions   [1] EXPLICIT Extensions
+                                  {{re-ocsp-nonce, ...}} OPTIONAL }
+
+  ResponderID ::= CHOICE {
+     byName   [1] Name,
+     byKey    [2] KeyHash }
+
+  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+                           -- (excluding the tag and length fields)
+
+  SingleResponse ::= SEQUENCE {
+     certID                       CertID,
+     certStatus                   CertStatus,
+     thisUpdate                   GeneralizedTime,
+     nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+     singleExtensions     [1]     EXPLICIT Extensions{{re-ocsp-crl |
+                                               re-ocsp-archive-cutoff |
+                                                CrlEntryExtensions, ...}
+                                               } OPTIONAL }
+
+  CertStatus ::= CHOICE {
+      good                [0]     IMPLICIT NULL,
+      revoked             [1]     IMPLICIT RevokedInfo,
+      unknown             [2]     IMPLICIT UnknownInfo }
+
+  RevokedInfo ::= SEQUENCE {
+      revocationTime              GeneralizedTime,
+      revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+
+  UnknownInfo ::= NULL
+
+  CRLReason ::= INTEGER
+
+  ArchiveCutoff ::= GeneralizedTime
+
+  AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})
+
+  ServiceLocator ::= SEQUENCE {
+      issuer    Name,
+      locator   AuthorityInfoAccessSyntax }
+
+  CrlID ::= SEQUENCE {
+      crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+      crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+      crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+
+  --  Request Extensions
+
+  re-ocsp-nonce EXTENSION ::= { SYNTAX OCTET STRING IDENTIFIED
+                                    BY id-pkix-ocsp-nonce }
+  re-ocsp-response EXTENSION ::= { SYNTAX AcceptableResponses IDENTIFIED
+                                       BY id-pkix-ocsp-response }
+  re-ocsp-service-locator EXTENSION ::= { SYNTAX ServiceLocator
+                                          IDENTIFIED BY
+                                          id-pkix-ocsp-service-locator }
+
+  --  Response Extensions
+
+  re-ocsp-crl EXTENSION ::= { SYNTAX CrlID IDENTIFIED BY
+                                  id-pkix-ocsp-crl }
+  re-ocsp-archive-cutoff EXTENSION ::= { SYNTAX ArchiveCutoff
+                                         IDENTIFIED BY
+                                         id-pkix-ocsp-archive-cutoff }
+
+  -- Object Identifiers
+
+  id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+  id-pkix-ocsp                 OBJECT IDENTIFIER ::= id-ad-ocsp
+  id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+  id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+  id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+  id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+  id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+  id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+  id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1
index ac449b59c7..ab555200bb 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1
@@ -3,7 +3,7 @@
 -- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7.
 -- Extensions to PKCS#7 defined in RFC 2630 are included.
 -- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive.
-PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
+OLD-PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
   module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT
 TAGS ::=
 BEGIN
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1
index b4f91f50c5..b4f91f50c5 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1
index 2044feb155..2044feb155 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1
new file mode 100644
index 0000000000..a5fd0fefb9
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1
@@ -0,0 +1,56 @@
+  PKCS-10
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+        mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
+      PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  ATTRIBUTE, Name
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)};
+
+  -- Certificate requests
+  CertificationRequestInfo ::= SEQUENCE {
+      version       INTEGER { v1(0) } (v1, ... ),
+      subject       Name,
+      subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+      attributes    [0] Attributes{{ CRIAttributes }}
+  }
+
+  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
+      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
+      subjectPublicKey BIT STRING
+  }
+
+  PKInfoAlgorithms PUBLIC-KEY ::= {
+      ... -- add any locally defined algorithms here -- }
+
+  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
+
+  CRIAttributes  ATTRIBUTE  ::= {
+      ... -- add any locally defined attributes here -- }
+
+  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
+      type   ATTRIBUTE.&id({IOSet}),
+      values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+  }
+
+  CertificationRequest ::= SEQUENCE {
+      certificationRequestInfo  CertificationRequestInfo,
+      signatureAlgorithm        AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                    { SignatureAlgorithms }},
+      signature                 BIT STRING
+  }
+
+  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+      ... -- add any locally defined algorithms here -- }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1
new file mode 100644
index 0000000000..5b37a552f9
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1
@@ -0,0 +1,174 @@
+PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+                 pkcs-12(12) modules(0)  pkcs-12(1)}
+
+-- $Revision$
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL
+-- All types and values defined in this module is exported for use in
+-- other ASN.1 modules.
+
+IMPORTS
+
+informationFramework
+        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+        usefulDefinitions(0) 3}
+
+ATTRIBUTE
+	FROM InformationFramework informationFramework
+
+ContentInfo, DigestInfo
+	FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}
+
+PrivateKeyInfo, EncryptedPrivateKeyInfo
+	FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
+
+pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
+	FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
+	pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)};
+
+-- Object identifiers
+
+rsadsi	OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
+pkcs    OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
+pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12}
+pkcs-12PbeIds                  	OBJECT IDENTIFIER ::= {pkcs-12 1}
+pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
+pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
+pbeWithSHAAnd3-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
+pbeWithSHAAnd2-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
+pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
+pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}
+
+bagtypes			OBJECT IDENTIFIER ::= {pkcs-12 10 1}
+
+-- The PFX PDU
+
+PFX ::= SEQUENCE {
+	version		INTEGER {v3(3)}(v3,...),
+	authSafe	ContentInfo,
+	macData    	MacData OPTIONAL
+}
+
+MacData ::= SEQUENCE {
+	mac 		DigestInfo,
+	macSalt	        OCTET STRING,
+	iterations	INTEGER DEFAULT 1
+-- Note: The default is for historical reasons and its use is
+-- deprecated. A higher value, like 1024 is recommended.
+}
+
+AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+	-- Data if unencrypted
+	-- EncryptedData if password-encrypted
+	-- EnvelopedData if public key-encrypted
+
+SafeContents ::= SEQUENCE OF SafeBag
+
+SafeBag ::= SEQUENCE {
+	bagId	      	BAG-TYPE.&id ({PKCS12BagSet}),
+	bagValue      	[0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
+	bagAttributes 	SET OF PKCS12Attribute OPTIONAL
+}
+
+-- Bag types
+
+keyBag 	  BAG-TYPE ::=
+	{KeyBag IDENTIFIED BY {bagtypes 1}}
+pkcs8ShroudedKeyBag BAG-TYPE ::=
+	{PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
+certBag BAG-TYPE ::=
+	{CertBag IDENTIFIED BY {bagtypes 3}}
+crlBag BAG-TYPE ::=
+	{CRLBag IDENTIFIED BY {bagtypes 4}}
+secretBag BAG-TYPE ::=
+	{SecretBag IDENTIFIED BY {bagtypes 5}}
+safeContentsBag BAG-TYPE ::=
+	{SafeContents IDENTIFIED BY {bagtypes 6}}
+
+PKCS12BagSet BAG-TYPE ::= {
+	keyBag |
+	pkcs8ShroudedKeyBag |
+	certBag |
+	crlBag |
+	secretBag |
+	safeContentsBag,
+	... -- For future extensions
+}
+
+BAG-TYPE ::= TYPE-IDENTIFIER
+
+-- KeyBag
+
+KeyBag ::= PrivateKeyInfo
+
+-- Shrouded KeyBag
+
+PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
+
+-- CertBag
+
+CertBag ::= SEQUENCE {
+	certId    BAG-TYPE.&id   ({CertTypes}),
+	certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
+}
+
+x509Certificate BAG-TYPE ::=
+	{OCTET STRING IDENTIFIED BY {certTypes 1}}
+	-- DER-encoded X.509 certificate stored in OCTET STRING
+sdsiCertificate BAG-TYPE ::=
+	{IA5String IDENTIFIED BY {certTypes 2}}
+	-- Base64-encoded SDSI certificate stored in IA5String
+
+CertTypes BAG-TYPE ::= {
+	x509Certificate |
+	sdsiCertificate,
+	... -- For future extensions
+}
+
+-- CRLBag
+
+CRLBag ::= SEQUENCE {
+	crlId     	BAG-TYPE.&id ({CRLTypes}),
+	crlValue 	[0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
+}
+
+x509CRL BAG-TYPE ::=
+	{OCTET STRING IDENTIFIED BY {crlTypes 1}}
+	-- DER-encoded X.509 CRL stored in OCTET STRING
+
+CRLTypes BAG-TYPE ::= {
+	x509CRL,
+	... -- For future extensions
+}
+
+-- Secret Bag
+
+SecretBag ::= SEQUENCE {
+	secretTypeId BAG-TYPE.&id ({SecretTypes}),
+	secretValue  [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})
+}
+
+SecretTypes BAG-TYPE ::= {
+	... -- For future extensions
+}
+
+-- Attributes
+
+PKCS12Attribute ::= SEQUENCE {
+	attrId	   	ATTRIBUTE.&id ({PKCS12AttrSet}),
+	attrValues 	SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
+} -- This type is compatible with the X.500 type 'Attribute'
+
+PKCS12AttrSet ATTRIBUTE ::= {
+	friendlyName |
+	localKeyId,
+	... -- Other attributes are allowed
+}
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1
new file mode 100644
index 0000000000..91b0dc36bf
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1
@@ -0,0 +1,202 @@
+-- PKCS #5 v2.1 ASN.1 Module
+-- Revised October 27, 2012
+
+-- This module has been checked for conformance with the
+-- ASN.1 standard by the OSS ASN.1 Tools
+
+PKCS-5 {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16)
+	pkcs5v2-1(2)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- ============================
+--   Basic object identifiers
+-- ============================
+
+nistAlgorithms OBJECT IDENTIFIER ::=
+  {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4}
+oiw    OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14}
+rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
+pkcs   OBJECT IDENTIFIER ::= {rsadsi 1}
+pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
+
+
+-- ============================
+-- Basic types and classes
+-- ============================
+
+AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
+  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
+  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
+}
+
+ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
+
+
+-- ============================
+-- PBKDF2
+-- ============================
+
+PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+  { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+  {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+
+PBKDF2-params ::= SEQUENCE {
+  salt CHOICE {
+    specified OCTET STRING,
+    otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+  },
+  iterationCount INTEGER (1..MAX),
+  keyLength INTEGER (1..MAX) OPTIONAL,
+  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+}
+
+PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+
+PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+  {NULL IDENTIFIED BY id-hmacWithSHA1}       |
+  {NULL IDENTIFIED BY id-hmacWithSHA224}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA256}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA384}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA512}     |
+  {NULL IDENTIFIED BY id-hmacWithSHA512-224} |
+  {NULL IDENTIFIED BY id-hmacWithSHA512-256},
+   ...
+}
+
+
+-- ============================
+ -- PBES1
+-- ============================
+
+PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC}  |
+  {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
+  {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
+   ...
+}
+
+pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
+pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
+pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
+pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
+pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
+pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}
+
+PBEParameter ::= SEQUENCE {
+  salt OCTET STRING (SIZE(8)),
+  iterationCount INTEGER
+}
+
+
+-- ============================
+-- PBES2
+-- ============================
+
+PBES2Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBES2-params IDENTIFIED BY id-PBES2},
+   ...
+}
+
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+  encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
+}
+
+PBES2-KDFs ALGORITHM-IDENTIFIER ::= {
+  {PBKDF2-params IDENTIFIED BY id-PBKDF2},
+   ...
+}
+
+PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+
+
+-- ============================
+-- PBMAC1
+-- ============================
+
+PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= {
+  {PBMAC1-params IDENTIFIED BY id-PBMAC1},
+   ...
+}
+
+id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}
+
+PBMAC1-params ::=  SEQUENCE {
+  keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
+  messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
+}
+
+PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= {
+  {PBKDF2-params IDENTIFIED BY id-PBKDF2},
+   ...
+}
+
+PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }
+
+-- ============================
+-- Supporting techniques
+-- ============================
+
+digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2}
+encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
+
+SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
+  {NULL                    IDENTIFIED BY id-hmacWithSHA1} |
+  {OCTET STRING (SIZE(8))  IDENTIFIED BY desCBC}          |
+  {OCTET STRING (SIZE(8))  IDENTIFIED BY des-EDE3-CBC}    |
+  {RC2-CBC-Parameter       IDENTIFIED BY rc2CBC}          |
+  {RC5-CBC-Parameters      IDENTIFIED BY rc5-CBC-PAD}     |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD}  |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD}  |
+  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD},
+   ...
+}
+
+id-hmacWithSHA1       OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+id-hmacWithSHA224     OBJECT IDENTIFIER ::= {digestAlgorithm 8}
+id-hmacWithSHA256     OBJECT IDENTIFIER ::= {digestAlgorithm 9}
+id-hmacWithSHA384     OBJECT IDENTIFIER ::= {digestAlgorithm 10}
+id-hmacWithSHA512     OBJECT IDENTIFIER ::= {digestAlgorithm 11}
+id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12}
+id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13}
+
+-- from OIW
+desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7}
+
+des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
+
+rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}
+
+RC2-CBC-Parameter ::= SEQUENCE {
+  rc2ParameterVersion INTEGER OPTIONAL,
+  iv OCTET STRING (SIZE(8))
+}
+
+rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}
+
+RC5-CBC-Parameters ::= SEQUENCE {
+  version INTEGER {v1-0(16)} (v1-0),
+  rounds INTEGER (8..127),
+  blockSizeInBits INTEGER (64 | 128),
+  iv OCTET STRING OPTIONAL
+}
+
+aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }
+aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 }
+aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 }
+aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 }
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1
new file mode 100644
index 0000000000..4cea8db240
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1
@@ -0,0 +1,326 @@
+PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)
+        modules(0) pkcs-7(1)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+--
+-- 3. Definitions
+--
+
+-- EXPORTS All;
+
+IMPORTS
+
+informationFramework, authenticationFramework
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+                            usefulDefinitions(0) 3}
+
+  Name, ATTRIBUTE
+    FROM InformationFramework informationFramework
+
+  ALGORITHM, Certificate, CertificateSerialNumber,
+    CertificateList
+    FROM AuthenticationFramework authenticationFramework
+
+  contentType, messageDigest, signingTime, counterSignature
+    FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+                 pkcs-9(9) modules(0) pkcs-9(1)};
+--
+-- 6. Useful types
+--
+
+-- Also defined in X.509
+-- Redeclared here as a parameterized type
+AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE {
+   algorithm   ALGORITHM.&id({IOSet}),
+   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
+}
+
+-- Also defined in X.501
+-- Redeclared here as a parameterized type
+Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
+  type    ATTRIBUTE.&id({IOSet}),
+  values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+}
+
+CertificateRevocationLists ::=
+  SET OF CertificateList
+
+Certificates ::=
+  SEQUENCE OF Certificate
+
+CRLSequence ::=
+  SEQUENCE OF CertificateList
+
+ContentEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{ContentEncryptionAlgorithms}}
+
+ContentEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+DigestAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{DigestAlgorithms}}
+
+DigestAlgorithms ALGORITHM ::= {
+   ...  -- add any application-specific algorithms here
+}
+
+DigestEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{DigestEncryptionAlgorithms}}
+
+DigestEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+  certificate          Certificate,                      -- X.509
+  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6
+}
+
+ExtendedCertificate ::= Certificate -- cheating
+
+ExtendedCertificatesAndCertificates ::=
+  SET OF ExtendedCertificateOrCertificate
+
+IssuerAndSerialNumber ::= SEQUENCE {
+  issuer        Name,
+  serialNumber  CertificateSerialNumber
+}
+
+KeyEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifier {{KeyEncryptionAlgorithms}}
+
+KeyEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+--
+-- 7. General syntax
+--
+
+ContentInfo ::= SEQUENCE {
+  contentType  ContentType,
+  content      [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
+OPTIONAL
+}
+
+CONTENTS ::= TYPE-IDENTIFIER
+
+Contents CONTENTS ::= {
+  {Data                    IDENTIFIED BY data}                   |
+  {SignedData              IDENTIFIED BY signedData}             |
+  {EnvelopedData           IDENTIFIED BY envelopedData}          |
+  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} |
+  {DigestedData            IDENTIFIED BY digestedData}           |
+  {EncryptedData           IDENTIFIED BY encryptedData},
+  ...  -- add any application-specific types/contents here
+}
+
+ContentType ::= CONTENTS.&id({Contents})
+
+--
+-- 8. Data content type
+--
+
+Data ::= OCTET STRING
+
+--
+-- 9. Signed-data content type
+--
+
+SignedData ::= SEQUENCE {
+  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  contentInfo     ContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (sdVer1),
+     digestAlgorithms   (WITH COMPONENTS { ..., daSet PRESENT }),
+     certificates       (WITH COMPONENTS { ..., certSequence ABSENT }),
+     crls               (WITH COMPONENTS { ..., crlSequence ABSENT }),
+     signerInfos        (WITH COMPONENTS { ..., siSet PRESENT })
+   } |
+   WITH COMPONENTS { ..., version (sdVer2),
+      digestAlgorithms  (WITH COMPONENTS { ..., daSequence PRESENT }),
+      certificates      (WITH COMPONENTS { ..., certSet ABSENT }),
+      crls              (WITH COMPONENTS { ..., crlSet ABSENT }),
+      signerInfos       (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+SignerInfos ::= CHOICE {
+    siSet         SET OF SignerInfo,
+    siSequence    SEQUENCE OF SignerInfo
+}
+
+DigestAlgorithmIdentifiers ::= CHOICE {
+  daSet           SET OF DigestAlgorithmIdentifier,
+  daSequence      SEQUENCE OF DigestAlgorithmIdentifier
+}
+
+SignerInfo ::= SEQUENCE {
+  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  authenticatedAttributes CHOICE {
+    aaSet         [0] IMPLICIT SET OF Attribute {{Authenticated}},
+    aaSequence    [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}}
+    -- Explicit because easier to compute digest on sequence of attributes and then reuse
+    -- encoded sequence in aaSequence.
+  } OPTIONAL,
+  digestEncryptionAlgorithm
+                  DigestEncryptionAlgorithmIdentifier,
+  encryptedDigest EncryptedDigest,
+  unauthenticatedAttributes CHOICE {
+    uaSet         [1] IMPLICIT SET OF Attribute {{Unauthenticated}},
+    uaSequence    [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}}
+  } OPTIONAL
+} (WITH COMPONENTS { ..., version (siVer1),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSequence ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSequence ABSENT })
+} | WITH COMPONENTS { ..., version (siVer2),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSet ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSet ABSENT })
+})
+
+Authenticated ATTRIBUTE ::= {
+  contentType |
+  messageDigest,
+  ...,  -- add application-specific attributes here
+  signingTime
+}
+
+Unauthenticated ATTRIBUTE ::= {
+  ...,  -- add application-specific attributes here
+  counterSignature
+}
+
+EncryptedDigest ::= OCTET STRING
+
+DigestInfo ::= SEQUENCE {
+  digestAlgorithm DigestAlgorithmIdentifier,
+  digest          Digest
+}
+
+Digest ::= OCTET STRING
+
+--
+-- 10. Enveloped-data content type
+--
+
+EnvelopedData ::= SEQUENCE {
+  version         INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
+  recipientInfos  RecipientInfos,
+  encryptedContentInfo
+                  EncryptedContentInfo
+} (WITH COMPONENTS { ..., version (edVer0),
+    recipientInfos      (WITH COMPONENTS { ..., riSet PRESENT })
+} | WITH COMPONENTS { ..., version (edVer1),
+    recipientInfos      (WITH COMPONENTS { ..., riSequence PRESENT })
+})
+
+RecipientInfos ::= CHOICE {
+  riSet           SET OF RecipientInfo,
+  riSequence      SEQUENCE OF RecipientInfo
+}
+
+EncryptedContentInfo ::= SEQUENCE {
+  contentType     ContentType,
+  contentEncryptionAlgorithm
+                  ContentEncryptionAlgorithmIdentifier,
+  encryptedContent
+                  [0] IMPLICIT EncryptedContent OPTIONAL
+}
+
+EncryptedContent ::= OCTET STRING
+
+RecipientInfo ::= SEQUENCE {
+  version         INTEGER {riVer0(0)} (riVer0),
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  keyEncryptionAlgorithm
+                  KeyEncryptionAlgorithmIdentifier,
+  encryptedKey    EncryptedKey
+}
+
+EncryptedKey ::= OCTET STRING
+
+--
+-- 11. Signed-and-enveloped-data content type
+--
+
+SignedAndEnvelopedData ::= SEQUENCE {
+  version         INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
+  recipientInfos  RecipientInfos,
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  encryptedContentInfo
+                  EncryptedContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (seVer1),
+    recipientInfos   (WITH COMPONENTS { ..., riSet PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSequence ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSequence ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSet PRESENT })
+} |
+  WITH COMPONENTS { ..., version (seVer2),
+    recipientInfos   (WITH COMPONENTS { ..., riSequence PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSet ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSet ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+--
+-- 12. Digested-data content type
+--
+
+DigestedData ::= SEQUENCE {
+  version         INTEGER {ddVer0(0)} (ddVer0),
+  digestAlgorithm DigestAlgorithmIdentifier,
+  contentInfo     ContentInfo,
+  digest          Digest
+}
+
+--
+-- 13. Encrypted-data content type
+--
+
+EncryptedData ::= SEQUENCE {
+  version		INTEGER {edVer0(0)} (edVer0),
+  encryptedContentInfo  EncryptedContentInfo
+}
+
+--
+-- 14. Object Identifiers
+--
+
+pkcs-7                  OBJECT IDENTIFIER ::=
+  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
+data                    OBJECT IDENTIFIER ::= { pkcs-7 1 }
+signedData              OBJECT IDENTIFIER ::= { pkcs-7 2 }
+envelopedData           OBJECT IDENTIFIER ::= { pkcs-7 3 }
+signedAndEnvelopedData  OBJECT IDENTIFIER ::= { pkcs-7 4 }
+digestedData            OBJECT IDENTIFIER ::= { pkcs-7 5 }
+encryptedData           OBJECT IDENTIFIER ::= { pkcs-7 6 }
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1
new file mode 100644
index 0000000000..266f90170a
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1
@@ -0,0 +1,61 @@
+PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
+        modules(1) pkcs-8(1)}
+
+-- $Revision: 1.5 $
+
+-- This module has been checked for conformance with the ASN.1
+-- standard by the OSS ASN.1 Tools
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in other
+-- ASN.1 modules.
+
+IMPORTS
+
+informationFramework
+        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+                                usefulDefinitions(0) 3}
+
+Attribute
+        FROM InformationFramework informationFramework
+
+AlgorithmIdentifier, ALGORITHM-IDENTIFIER
+        FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};
+
+-- Private-key information syntax
+
+PrivateKeyInfo ::= SEQUENCE {
+  version Version,
+  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
+  privateKey PrivateKey,
+  attributes [0] Attributes OPTIONAL }
+
+Version ::= INTEGER {v1(0)} (v1,...)
+
+PrivateKey ::= OCTET STRING
+
+Attributes ::= SET OF Attribute
+
+-- Encrypted private-key information syntax
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+    encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
+    encryptedData EncryptedData
+}
+
+EncryptedData ::= OCTET STRING
+
+PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
+    ... -- For local profiles
+}
+
+END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1
new file mode 100644
index 0000000000..cd561f4d7e
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1
@@ -0,0 +1,391 @@
+PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+pkcs-9(9) modules(0) pkcs-9(1)}
+
+-- $Revision$
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in
+-- other ASN.1 modules.
+
+IMPORTS
+
+informationFramework, authenticationFramework, selectedAttributeTypes,
+        upperBounds , id-at
+        FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+        usefulDefinitions(0) 3}
+
+ub-name
+        FROM UpperBounds upperBounds
+
+OBJECT-CLASS, ATTRIBUTE, MATCHING-RULE, Attribute, top, objectIdentifierMatch
+        FROM InformationFramework informationFramework
+
+ALGORITHM, Extensions, Time
+        FROM AuthenticationFramework authenticationFramework
+
+DirectoryString, octetStringMatch, caseIgnoreMatch, caseExactMatch,
+        generalizedTimeMatch, integerMatch, serialNumber
+        FROM SelectedAttributeTypes selectedAttributeTypes
+
+ContentInfo, SignerInfo
+        FROM CryptographicMessageSyntax-2009 {iso(1) member-body(2) us(840)
+        rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
+
+EncryptedPrivateKeyInfo
+        FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
+
+PFX
+        FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549)
+        pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)}
+
+-- PKCS15Token
+--        FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549)
+--        pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)}
+;
+
+-- Upper bounds
+pkcs-9-ub-pkcs9String          		INTEGER ::= 255
+pkcs-9-ub-emailAddress         		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-unstructuredName      	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-unstructuredAddress   	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-challengePassword     	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-friendlyName         		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-signingDescription    	INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-match                		INTEGER ::= pkcs-9-ub-pkcs9String
+pkcs-9-ub-pseudonym            		INTEGER ::= ub-name
+pkcs-9-ub-placeOfBirth         		INTEGER ::= ub-name
+
+-- Object Identifiers
+
+pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+                              rsadsi(113549) pkcs(1) 9}
+
+  -- Main arcs
+pkcs-9-mo	OBJECT IDENTIFIER ::= {pkcs-9 0}  -- Modules branch
+pkcs-9-oc    	OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch
+pkcs-9-at       OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for new  attributes
+pkcs-9-sx	OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252)
+pkcs-9-mr       OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules
+
+  -- Object classes
+pkcs-9-oc-pkcsEntity   			OBJECT IDENTIFIER ::= {pkcs-9-oc 1}
+pkcs-9-oc-naturalPerson                 OBJECT IDENTIFIER ::= {pkcs-9-oc 2}
+
+  -- Attributes
+pkcs-9-at-emailAddress                  OBJECT IDENTIFIER ::= {pkcs-9 1}
+pkcs-9-at-unstructuredName              OBJECT IDENTIFIER ::= {pkcs-9 2}
+pkcs-9-at-contentType                   OBJECT IDENTIFIER ::= {pkcs-9 3}
+pkcs-9-at-messageDigest                 OBJECT IDENTIFIER ::= {pkcs-9 4}
+pkcs-9-at-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9 5}
+pkcs-9-at-counterSignature              OBJECT IDENTIFIER ::= {pkcs-9 6}
+pkcs-9-at-challengePassword             OBJECT IDENTIFIER ::= {pkcs-9 7}
+pkcs-9-at-unstructuredAddress           OBJECT IDENTIFIER ::= {pkcs-9 8}
+pkcs-9-at-extendedCertificateAttributes OBJECT IDENTIFIER ::= {pkcs-9 9}
+
+-- Obsolete (?) attribute identifiers, purportedly from "tentative
+-- PKCS #9 draft"
+-- pkcs-9-at-issuerAndSerialNumber      OBJECT IDENTIFIER ::= {pkcs-9 10}
+-- pkcs-9-at-passwordCheck              OBJECT IDENTIFIER ::= {pkcs-9 11}
+-- pkcs-9-at-publicKey                  OBJECT IDENTIFIER ::= {pkcs-9 12}
+
+pkcs-9-at-signingDescription            OBJECT IDENTIFIER ::= {pkcs-9 13}
+pkcs-9-at-extensionRequest              OBJECT IDENTIFIER ::= {pkcs-9 14}
+pkcs-9-at-smimeCapabilities             OBJECT IDENTIFIER ::= {pkcs-9 15}
+
+-- Unused (?)
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 17}
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 18}
+-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 19}
+
+pkcs-9-at-friendlyName                  OBJECT IDENTIFIER ::= {pkcs-9 20}
+pkcs-9-at-localKeyId                    OBJECT IDENTIFIER ::= {pkcs-9 21}
+pkcs-9-at-userPKCS12                    OBJECT IDENTIFIER ::= {2 16 840 1 113730 3 1 216}
+pkcs-9-at-pkcs15Token                   OBJECT IDENTIFIER ::= {pkcs-9-at 1}
+pkcs-9-at-encryptedPrivateKeyInfo       OBJECT IDENTIFIER ::= {pkcs-9-at 2}
+pkcs-9-at-randomNonce                   OBJECT IDENTIFIER ::= {pkcs-9-at 3}
+pkcs-9-at-sequenceNumber                OBJECT IDENTIFIER ::= {pkcs-9-at 4}
+pkcs-9-at-pkcs7PDU                      OBJECT IDENTIFIER ::= {pkcs-9-at 5}
+
+  -- IETF PKIX Attribute branch
+ietf-at         			OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 9}
+
+pkcs-9-at-dateOfBirth                   OBJECT IDENTIFIER ::= {ietf-at 1}
+pkcs-9-at-placeOfBirth                  OBJECT IDENTIFIER ::= {ietf-at 2}
+pkcs-9-at-gender                        OBJECT IDENTIFIER ::= {ietf-at 3}
+pkcs-9-at-countryOfCitizenship          OBJECT IDENTIFIER ::= {ietf-at 4}
+pkcs-9-at-countryOfResidence            OBJECT IDENTIFIER ::= {ietf-at 5}
+
+  -- Syntaxes (for use with LDAP accessible directories)
+pkcs-9-sx-pkcs9String                   OBJECT IDENTIFIER ::= {pkcs-9-sx 1}
+pkcs-9-sx-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9-sx 2}
+
+  -- Matching rules
+pkcs-9-mr-caseIgnoreMatch               OBJECT IDENTIFIER ::= {pkcs-9-mr 1}
+pkcs-9-mr-signingTimeMatch              OBJECT IDENTIFIER ::= {pkcs-9-mr 2}
+
+  -- Arcs with attributes defined elsewhere
+smime             			OBJECT IDENTIFIER ::= {pkcs-9 16}
+  -- Main arc for S/MIME (RFC 2633)
+certTypes         			OBJECT IDENTIFIER ::= {pkcs-9 22}
+  -- Main arc for certificate types defined in PKCS #12
+crlTypes          			OBJECT IDENTIFIER ::= {pkcs-9 23}
+  -- Main arc for crl types defined in PKCS #12
+
+  -- Other object identifiers
+id-at-pseudonym				OBJECT IDENTIFIER ::= {id-at 65}
+
+-- Useful types
+
+PKCS9String {INTEGER : maxSize} ::= CHOICE {
+        ia5String IA5String (SIZE(1..maxSize)),
+        directoryString DirectoryString {maxSize}
+}
+
+-- Object classes
+
+pkcsEntity OBJECT-CLASS ::= {
+        SUBCLASS OF	{ top }
+        KIND           	auxiliary
+        MAY CONTAIN	{ PKCSEntityAttributeSet }
+        ID              pkcs-9-oc-pkcsEntity
+}
+
+naturalPerson OBJECT-CLASS ::= {
+        SUBCLASS OF 	{ top }
+        KIND 		auxiliary
+        MAY CONTAIN 	{ NaturalPersonAttributeSet }
+        ID 		pkcs-9-oc-naturalPerson
+}
+
+-- Attribute sets
+
+PKCSEntityAttributeSet ATTRIBUTE ::= {
+        pKCS7PDU       |
+        userPKCS12     |
+--        pKCS15Token    |
+        encryptedPrivateKeyInfo,
+        ... -- For future extensions
+}
+
+NaturalPersonAttributeSet ATTRIBUTE ::= {
+        emailAddress	     |
+        unstructuredName     |
+        unstructuredAddress  |
+        dateOfBirth	     |
+        placeOfBirth	     |
+        gender		     |
+        countryOfCitizenship |
+        countryOfResidence   |
+        pseudonym	     |
+        serialNumber,
+        ... -- For future extensions
+}
+
+-- Attributes
+
+pKCS7PDU ATTRIBUTE ::= {
+        WITH SYNTAX ContentInfo
+        ID pkcs-9-at-pkcs7PDU
+}
+
+userPKCS12 ATTRIBUTE ::= {
+        WITH SYNTAX PFX
+        ID pkcs-9-at-userPKCS12
+}
+
+-- pKCS15Token ATTRIBUTE ::= {
+--        WITH SYNTAX PKCS15Token
+--        ID pkcs-9-at-pkcs15Token
+-- }
+
+encryptedPrivateKeyInfo ATTRIBUTE ::= {
+        WITH SYNTAX EncryptedPrivateKeyInfo
+        ID pkcs-9-at-encryptedPrivateKeyInfo
+}
+
+emailAddress ATTRIBUTE ::= {
+        WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress))
+        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
+        ID pkcs-9-at-emailAddress
+}
+
+unstructuredName ATTRIBUTE ::= {
+        WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName}
+        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
+        ID pkcs-9-at-unstructuredName
+}
+
+unstructuredAddress ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress}
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-unstructuredAddress
+}
+
+dateOfBirth ATTRIBUTE ::= {
+        WITH SYNTAX GeneralizedTime
+        EQUALITY MATCHING RULE generalizedTimeMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-dateOfBirth
+}
+
+placeOfBirth ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth}
+        EQUALITY MATCHING RULE caseExactMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-placeOfBirth
+}
+
+gender ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(1) ^ FROM ("M" | "F" | "m" | "f"))
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-gender
+}
+
+countryOfCitizenship ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
+        -- Must be a two-letter country acronym in accordance with
+        -- ISO/IEC 3166 --})
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-countryOfCitizenship
+}
+
+countryOfResidence ATTRIBUTE ::= {
+        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
+        -- Must be a two-letter country acronym in accordance with
+        -- ISO/IEC 3166 --})
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        ID pkcs-9-at-countryOfResidence
+}
+
+pseudonym ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym}
+        EQUALITY MATCHING RULE caseExactMatch
+        ID id-at-pseudonym
+}
+
+contentType ATTRIBUTE ::= {
+        WITH SYNTAX ContentType
+        EQUALITY MATCHING RULE objectIdentifierMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-contentType
+}
+
+ContentType ::= OBJECT IDENTIFIER
+
+messageDigest ATTRIBUTE ::= {
+        WITH SYNTAX MessageDigest
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-messageDigest
+}
+
+MessageDigest ::= OCTET STRING
+
+signingTime ATTRIBUTE ::= {
+        WITH SYNTAX SigningTime
+        EQUALITY MATCHING RULE signingTimeMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-signingTime
+}
+
+SigningTime ::= Time -- imported from ISO/IEC 9594-8
+
+randomNonce ATTRIBUTE ::= {
+        WITH SYNTAX RandomNonce
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-randomNonce
+}
+
+RandomNonce ::= OCTET STRING (SIZE(4..MAX)) -- At least four bytes long
+
+sequenceNumber ATTRIBUTE ::= {
+        WITH SYNTAX SequenceNumber
+        EQUALITY MATCHING RULE integerMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-sequenceNumber
+}
+
+SequenceNumber ::= INTEGER (1..MAX)
+
+counterSignature ATTRIBUTE ::= {
+        WITH SYNTAX SignerInfo
+        ID pkcs-9-at-counterSignature
+}
+
+challengePassword ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword}
+        EQUALITY MATCHING RULE caseExactMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-challengePassword
+}
+
+extensionRequest ATTRIBUTE ::= {
+        WITH SYNTAX ExtensionRequest
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-extensionRequest
+}
+
+ExtensionRequest ::= Extensions
+
+extendedCertificateAttributes ATTRIBUTE ::= {
+        WITH SYNTAX SET OF Attribute
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-extendedCertificateAttributes
+}
+
+friendlyName ATTRIBUTE ::= {
+        WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-friendlyName
+}
+
+localKeyId ATTRIBUTE ::= {
+        WITH SYNTAX OCTET STRING
+        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-localKeyId
+}
+
+signingDescription ATTRIBUTE ::= {
+        WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription}
+        EQUALITY MATCHING RULE caseIgnoreMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-signingDescription
+}
+
+smimeCapabilities ATTRIBUTE ::= {
+        WITH SYNTAX SMIMECapabilities
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-smimeCapabilities
+}
+
+SMIMECapabilities ::= SEQUENCE OF SMIMECapability
+
+SMIMECapability ::= SEQUENCE {
+        algorithm  ALGORITHM.&id ({SMIMEv3Algorithms}),
+        parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm})
+}
+
+SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --}
+
+ -- Matching rules
+
+pkcs9CaseIgnoreMatch MATCHING-RULE ::= {
+        SYNTAX PKCS9String {pkcs-9-ub-match}
+        ID pkcs-9-mr-caseIgnoreMatch
+}
+
+signingTimeMatch MATCHING-RULE ::= {
+        SYNTAX SigningTime
+        ID pkcs-9-mr-signingTimeMatch
+}
+
+END
\ No newline at end of file
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1
index 525ee3c5ec..1bcc2281a1 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1
@@ -6,7 +6,7 @@ BEGIN
 IMPORTS
   -- PKCS#7
   ContentInfo
-    FROM PKCS7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) 
+    FROM PKCS-7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1)
       7 module(0)}
   -- module not formally defined in the PKCS#7document, therefore defined in Annex O
   -- IPMS Information Objects
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1
new file mode 100644
index 0000000000..fde5bddbf3
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1
@@ -0,0 +1,166 @@
+  PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  --  ATTRIBUTE
+  --
+  --  Describe the set of data associated with an attribute of some type
+  --
+  --  &id is an OID identifying the attribute
+  --  &Type is the ASN.1 type structure for the attribute; not all
+  --      attributes have a data structure, so this field is optional
+  --  &minCount contains the minimum number of times the attribute can
+  --      occur in an AttributeSet
+  --  &maxCount contains the maximum number of times the attribute can
+  --      appear in an AttributeSet
+  --      Note: this cannot be automatically enforced as the field
+  --      cannot be defaulted to MAX.
+  --  &equality-match contains information about how matching should be
+  --      done
+  --
+  --  Currently we are using two different prefixes for attributes.
+  --
+  --  at- for certificate attributes
+  --  aa- for CMS attributes
+  --
+
+  ATTRIBUTE ::= CLASS {
+      &id             OBJECT IDENTIFIER UNIQUE,
+      &Type           OPTIONAL,
+      &equality-match MATCHING-RULE OPTIONAL,
+      &minCount       INTEGER DEFAULT 1,
+      &maxCount       INTEGER OPTIONAL
+  } WITH SYNTAX {
+      [TYPE &Type]
+      [EQUALITY MATCHING RULE &equality-match]
+      [COUNTS [MIN &minCount] [MAX &maxCount]]
+      IDENTIFIED BY &id
+  }
+
+  -- Specification of MATCHING-RULE information object class
+  --
+
+  MATCHING-RULE ::= CLASS {
+    &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+    &AssertionType         OPTIONAL,
+    &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+    &id                    OBJECT IDENTIFIER UNIQUE
+  }
+  WITH SYNTAX {
+    [PARENT &ParentMatchingRules]
+    [SYNTAX &AssertionType]
+    [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
+    ID &id
+  }
+
+  --  AttributeSet
+  --
+  --  Used when a set of attributes is to occur.
+  --
+  --  type contains the identifier of the attribute
+  --  values contains a set of values where the structure of the ASN.1
+  --      is defined by the attribute
+  --
+  --  The parameter contains the set of objects describing
+  --      those attributes that can occur in this location.
+  --
+
+  AttributeSet{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+      type      ATTRIBUTE.&id({AttrSet}),
+      values    SET SIZE (1..MAX) OF ATTRIBUTE.
+                    &Type({AttrSet}{@type})
+  }
+
+  --  SingleAttribute
+  --
+  --  Used for a single valued attribute
+  --
+  --  The parameter contains the set of objects describing the
+  --      attributes that can occur in this location
+  --
+
+  SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+      type      ATTRIBUTE.&id({AttrSet}),
+      value     ATTRIBUTE.&Type({AttrSet}{@type})
+  }
+
+  --  EXTENSION
+  --
+  --  This class definition is used to describe the association of
+  --      object identifier and ASN.1 type structure for extensions
+  --
+  --  All extensions are prefixed with ext-
+  --
+  --  &id contains the object identifier for the extension
+  --  &ExtnType specifies the ASN.1 type structure for the extension
+  --  &Critical contains the set of legal values for the critical field.
+  --      This is normally {TRUE|FALSE} but in some instances may be
+  --      restricted to just one of these values.
+  --
+
+  EXTENSION ::= CLASS {
+      &id  OBJECT IDENTIFIER UNIQUE,
+      &ExtnType,
+      &Critical    BOOLEAN DEFAULT {TRUE | FALSE }
+  } WITH SYNTAX {
+      SYNTAX &ExtnType IDENTIFIED BY &id
+      [CRITICALITY &Critical]
+  }
+
+  --  Extensions
+  --
+  --  Used for a sequence of extensions.
+  --
+  --  The parameter contains the set of legal extensions that can
+  --  occur in this sequence.
+  --
+
+  Extensions{EXTENSION:ExtensionSet} ::=
+      SEQUENCE SIZE (1..MAX) OF Extension{{ExtensionSet}}
+
+  --  Extension
+  --
+  --  Used for a single extension
+  --
+  --  The parameter contains the set of legal extensions that can
+  --      occur in this extension.
+  --
+  --  The restriction on the critical field has been commented out
+  --  the authors are not completely sure it is correct.
+  --  The restriction could be done using custom code rather than
+  --  compiler-generated code, however.
+  --
+
+  Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
+      extnID      EXTENSION.&id({ExtensionSet}),
+      critical    BOOLEAN
+  --                     (EXTENSION.&Critical({ExtensionSet}{@extnID}))
+                       DEFAULT FALSE,
+      extnValue   OCTET STRING (CONTAINING
+                  EXTENSION.&ExtnType({ExtensionSet}{@extnID}))
+                  --  contains the DER encoding of the ASN.1 value
+                  --  corresponding to the extension type identified
+                  --  by extnID
+  }
+
+  --  Security Category
+  --
+  --  Security categories are used both for specifying clearances and
+  --  for labeling objects.  We move this here from RFC 3281 so that
+  --  they will use a common single object class to express this
+  --  information.
+  --
+
+  SECURITY-CATEGORY ::= TYPE-IDENTIFIER
+
+  SecurityCategory{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
+      type      [0]  IMPLICIT SECURITY-CATEGORY.
+              &id({Supported}),
+      value     [1]  EXPLICIT SECURITY-CATEGORY.
+              &Type({Supported}{@type})
+  }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1
new file mode 100644
index 0000000000..41cbaea67e
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1
@@ -0,0 +1,300 @@
+  --
+  --  This module is used to isolate all the X.400 naming information.
+  --  There is no reason to expect this to occur in a PKIX certificate.
+  --
+
+  PKIX-X400Address-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60) }
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  -- X.400 address syntax starts here
+
+  ORAddress ::= SEQUENCE {
+     built-in-standard-attributes BuiltInStandardAttributes,
+     built-in-domain-defined-attributes
+                     BuiltInDomainDefinedAttributes OPTIONAL,
+
+     -- see also teletex-domain-defined-attributes
+     extension-attributes ExtensionAttributes OPTIONAL }
+
+  -- Built-in Standard Attributes
+
+  BuiltInStandardAttributes ::= SEQUENCE {
+     country-name                  CountryName OPTIONAL,
+     administration-domain-name    AdministrationDomainName OPTIONAL,
+     network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+       -- see also extended-network-address
+     terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+     private-domain-name       [2] PrivateDomainName OPTIONAL,
+     organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+       -- see also teletex-organization-name
+     numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                   OPTIONAL,
+     personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+       -- see also teletex-personal-name
+     organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                   OPTIONAL }
+       -- see also teletex-organizational-unit-names
+
+  CountryName ::= [APPLICATION 1] CHOICE {
+     x121-dcc-code         NumericString
+                             (SIZE (ub-country-name-numeric-length)),
+     iso-3166-alpha2-code  PrintableString
+                             (SIZE (ub-country-name-alpha-length)) }
+
+  AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+     numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+     printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+  NetworkAddress ::= X121Address  -- see also extended-network-address
+
+  X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+  TerminalIdentifier ::= PrintableString (SIZE
+  (1..ub-terminal-id-length))
+
+  PrivateDomainName ::= CHOICE {
+     numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+     printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+  OrganizationName ::= PrintableString
+                              (SIZE (1..ub-organization-name-length))
+    -- see also teletex-organization-name
+
+  NumericUserIdentifier ::= NumericString
+                              (SIZE (1..ub-numeric-user-id-length))
+
+  PersonalName ::= SET {
+     surname     [0] IMPLICIT PrintableString
+                      (SIZE (1..ub-surname-length)),
+     given-name  [1] IMPLICIT PrintableString
+                      (SIZE (1..ub-given-name-length)) OPTIONAL,
+     initials    [2] IMPLICIT PrintableString
+                      (SIZE (1..ub-initials-length)) OPTIONAL,
+     generation-qualifier [3] IMPLICIT PrintableString
+                      (SIZE (1..ub-generation-qualifier-length))
+                      OPTIONAL }
+    -- see also teletex-personal-name
+
+  OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                               OF OrganizationalUnitName
+    -- see also teletex-organizational-unit-names
+
+  OrganizationalUnitName ::= PrintableString (SIZE
+                      (1..ub-organizational-unit-name-length))
+
+  -- Built-in Domain-defined Attributes
+
+  BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                      (1..ub-domain-defined-attributes) OF
+                      BuiltInDomainDefinedAttribute
+
+  BuiltInDomainDefinedAttribute ::= SEQUENCE {
+     type PrintableString (SIZE
+                     (1..ub-domain-defined-attribute-type-length)),
+     value PrintableString (SIZE
+                     (1..ub-domain-defined-attribute-value-length)) }
+
+  -- Extension Attributes
+
+  ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+                 ExtensionAttribute
+
+  EXTENSION-ATTRIBUTE ::= CLASS {
+      &id             INTEGER (0..ub-extension-attributes) UNIQUE,
+      &Type
+  } WITH SYNTAX { &Type IDENTIFIED BY &id }
+
+  ExtensionAttribute ::=  SEQUENCE {
+     extension-attribute-type [0] IMPLICIT EXTENSION-ATTRIBUTE.
+          &id({SupportedExtensionAttributes}),
+     extension-attribute-value [1] EXTENSION-ATTRIBUTE.
+          &Type({SupportedExtensionAttributes}
+              {@extension-attribute-type})}
+
+  SupportedExtensionAttributes EXTENSION-ATTRIBUTE ::= {
+      ea-commonName | ea-teletexCommonName | ea-teletexOrganizationName
+      | ea-teletexPersonalName | ea-teletexOrganizationalUnitNames |
+      ea-pDSName | ea-physicalDeliveryCountryName | ea-postalCode |
+      ea-physicalDeliveryOfficeName | ea-physicalDeliveryOfficeNumber |
+      ea-extensionORAddressComponents | ea-physicalDeliveryPersonalName
+      | ea-physicalDeliveryOrganizationName |
+      ea-extensionPhysicalDeliveryAddressComponents |
+      ea-unformattedPostalAddress | ea-streetAddress |
+      ea-postOfficeBoxAddress | ea-posteRestanteAddress |
+      ea-uniquePostalName | ea-localPostalAttributes |
+      ea-extendedNetworkAddress | ea-terminalType |
+      ea-teletexDomainDefinedAttributes, ... }
+
+  -- Extension types and attribute values
+
+  ea-commonName EXTENSION-ATTRIBUTE ::= { PrintableString
+      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 1 }
+
+  ea-teletexCommonName EXTENSION-ATTRIBUTE ::= {TeletexString
+      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 2 }
+
+  ea-teletexOrganizationName EXTENSION-ATTRIBUTE::= { TeletexString
+      (SIZE (1..ub-organization-name-length)) IDENTIFIED BY 3 }
+
+  ea-teletexPersonalName EXTENSION-ATTRIBUTE ::= {SET {
+     surname     [0] IMPLICIT TeletexString
+                      (SIZE (1..ub-surname-length)),
+     given-name  [1] IMPLICIT TeletexString
+                      (SIZE (1..ub-given-name-length)) OPTIONAL,
+     initials    [2] IMPLICIT TeletexString
+                      (SIZE (1..ub-initials-length)) OPTIONAL,
+     generation-qualifier [3] IMPLICIT TeletexString
+                      (SIZE (1..ub-generation-qualifier-length))
+                      OPTIONAL } IDENTIFIED BY 4 }
+
+  ea-teletexOrganizationalUnitNames EXTENSION-ATTRIBUTE ::=
+      { SEQUENCE SIZE (1..ub-organizational-units) OF
+            TeletexOrganizationalUnitName IDENTIFIED BY 5 }
+
+  TeletexOrganizationalUnitName ::= TeletexString
+      (SIZE (1..ub-organizational-unit-name-length))
+
+  ea-pDSName EXTENSION-ATTRIBUTE ::= {PrintableString
+      (SIZE (1..ub-pds-name-length)) IDENTIFIED BY 7 }
+
+  ea-physicalDeliveryCountryName EXTENSION-ATTRIBUTE ::= { CHOICE {
+       x121-dcc-code NumericString (SIZE
+          (ub-country-name-numeric-length)),
+       iso-3166-alpha2-code PrintableString
+          (SIZE (ub-country-name-alpha-length)) }
+       IDENTIFIED BY 8 }
+
+  ea-postalCode EXTENSION-ATTRIBUTE ::= { CHOICE {
+     numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+     printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+     IDENTIFIED BY 9 }
+
+  ea-physicalDeliveryOfficeName EXTENSION-ATTRIBUTE ::=
+      { PDSParameter IDENTIFIED BY 10 }
+
+  ea-physicalDeliveryOfficeNumber EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 11 }
+
+  ea-extensionORAddressComponents EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 12 }
+
+  ea-physicalDeliveryPersonalName EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 13}
+
+  ea-physicalDeliveryOrganizationName EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 14 }
+
+  ea-extensionPhysicalDeliveryAddressComponents EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 15 }
+
+  ea-unformattedPostalAddress EXTENSION-ATTRIBUTE ::= { SET {
+     printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+           OF PrintableString (SIZE (1..ub-pds-parameter-length))
+           OPTIONAL,
+     teletex-string TeletexString
+           (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+     IDENTIFIED BY 16 }
+
+  ea-streetAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 17 }
+
+  ea-postOfficeBoxAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 18 }
+
+  ea-posteRestanteAddress EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 19 }
+
+  ea-uniquePostalName EXTENSION-ATTRIBUTE ::=
+      { PDSParameter IDENTIFIED BY 20 }
+
+  ea-localPostalAttributes EXTENSION-ATTRIBUTE ::=
+      {PDSParameter IDENTIFIED BY 21 }
+  PDSParameter ::= SET {
+     printable-string PrintableString
+                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+     teletex-string TeletexString
+                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+  ea-extendedNetworkAddress EXTENSION-ATTRIBUTE ::= {
+     CHOICE {
+         e163-4-address SEQUENCE {
+             number      [0] IMPLICIT NumericString
+                   (SIZE (1..ub-e163-4-number-length)),
+             sub-address [1] IMPLICIT NumericString
+                   (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL
+         },
+         psap-address [0] IMPLICIT PresentationAddress
+     } IDENTIFIED BY 22
+  }
+
+  PresentationAddress ::= SEQUENCE {
+      pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+      sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+      tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+      nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+  ea-terminalType EXTENSION-ATTRIBUTE ::= {INTEGER {
+     telex (3),
+     teletex (4),
+     g3-facsimile (5),
+     g4-facsimile (6),
+     ia5-terminal (7),
+     videotex (8) } (0..ub-integer-options)
+     IDENTIFIED BY 23 }
+
+  -- Extension Domain-defined Attributes
+
+  ea-teletexDomainDefinedAttributes EXTENSION-ATTRIBUTE ::=
+      { SEQUENCE SIZE (1..ub-domain-defined-attributes) OF
+           TeletexDomainDefinedAttribute IDENTIFIED BY 6 }
+
+  TeletexDomainDefinedAttribute ::= SEQUENCE {
+      type TeletexString
+          (SIZE (1..ub-domain-defined-attribute-type-length)),
+      value TeletexString
+          (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+  --  specifications of Upper Bounds MUST be regarded as mandatory
+  --  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+  --  Upper Bounds
+  -- Upper Bounds
+  ub-match INTEGER ::= 128
+  ub-common-name-length INTEGER ::= 64
+  ub-country-name-alpha-length INTEGER ::= 2
+  ub-country-name-numeric-length INTEGER ::= 3
+  ub-domain-defined-attributes INTEGER ::= 4
+  ub-domain-defined-attribute-type-length INTEGER ::= 8
+  ub-domain-defined-attribute-value-length INTEGER ::= 128
+  ub-domain-name-length INTEGER ::= 16
+  ub-extension-attributes INTEGER ::= 256
+  ub-e163-4-number-length INTEGER ::= 15
+  ub-e163-4-sub-address-length INTEGER ::= 40
+  ub-generation-qualifier-length INTEGER ::= 3
+  ub-given-name-length INTEGER ::= 16
+  ub-initials-length INTEGER ::= 5
+  ub-integer-options INTEGER ::= 256
+  ub-numeric-user-id-length INTEGER ::= 32
+  ub-organization-name-length INTEGER ::= 64
+  ub-organizational-unit-name-length INTEGER ::= 32
+  ub-organizational-units INTEGER ::= 4
+  ub-pds-name-length INTEGER ::= 16
+  ub-pds-parameter-length INTEGER ::= 30
+  ub-pds-physical-address-lines INTEGER ::= 6
+  ub-postal-code-length INTEGER ::= 16
+  ub-surname-length INTEGER ::= 40
+  ub-terminal-id-length INTEGER ::= 24
+  ub-unformatted-address-length INTEGER ::= 180
+  ub-x121-address-length INTEGER ::= 16
+
+  -- Note - upper bounds on string types, such as TeletexString, are
+  -- measured in characters.  Excepting PrintableString or IA5String, a
+  -- significantly greater number of octets will be required to hold
+  -- such a value.  As a minimum, 16 octets or twice the specified
+  -- upper bound, whichever is the larger, should be allowed for
+  -- TeletexString.  For UTF8String or UniversalString, at least four
+  -- times the upper bound should be allowed.
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1
new file mode 100644
index 0000000000..b1232fb8f2
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1
@@ -0,0 +1,308 @@
+   PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)}
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM, KEY-TRANSPORT,
+       SIGNATURE-ALGORITHM, PUBLIC-KEY, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   id-sha1, mda-sha1, pk-rsa, RSAPublicKey
+   FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56)};
+
+   -- ============================
+   --    Object Set exports
+   -- ============================
+   --
+   --  Define top-level symbols with all of the objects defined for
+   --  export to other modules.  These objects would be included as part
+   --  of an Object Set to restrict the set of legal values.
+   --
+
+   PublicKeys PUBLIC-KEY ::= { pk-rsaSSA-PSS | pk-rsaES-OAEP, ... }
+   SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-rsaSSA-PSS, ...}
+   KeyTransportAlgs KEY-TRANSPORT ::= { kta-rsaES-OAEP, ... }
+   HashAlgs DIGEST-ALGORITHM ::= { mda-sha224 | mda-sha256 | mda-sha384
+                                      | mda-sha512, ... }
+   SMimeCaps SMIME-CAPS ::= {
+       sa-rsaSSA-PSS.&smimeCaps |
+       kta-rsaES-OAEP.&smimeCaps,
+       ...
+   }
+
+   -- =============================
+   --    Algorithm Objects
+   -- =============================
+
+   --
+   -- Public key object for PSS signatures
+   --
+
+   pk-rsaSSA-PSS PUBLIC-KEY ::= {
+       IDENTIFIER id-RSASSA-PSS
+       KEY RSAPublicKey
+       PARAMS TYPE RSASSA-PSS-params ARE optional
+        -- Private key format not in this module --
+       CERT-KEY-USAGE { nonRepudiation, digitalSignature,
+                            keyCertSign, cRLSign }
+   }
+
+   --
+   --  Signature algorithm definition for PSS signatures
+   --
+
+   sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER id-RSASSA-PSS
+       PARAMS TYPE RSASSA-PSS-params ARE required
+       HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384
+                    | mda-sha512 }
+       PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS }
+       SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS }
+   }
+
+   --
+   --  Signature algorithm definitions for PKCS v1.5 signatures
+   --
+
+   sa-sha224WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha224WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha224 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha224WithRSAEncryption }
+   }
+   sha224WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 14 }
+
+   sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha256WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha256 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha256WithRSAEncryption }
+   }
+   sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 11 }
+
+   sa-sha384WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha384WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha384 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha384WithRSAEncryption }
+   }
+   sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 12 }
+
+   sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= {
+       IDENTIFIER sha512WithRSAEncryption
+       PARAMS TYPE NULL ARE required
+       HASHES { mda-sha512 }
+       PUBLIC-KEYS { pk-rsa }
+       SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption }
+   }
+   sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 13 }
+
+   --
+   --  Public key definition for OAEP encryption
+   --
+
+   pk-rsaES-OAEP PUBLIC-KEY ::= {
+       IDENTIFIER id-RSAES-OAEP
+       KEY RSAPublicKey
+       PARAMS TYPE RSAES-OAEP-params ARE optional
+        -- Private key format not in this module --
+       CERT-KEY-USAGE {keyEncipherment, dataEncipherment}
+   }
+
+   --
+   --  Key transport key lock definition for OAEP encryption
+   --
+
+   kta-rsaES-OAEP KEY-TRANSPORT ::= {
+       IDENTIFIER id-RSAES-OAEP
+       PARAMS TYPE RSAES-OAEP-params ARE required
+       PUBLIC-KEYS { pk-rsa | pk-rsaES-OAEP }
+       SMIME-CAPS { TYPE RSAES-OAEP-params IDENTIFIED BY id-RSAES-OAEP}
+   }
+   -- ============================
+   --   Basic object identifiers
+   -- ============================
+
+   pkcs-1  OBJECT IDENTIFIER  ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
+
+   -- When rsaEncryption is used in an AlgorithmIdentifier, the
+   -- parameters MUST be present and MUST be NULL.
+   -- rsaEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 1 }
+
+   -- When id-RSAES-OAEP is used in an AlgorithmIdentifier,
+   -- and the parameters field is present, it MUST be
+   -- RSAES-OAEP-params.
+
+   id-RSAES-OAEP  OBJECT IDENTIFIER  ::=  { pkcs-1 7 }
+
+   -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
+   -- MUST be present and MUST be a HashAlgorithm.
+
+   id-mgf1  OBJECT IDENTIFIER  ::=  { pkcs-1 8 }
+
+   -- When id-pSpecified is used in an AlgorithmIdentifier, the
+   -- parameters MUST be an OCTET STRING.
+
+   id-pSpecified  OBJECT IDENTIFIER  ::=  { pkcs-1 9 }
+
+   -- When id-RSASSA-PSS is used in an AlgorithmIdentifier, and the
+   -- parameters field is present, it MUST be RSASSA-PSS-params.
+
+   id-RSASSA-PSS  OBJECT IDENTIFIER  ::=  { pkcs-1 10 }
+
+   -- When the following OIDs are used in an AlgorithmIdentifier, the
+   -- parameters SHOULD be absent, but if the parameters are present,
+   -- they MUST be NULL.
+
+   --
+   -- id-sha1 is imported from RFC 3279.  Additionally, the v1.5
+   -- signature algorithms (i.e., rsaWithSHA256) are now solely placed
+   -- in that module.
+   --
+
+   id-sha224  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 4 }
+
+   mda-sha224 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha224
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-sha256  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 1 }
+
+   mda-sha256 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha256
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+   id-sha384  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 2 }
+
+   mda-sha384 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha384
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+   id-sha512  OBJECT IDENTIFIER  ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4) hashalgs(2) 3 }
+
+   mda-sha512 DIGEST-ALGORITHM ::= {
+       IDENTIFIER id-sha512
+       PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   -- =============
+   --   Constants
+   -- =============
+
+   EncodingParameters ::= OCTET STRING(SIZE(0..MAX))
+
+   nullOctetString  EncodingParameters  ::=  ''H
+
+   nullParameters NULL  ::=  NULL
+
+   -- =========================
+   --   Algorithm Identifiers
+   -- =========================
+
+   HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {HashAlgorithms}}
+
+   HashAlgorithms DIGEST-ALGORITHM ::=  {
+       { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } |
+       { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent }
+   }
+
+   sha1Identifier HashAlgorithm ::= {
+       algorithm id-sha1,
+       parameters NULL : NULL
+   }
+
+   --
+   --  We have a default algorithm - create the value here
+   --
+
+   MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
+                           {PKCS1MGFAlgorithms}}
+
+   mgf1SHA1 MaskGenAlgorithm ::= {
+       algorithm id-mgf1,
+       parameters HashAlgorithm : sha1Identifier
+   }
+
+   --
+   --  Define the set of mask generation functions
+   --
+   --  If the identifier is id-mgf1, any of the listed hash
+   --    algorithms may be used.
+   --
+
+   PKCS1MGFAlgorithms ALGORITHM ::= {
+       { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
+       ...
+   }
+
+   --
+   -- Define the set of known source algorithms for PSS
+   --
+
+   PSourceAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
+                                                {PSS-SourceAlgorithms}}
+
+   PSS-SourceAlgorithms ALGORITHM ::= {
+       { IDENTIFIER id-pSpecified PARAMS TYPE EncodingParameters
+             ARE required },
+       ...
+   }
+   pSpecifiedEmpty PSourceAlgorithm ::=  {
+       algorithm id-pSpecified,
+       parameters EncodingParameters : nullOctetString
+   }
+
+   -- ===================
+   --   Main structures
+   -- ===================
+
+   -- AlgorithmIdentifier parameters for id-RSASSA-PSS.
+   -- Note that the tags in this Sequence are explicit.
+   -- Note: The hash algorithm in hashAlgorithm and in
+   -- maskGenAlgorithm should be the same.
+
+   RSASSA-PSS-params  ::=  SEQUENCE  {
+       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
+       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+       saltLength        [2] INTEGER DEFAULT 20,
+       trailerField      [3] INTEGER DEFAULT 1
+   }
+
+   -- AlgorithmIdentifier parameters for id-RSAES-OAEP.
+   -- Note that the tags in this Sequence are explicit.
+   -- Note: The hash algorithm in hashFunc and in
+   -- maskGenFunc should be the same.
+
+   RSAES-OAEP-params  ::=  SEQUENCE  {
+       hashFunc          [0] HashAlgorithm DEFAULT sha1Identifier,
+       maskGenFunc       [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+       pSourceFunc       [2] PSourceAlgorithm DEFAULT
+                                 pSpecifiedEmpty
+   }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1
new file mode 100644
index 0000000000..613e0e9d2c
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1
@@ -0,0 +1,415 @@
+  PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-explicit-02(51)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE, SingleAttribute{}
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  AlgorithmIdentifier{}, PUBLIC-KEY, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  CertExtensions, CrlExtensions, CrlEntryExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+  SignatureAlgs, PublicKeys
+  FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 56}
+
+  SignatureAlgs, PublicKeys
+  FROM PKIX1-PSS-OAEP-Algorithms-2009
+      {iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-rsa-pkalgs-02(54)}
+
+  ORAddress
+  FROM PKIX-X400Address-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60)};
+
+  id-pkix  OBJECT IDENTIFIER  ::=
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7)}
+
+  -- PKIX arcs
+
+  id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+      -- arc for private certificate extensions
+  id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+      -- arc for policy qualifier types
+  id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+      -- arc for extended key purpose OIDs
+  id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+      -- arc for access descriptors
+
+  -- policyQualifierIds for Internet policy qualifiers
+
+  id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+  id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+  -- access descriptor definitions
+
+  id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+  id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+  id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+  id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+  -- attribute data types
+  AttributeType           ::=  ATTRIBUTE.&id
+
+  --  Replaced by SingleAttribute{}
+  --
+  -- AttributeTypeAndValue   ::=  SEQUENCE {
+  --    type    ATTRIBUTE.&id({SupportedAttributes}),
+  --    value   ATTRIBUTE.&Type({SupportedAttributes}{@type}) }
+  --
+
+  -- Suggested naming attributes: Definition of the following
+  --   information object set may be augmented to meet local
+  --   requirements.  Note that deleting members of the set may
+  --   prevent interoperability with conforming implementations.
+  -- All attributes are presented in pairs: the AttributeType
+  --   followed by the type definition for the corresponding
+  --   AttributeValue.
+
+  -- Arc for standard naming attributes
+
+  id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+  -- Naming attributes of type X520name
+
+  id-at-name              AttributeType ::= { id-at 41 }
+  at-name ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-name }
+
+  id-at-surname           AttributeType ::= { id-at 4 }
+  at-surname ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-surname }
+
+  id-at-givenName         AttributeType ::= { id-at 42 }
+  at-givenName ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-givenName }
+
+  id-at-initials          AttributeType ::= { id-at 43 }
+  at-initials ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-initials }
+
+  id-at-generationQualifier AttributeType ::= { id-at 44 }
+  at-generationQualifier ATTRIBUTE ::=
+      { TYPE X520name IDENTIFIED BY id-at-generationQualifier }
+
+  -- Directory string type --
+
+  DirectoryString{INTEGER:maxSize} ::= CHOICE {
+      teletexString    TeletexString(SIZE (1..maxSize)),
+      printableString  PrintableString(SIZE (1..maxSize)),
+      bmpString        BMPString(SIZE (1..maxSize)),
+      universalString  UniversalString(SIZE (1..maxSize)),
+      uTF8String       UTF8String(SIZE (1..maxSize))
+  }
+
+  X520name ::= DirectoryString {ub-name}
+
+  -- Naming attributes of type X520CommonName
+
+  id-at-commonName        AttributeType ::= { id-at 3 }
+
+  at-x520CommonName ATTRIBUTE ::=
+      {TYPE X520CommonName IDENTIFIED BY id-at-commonName }
+
+  X520CommonName ::= DirectoryString {ub-common-name}
+
+  -- Naming attributes of type X520LocalityName
+
+  id-at-localityName      AttributeType ::= { id-at 7 }
+
+  at-x520LocalityName ATTRIBUTE ::=
+      { TYPE X520LocalityName IDENTIFIED BY id-at-localityName }
+  X520LocalityName ::= DirectoryString {ub-locality-name}
+
+  -- Naming attributes of type X520StateOrProvinceName
+
+  id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+  at-x520StateOrProvinceName ATTRIBUTE ::=
+      { TYPE DirectoryString {ub-state-name}
+          IDENTIFIED BY id-at-stateOrProvinceName }
+  X520StateOrProvinceName ::= DirectoryString {ub-state-name}
+
+  -- Naming attributes of type X520OrganizationName
+
+  id-at-organizationName  AttributeType ::= { id-at 10 }
+
+  at-x520OrganizationName ATTRIBUTE ::=
+      { TYPE DirectoryString {ub-organization-name}
+          IDENTIFIED BY id-at-organizationName }
+  X520OrganizationName ::= DirectoryString {ub-organization-name}
+
+  -- Naming attributes of type X520OrganizationalUnitName
+
+  id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+  at-x520OrganizationalUnitName ATTRIBUTE ::=
+      { TYPE DirectoryString  {ub-organizational-unit-name}
+          IDENTIFIED BY id-at-organizationalUnitName }
+  X520OrganizationalUnitName ::= DirectoryString
+                                     {ub-organizational-unit-name}
+
+  -- Naming attributes of type X520Title
+
+  id-at-title             AttributeType ::= { id-at 12 }
+
+  at-x520Title ATTRIBUTE ::= { TYPE DirectoryString { ub-title }
+      IDENTIFIED BY id-at-title }
+
+  -- Naming attributes of type X520dnQualifier
+
+  id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+  at-x520dnQualifier ATTRIBUTE ::= { TYPE PrintableString
+      IDENTIFIED BY id-at-dnQualifier }
+
+  -- Naming attributes of type X520countryName (digraph from IS 3166)
+
+  id-at-countryName       AttributeType ::= { id-at 6 }
+
+  at-x520countryName ATTRIBUTE ::=  { TYPE PrintableString (SIZE (2))
+      IDENTIFIED BY id-at-countryName }
+
+  -- Naming attributes of type X520SerialNumber
+
+  id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+  at-x520SerialNumber ATTRIBUTE ::=  {TYPE PrintableString
+      (SIZE (1..ub-serial-number)) IDENTIFIED BY id-at-serialNumber }
+
+  -- Naming attributes of type X520Pseudonym
+
+  id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+  at-x520Pseudonym ATTRIBUTE ::= { TYPE DirectoryString {ub-pseudonym}
+      IDENTIFIED BY id-at-pseudonym }
+
+  -- Naming attributes of type DomainComponent (from RFC 2247)
+
+  id-domainComponent      AttributeType ::=
+       { itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100)
+       pilotAttributeType(1) 25 }
+
+  at-domainComponent ATTRIBUTE ::= {TYPE IA5String
+      IDENTIFIED BY id-domainComponent }
+
+  -- Legacy attributes
+
+  pkcs-9 OBJECT IDENTIFIER ::=
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+  id-emailAddress          AttributeType ::= { pkcs-9 1 }
+
+  at-emailAddress ATTRIBUTE ::= {TYPE IA5String
+      (SIZE (1..ub-emailaddress-length)) IDENTIFIED BY
+      id-emailAddress }
+
+  -- naming data types --
+
+  Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+  DistinguishedName ::=   RDNSequence
+
+  RelativeDistinguishedName  ::=
+      SET SIZE (1 .. MAX) OF SingleAttribute { {SupportedAttributes} }
+
+  --  These are the known name elements for a DN
+
+  SupportedAttributes ATTRIBUTE ::= {
+      at-name | at-surname | at-givenName | at-initials |
+      at-generationQualifier | at-x520CommonName |
+      at-x520LocalityName | at-x520StateOrProvinceName |
+      at-x520OrganizationName | at-x520OrganizationalUnitName |
+      at-x520Title | at-x520dnQualifier | at-x520countryName |
+      at-x520SerialNumber | at-x520Pseudonym | at-domainComponent |
+      at-emailAddress, ... }
+
+  --
+  -- Certificate- and CRL-specific structures begin here
+  --
+
+  Certificate  ::=  SIGNED{TBSCertificate}
+
+  TBSCertificate  ::=  SEQUENCE  {
+      version         [0]  Version DEFAULT v1,
+      serialNumber         CertificateSerialNumber,
+      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                {SignatureAlgorithms}},
+      issuer               Name,
+      validity             Validity,
+      subject              Name,
+      subjectPublicKeyInfo SubjectPublicKeyInfo,
+      ... ,
+      [[2:               -- If present, version MUST be v2
+      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL
+      ]],
+      [[3:               -- If present, version MUST be v3 --
+      extensions      [3]  Extensions{{CertExtensions}} OPTIONAL
+      ]], ... }
+
+  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+  CertificateSerialNumber  ::=  INTEGER
+
+  Validity ::= SEQUENCE {
+      notBefore      Time,
+      notAfter       Time  }
+
+  Time ::= CHOICE {
+      utcTime        UTCTime,
+      generalTime    GeneralizedTime }
+
+  UniqueIdentifier  ::=  BIT STRING
+
+  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+      algorithm            AlgorithmIdentifier{PUBLIC-KEY,
+                               {PublicKeyAlgorithms}},
+      subjectPublicKey     BIT STRING  }
+
+  -- CRL structures
+
+  CertificateList  ::=  SIGNED{TBSCertList}
+
+  TBSCertList  ::=  SEQUENCE  {
+      version              Version OPTIONAL,
+                                 -- if present, MUST be v2
+      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                               {SignatureAlgorithms}},
+      issuer               Name,
+      thisUpdate           Time,
+      nextUpdate           Time OPTIONAL,
+      revokedCertificates  SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+          userCertificate  CertificateSerialNumber,
+          revocationDate   Time,
+          ... ,
+          [[2:                  -- if present, version MUST be v2
+          crlEntryExtensions  Extensions{{CrlEntryExtensions}}
+                                  OPTIONAL
+          ]], ...
+      } OPTIONAL,
+      ... ,
+      [[2:                       -- if present, version MUST be v2
+      crlExtensions       [0] Extensions{{CrlExtensions}}
+                                  OPTIONAL
+      ]], ... }
+
+  -- Version, Time, CertificateSerialNumber, and Extensions were
+  -- defined earlier for use in the certificate structure
+
+  --
+  --  The two object sets below should be expanded to include
+  --  those algorithms which are supported by the system.
+  --
+  --  For example:
+  --  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+  --    PKIXAlgs-2008.SignatureAlgs, ...,
+  --        - - RFC 3279 provides the base set
+  --    PKIX1-PSS-OAEP-ALGORITHMS.SignatureAlgs |
+  --        - - RFC 4055 provides extension algs
+  --    OtherModule.SignatureAlgs
+  --        - - RFC XXXX provides additional extension algs
+  --  }
+
+  SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+      PKIXAlgs-2009.SignatureAlgs, ...,
+      PKIX1-PSS-OAEP-Algorithms-2009.SignatureAlgs }
+
+  PublicKeyAlgorithms PUBLIC-KEY ::= {
+      PKIXAlgs-2009.PublicKeys, ...,
+      PKIX1-PSS-OAEP-Algorithms-2009.PublicKeys}
+
+  -- Upper Bounds
+
+  ub-state-name INTEGER ::= 128
+  ub-organization-name INTEGER ::= 64
+  ub-organizational-unit-name INTEGER ::= 64
+  ub-title INTEGER ::= 64
+  ub-serial-number INTEGER ::= 64
+  ub-pseudonym INTEGER ::= 128
+  ub-emailaddress-length INTEGER ::= 255
+  ub-locality-name INTEGER ::= 128
+  ub-common-name INTEGER ::= 64
+  ub-name INTEGER ::= 32768
+
+  -- Note - upper bounds on string types, such as TeletexString, are
+  -- measured in characters.  Excepting PrintableString or IA5String, a
+  -- significantly greater number of octets will be required to hold
+  -- such a value.  As a minimum, 16 octets or twice the specified
+  -- upper bound, whichever is the larger, should be allowed for
+  -- TeletexString.  For UTF8String or UniversalString, at least four
+  -- times the upper bound should be allowed.
+
+  -- Information object classes used in the definition
+  -- of certificates and CRLs
+
+  -- Parameterized Type SIGNED
+  --
+  -- Three different versions of doing SIGNED:
+  --  1.  Simple and close to the previous version
+  --
+  --  SIGNED{ToBeSigned} ::= SEQUENCE {
+  --    toBeSigned  ToBeSigned,
+  --    algorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+  --                    {SignatureAlgorithms}},
+  --    signature   BIT STRING
+  --  }
+
+  --  2.  From Authenticated Framework
+  --
+  --  SIGNED{ToBeSigned} ::= SEQUENCE {
+  --    toBeSigned        ToBeSigned,
+  --    COMPONENTS OF SIGNATURE{ToBeSigned}
+  --  }
+  --  SIGNATURE{ToBeSigned} ::= SEQUENCE {
+  --    algorithmIdentifier   AlgorithmIdentifier,
+  --    encrypted             ENCRYPTED-HASH{ToBeSigned}
+  --  }
+  --  ENCRYPTED-HASH{ToBeSigned} ::=
+  --    BIT STRING
+  --      (CONSTRAINED BY {
+  --        shall be the result of applying a hashing procedure to
+  --        the DER-encoded (see 4.1) octets of a value of
+  --        ToBeSigned and then applying an encipherment procedure
+  --        to those octets
+  --      })
+  --
+  --
+  --  3.  A more complex version, but one that automatically ties
+  --      together both the signature algorithm and the
+  --      signature value for automatic decoding.
+  --
+  SIGNED{ToBeSigned} ::= SEQUENCE {
+     toBeSigned           ToBeSigned,
+     algorithmIdentifier  SEQUENCE {
+         algorithm        SIGNATURE-ALGORITHM.
+                            &id({SignatureAlgorithms}),
+         parameters       SIGNATURE-ALGORITHM.
+                            &Params({SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm}) OPTIONAL
+     },
+     signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value(
+                              {SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm}))
+  }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1
new file mode 100644
index 0000000000..3651a5249b
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1
@@ -0,0 +1,447 @@
+   PKIX1Implicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AttributeSet{}, EXTENSION, ATTRIBUTE
+   FROM PKIX-CommonTypes-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+   id-pe, id-kp, id-qt-unotice, id-qt-cps, ORAddress, Name,
+       RelativeDistinguishedName, CertificateSerialNumber,
+       DirectoryString{}, SupportedAttributes
+   FROM PKIX1Explicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) };
+
+   CertExtensions EXTENSION ::= {
+           ext-AuthorityKeyIdentifier | ext-SubjectKeyIdentifier |
+           ext-KeyUsage | ext-PrivateKeyUsagePeriod |
+           ext-CertificatePolicies | ext-PolicyMappings |
+           ext-SubjectAltName | ext-IssuerAltName |
+           ext-SubjectDirectoryAttributes |
+           ext-BasicConstraints | ext-NameConstraints |
+           ext-PolicyConstraints | ext-ExtKeyUsage |
+           ext-CRLDistributionPoints | ext-InhibitAnyPolicy |
+           ext-FreshestCRL | ext-AuthorityInfoAccess |
+           ext-SubjectInfoAccessSyntax, ... }
+
+   CrlExtensions EXTENSION ::= {
+           ext-AuthorityKeyIdentifier | ext-IssuerAltName |
+           ext-CRLNumber | ext-DeltaCRLIndicator |
+           ext-IssuingDistributionPoint |  ext-FreshestCRL, ... }
+
+   CrlEntryExtensions EXTENSION ::= {
+           ext-CRLReason | ext-CertificateIssuer |
+           ext-HoldInstructionCode | ext-InvalidityDate, ... }
+   -- Shared arc for standard certificate and CRL extensions
+
+   id-ce OBJECT IDENTIFIER  ::=  { joint-iso-ccitt(2) ds(5) 29 }
+
+   -- authority key identifier OID and syntax
+
+   ext-AuthorityKeyIdentifier EXTENSION ::= { SYNTAX
+       AuthorityKeyIdentifier IDENTIFIED BY
+       id-ce-authorityKeyIdentifier }
+   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+   AuthorityKeyIdentifier ::= SEQUENCE {
+       keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+       authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+       authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+   (WITH COMPONENTS {
+      ...,
+      authorityCertIssuer        PRESENT,
+      authorityCertSerialNumber  PRESENT
+    } |
+    WITH COMPONENTS {
+      ...,
+      authorityCertIssuer        ABSENT,
+      authorityCertSerialNumber  ABSENT
+    })
+
+   KeyIdentifier ::= OCTET STRING
+
+   -- subject key identifier OID and syntax
+
+   ext-SubjectKeyIdentifier EXTENSION ::= { SYNTAX
+       KeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier }
+   id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+   -- key usage extension OID and syntax
+
+   ext-KeyUsage EXTENSION ::= { SYNTAX
+       KeyUsage IDENTIFIED BY id-ce-keyUsage }
+   id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+   KeyUsage ::= BIT STRING {
+        digitalSignature        (0),
+        nonRepudiation          (1), --  recent editions of X.509 have
+                                     --  renamed this bit to
+                                     --  contentCommitment
+        keyEncipherment         (2),
+        dataEncipherment        (3),
+        keyAgreement            (4),
+        keyCertSign             (5),
+        cRLSign                 (6),
+        encipherOnly            (7),
+        decipherOnly            (8)
+    }
+
+   -- private key usage period extension OID and syntax
+
+   ext-PrivateKeyUsagePeriod EXTENSION ::= { SYNTAX
+       PrivateKeyUsagePeriod IDENTIFIED BY id-ce-privateKeyUsagePeriod }
+   id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+   PrivateKeyUsagePeriod ::= SEQUENCE {
+        notBefore       [0]     GeneralizedTime OPTIONAL,
+        notAfter        [1]     GeneralizedTime OPTIONAL }
+   (WITH COMPONENTS {..., notBefore  PRESENT } |
+    WITH COMPONENTS {..., notAfter  PRESENT })
+
+   -- certificate policies extension OID and syntax
+
+   ext-CertificatePolicies EXTENSION ::= { SYNTAX
+       CertificatePolicies IDENTIFIED BY id-ce-certificatePolicies}
+   id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+   CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+   PolicyInformation ::= SEQUENCE {
+        policyIdentifier   CertPolicyId,
+        policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+                PolicyQualifierInfo OPTIONAL }
+
+   CertPolicyId ::= OBJECT IDENTIFIER
+
+   CERT-POLICY-QUALIFIER ::= TYPE-IDENTIFIER
+
+   PolicyQualifierInfo ::= SEQUENCE {
+          policyQualifierId  CERT-POLICY-QUALIFIER.
+               &id({PolicyQualifierId}),
+          qualifier          CERT-POLICY-QUALIFIER.
+               &Type({PolicyQualifierId}{@policyQualifierId})}
+
+   -- Implementations that recognize additional policy qualifiers MUST
+   -- augment the following definition for PolicyQualifierId
+
+   PolicyQualifierId CERT-POLICY-QUALIFIER ::=
+       { pqid-cps | pqid-unotice, ... }
+
+   pqid-cps CERT-POLICY-QUALIFIER ::= { CPSuri IDENTIFIED BY id-qt-cps }
+   pqid-unotice CERT-POLICY-QUALIFIER ::= { UserNotice
+       IDENTIFIED BY id-qt-unotice }
+
+   -- CPS pointer qualifier
+
+   CPSuri ::= IA5String
+
+   -- user notice qualifier
+
+   UserNotice ::= SEQUENCE {
+        noticeRef        NoticeReference OPTIONAL,
+        explicitText     DisplayText OPTIONAL}
+
+   --
+   --  This is not made explicit in the text
+   --
+   -- {WITH COMPONENTS {..., noticeRef PRESENT} |
+   --  WITH COMPONENTS {..., DisplayText PRESENT }}
+
+   NoticeReference ::= SEQUENCE {
+        organization     DisplayText,
+        noticeNumbers    SEQUENCE OF INTEGER }
+
+   DisplayText ::= CHOICE {
+        ia5String        IA5String      (SIZE (1..200)),
+        visibleString    VisibleString  (SIZE (1..200)),
+        bmpString        BMPString      (SIZE (1..200)),
+        utf8String       UTF8String     (SIZE (1..200)) }
+
+   -- policy mapping extension OID and syntax
+
+   ext-PolicyMappings EXTENSION ::= { SYNTAX
+       PolicyMappings IDENTIFIED BY id-ce-policyMappings }
+   id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+   PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+       issuerDomainPolicy      CertPolicyId,
+       subjectDomainPolicy     CertPolicyId
+   }
+
+   -- subject alternative name extension OID and syntax
+
+   ext-SubjectAltName EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-subjectAltName }
+   id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+   GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+   GeneralName ::= CHOICE {
+        otherName                   [0]  INSTANCE OF OTHER-NAME,
+        rfc822Name                  [1]  IA5String,
+        dNSName                     [2]  IA5String,
+        x400Address                 [3]  ORAddress,
+        directoryName               [4]  Name,
+        ediPartyName                [5]  EDIPartyName,
+        uniformResourceIdentifier   [6]  IA5String,
+        iPAddress                   [7]  OCTET STRING,
+        registeredID                [8]  OBJECT IDENTIFIER
+   }
+
+   -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+   -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+   OTHER-NAME ::= TYPE-IDENTIFIER
+
+   EDIPartyName ::= SEQUENCE {
+       nameAssigner    [0] DirectoryString {ubMax} OPTIONAL,
+       partyName       [1] DirectoryString {ubMax}
+   }
+
+   -- issuer alternative name extension OID and syntax
+
+   ext-IssuerAltName EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-issuerAltName }
+   id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+   ext-SubjectDirectoryAttributes EXTENSION ::= { SYNTAX
+       SubjectDirectoryAttributes IDENTIFIED BY
+       id-ce-subjectDirectoryAttributes }
+   id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+   SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
+       AttributeSet{{SupportedAttributes}}
+
+   -- basic constraints extension OID and syntax
+
+   ext-BasicConstraints EXTENSION ::= { SYNTAX
+       BasicConstraints IDENTIFIED BY id-ce-basicConstraints }
+   id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+   BasicConstraints ::= SEQUENCE {
+        cA                      BOOLEAN DEFAULT FALSE,
+        pathLenConstraint       INTEGER (0..MAX) OPTIONAL
+   }
+
+   -- name constraints extension OID and syntax
+   ext-NameConstraints EXTENSION ::= { SYNTAX
+       NameConstraints IDENTIFIED BY id-ce-nameConstraints }
+   id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+   NameConstraints ::= SEQUENCE {
+        permittedSubtrees       [0] GeneralSubtrees OPTIONAL,
+        excludedSubtrees        [1] GeneralSubtrees OPTIONAL
+   }
+   --
+   --  This is a constraint in the issued certificates by CAs, but is
+   --  not a requirement on EEs.
+   --
+   -- (WITH COMPONENTS { ..., permittedSubtrees PRESENT} |
+   --  WITH COMPONENTS { ..., excludedSubtrees PRESENT }}
+
+   GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+   GeneralSubtree ::= SEQUENCE {
+        base                GeneralName,
+        minimum         [0] BaseDistance DEFAULT 0,
+        maximum         [1] BaseDistance OPTIONAL
+   }
+
+   BaseDistance ::= INTEGER (0..MAX)
+
+   -- policy constraints extension OID and syntax
+
+   ext-PolicyConstraints EXTENSION ::= { SYNTAX
+       PolicyConstraints IDENTIFIED BY id-ce-policyConstraints }
+   id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+   PolicyConstraints ::= SEQUENCE {
+        requireExplicitPolicy           [0] SkipCerts OPTIONAL,
+        inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
+   --
+   --  This is a constraint in the issued certificates by CAs,
+   --  but is not a requirement for EEs
+   --
+   -- (WITH COMPONENTS { ..., requireExplicitPolicy PRESENT} |
+   --  WITH COMPONENTS { ..., inhibitPolicyMapping PRESENT})
+
+   SkipCerts ::= INTEGER (0..MAX)
+
+   -- CRL distribution points extension OID and syntax
+
+   ext-CRLDistributionPoints EXTENSION ::= { SYNTAX
+       CRLDistributionPoints IDENTIFIED BY id-ce-cRLDistributionPoints}
+   id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+   DistributionPoint ::= SEQUENCE {
+        distributionPoint       [0] DistributionPointName OPTIONAL,
+        reasons                 [1] ReasonFlags OPTIONAL,
+        cRLIssuer               [2] GeneralNames OPTIONAL
+   }
+   --
+   --  This is not a requirement in the text, but it seems as if it
+   --      should be
+   --
+   --(WITH COMPONENTS {..., distributionPoint PRESENT} |
+   -- WITH COMPONENTS {..., cRLIssuer PRESENT})
+
+   DistributionPointName ::= CHOICE {
+        fullName                [0] GeneralNames,
+        nameRelativeToCRLIssuer [1] RelativeDistinguishedName
+   }
+
+   ReasonFlags ::= BIT STRING {
+        unused                  (0),
+        keyCompromise           (1),
+        cACompromise            (2),
+        affiliationChanged      (3),
+        superseded              (4),
+        cessationOfOperation    (5),
+        certificateHold         (6),
+        privilegeWithdrawn      (7),
+        aACompromise            (8)
+    }
+
+   -- extended key usage extension OID and syntax
+
+   ext-ExtKeyUsage EXTENSION ::= { SYNTAX
+       ExtKeyUsageSyntax IDENTIFIED BY id-ce-extKeyUsage }
+   id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+   ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+   KeyPurposeId ::= OBJECT IDENTIFIER
+
+   -- permit unspecified key uses
+
+   anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+   -- extended key purpose OIDs
+
+   id-kp-serverAuth       OBJECT IDENTIFIER ::= { id-kp 1 }
+   id-kp-clientAuth       OBJECT IDENTIFIER ::= { id-kp 2 }
+   id-kp-codeSigning      OBJECT IDENTIFIER ::= { id-kp 3 }
+   id-kp-emailProtection  OBJECT IDENTIFIER ::= { id-kp 4 }
+   id-kp-timeStamping     OBJECT IDENTIFIER ::= { id-kp 8 }
+   id-kp-OCSPSigning      OBJECT IDENTIFIER ::= { id-kp 9 }
+
+   -- inhibit any policy OID and syntax
+
+   ext-InhibitAnyPolicy EXTENSION  ::= {SYNTAX
+       SkipCerts IDENTIFIED BY id-ce-inhibitAnyPolicy }
+   id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+   -- freshest (delta)CRL extension OID and syntax
+
+   ext-FreshestCRL EXTENSION ::= {SYNTAX
+       CRLDistributionPoints IDENTIFIED BY id-ce-freshestCRL }
+   id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+   -- authority info access
+
+   ext-AuthorityInfoAccess EXTENSION ::= { SYNTAX
+       AuthorityInfoAccessSyntax IDENTIFIED BY
+       id-pe-authorityInfoAccess }
+   id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+   AuthorityInfoAccessSyntax  ::=
+           SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+   AccessDescription  ::=  SEQUENCE {
+           accessMethod          OBJECT IDENTIFIER,
+           accessLocation        GeneralName  }
+
+   -- subject info access
+
+   ext-SubjectInfoAccessSyntax EXTENSION ::= { SYNTAX
+       SubjectInfoAccessSyntax IDENTIFIED BY id-pe-subjectInfoAccess }
+   id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+   SubjectInfoAccessSyntax  ::=
+           SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+   -- CRL number extension OID and syntax
+
+   ext-CRLNumber EXTENSION ::= {SYNTAX
+       INTEGER (0..MAX) IDENTIFIED BY id-ce-cRLNumber }
+   id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+   CRLNumber ::= INTEGER (0..MAX)
+   -- issuing distribution point extension OID and syntax
+
+   ext-IssuingDistributionPoint EXTENSION ::= { SYNTAX
+       IssuingDistributionPoint IDENTIFIED BY
+       id-ce-issuingDistributionPoint }
+   id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+   IssuingDistributionPoint ::= SEQUENCE {
+        distributionPoint          [0] DistributionPointName OPTIONAL,
+        onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+        onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+        onlySomeReasons            [3] ReasonFlags OPTIONAL,
+        indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+        onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
+   }
+           -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
+           -- or onlyContainsAttributeCerts may be set to TRUE.
+
+   ext-DeltaCRLIndicator EXTENSION ::= { SYNTAX
+       CRLNumber IDENTIFIED BY id-ce-deltaCRLIndicator }
+   id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+   -- CRL reasons extension OID and syntax
+
+   ext-CRLReason EXTENSION ::= { SYNTAX
+       CRLReason IDENTIFIED BY id-ce-cRLReasons }
+   id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+   CRLReason ::= ENUMERATED {
+        unspecified             (0),
+        keyCompromise           (1),
+        cACompromise            (2),
+        affiliationChanged      (3),
+        superseded              (4),
+        cessationOfOperation    (5),
+        certificateHold         (6),
+        removeFromCRL           (8),
+        privilegeWithdrawn      (9),
+        aACompromise           (10)
+   }
+
+   -- certificate issuer CRL entry extension OID and syntax
+
+   ext-CertificateIssuer EXTENSION ::= { SYNTAX
+       GeneralNames IDENTIFIED BY id-ce-certificateIssuer }
+   id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+   -- hold instruction extension OID and syntax
+   ext-HoldInstructionCode EXTENSION ::= { SYNTAX
+       OBJECT IDENTIFIER IDENTIFIED BY id-ce-holdInstructionCode }
+   id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+   -- ANSI x9 holdinstructions
+
+   holdInstruction OBJECT IDENTIFIER ::=
+             {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+   id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                   {holdInstruction 1} -- deprecated
+   id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+                   {holdInstruction 2}
+   id-holdinstruction-reject OBJECT IDENTIFIER ::=
+                   {holdInstruction 3}
+
+   -- invalidity date CRL entry extension OID and syntax
+
+   ext-InvalidityDate EXTENSION  ::=  { SYNTAX
+       GeneralizedTime IDENTIFIED BY id-ce-invalidityDate }
+   id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+   -- Upper bounds
+   ubMax INTEGER ::= 32768
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1
new file mode 100644
index 0000000000..d58bcb5b19
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1
@@ -0,0 +1,528 @@
+   PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
+     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+     id-mod-pkix1-algorithms2008-02(56) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   mda-sha224, mda-sha256, mda-sha384, mda-sha512
+   FROM PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1)
+       security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-pkix1-rsa-pkalgs-02(54)} ;
+
+   --
+   -- Public Key (pk-) Algorithms
+   --
+
+   PublicKeys PUBLIC-KEY ::= {
+    pk-rsa  |
+    pk-dsa  |
+    pk-dh   |
+    pk-kea,
+    ...,
+    pk-ec   |
+    pk-ecDH |
+    pk-ecMQV
+   }
+
+   --
+   -- Signature Algorithms (sa-)
+   --
+
+   SignatureAlgs SIGNATURE-ALGORITHM ::= {
+    sa-rsaWithMD2      |
+    sa-rsaWithMD5      |
+    sa-rsaWithSHA1     |
+    sa-dsaWithSHA1     |
+    sa-ecdsaWithSHA1,
+    ..., -- Extensible
+    sa-dsaWithSHA224   |
+    sa-dsaWithSHA256   |
+    sa-ecdsaWithSHA224 |
+    sa-ecdsaWithSHA256 |
+    sa-ecdsaWithSHA384 |
+    sa-ecdsaWithSHA512
+   }
+
+   --
+   -- S/MIME CAPS for algorithms in this document
+   --
+   -- For all of the algorithms laid out in this document, the
+   -- parameters field for the S/MIME capabilities is defined as
+   -- ABSENT as there are no specific values that need to be known
+   -- by the receiver for negotiation.
+
+   --
+
+   SMimeCaps SMIME-CAPS ::= {
+    sa-rsaWithMD2.&smimeCaps      |
+    sa-rsaWithMD5.&smimeCaps      |
+    sa-rsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA224.&smimeCaps   |
+    sa-dsaWithSHA256.&smimeCaps   |
+    sa-ecdsaWithSHA1.&smimeCaps   |
+    sa-ecdsaWithSHA224.&smimeCaps |
+    sa-ecdsaWithSHA256.&smimeCaps |
+    sa-ecdsaWithSHA384.&smimeCaps |
+    sa-ecdsaWithSHA512.&smimeCaps,
+    ... }
+
+   -- RSA PK Algorithm, Parameters, and Keys
+
+   pk-rsa PUBLIC-KEY ::= {
+    IDENTIFIER rsaEncryption
+    KEY RSAPublicKey
+    PARAMS TYPE NULL ARE absent
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {digitalSignature, nonRepudiation,
+    keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
+   }
+
+   rsaEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 1 }
+
+   RSAPublicKey ::= SEQUENCE {
+    modulus         INTEGER, -- n
+    publicExponent  INTEGER  -- e
+   }
+
+   -- DSA PK Algorithm, Parameters, and Keys
+
+   pk-dsa PUBLIC-KEY ::= {
+    IDENTIFIER id-dsa
+    KEY DSAPublicKey
+    PARAMS TYPE DSA-Params ARE inheritable
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign,
+                        cRLSign }
+   }
+
+   id-dsa OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
+
+   DSA-Params ::= SEQUENCE {
+    p  INTEGER,
+    q  INTEGER,
+    g  INTEGER
+   }
+
+   DSAPublicKey ::= INTEGER --  public key, y
+
+   -- Diffie-Hellman PK Algorithm, Parameters, and Keys
+
+   pk-dh PUBLIC-KEY ::= {
+    IDENTIFIER dhpublicnumber
+    KEY DHPublicKey
+    PARAMS TYPE DomainParameters ARE inheritable
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   dhpublicnumber OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-x942(10046)
+    number-type(2) 1 }
+
+   DomainParameters ::= SEQUENCE {
+    p                INTEGER,           -- odd prime, p=jq +1
+    g                INTEGER,           -- generator, g
+    q                INTEGER,           -- factor of p-1
+    j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
+    validationParams  ValidationParams OPTIONAL
+   }
+
+   ValidationParams ::= SEQUENCE {
+    seed         BIT STRING,
+    pgenCounter  INTEGER
+   }
+
+   DiffieHellmanPublicNumber ::= INTEGER   -- according to http://wikisec.free.fr/crypto/crypto.html
+
+   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
+
+   -- KEA PK Algorithm and Parameters
+
+   pk-kea PUBLIC-KEY ::= {
+    IDENTIFIER id-keyExchangeAlgorithm
+    -- key is not encoded --
+    PARAMS TYPE KEA-Params-Id ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+   }
+   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
+       joint-iso-itu-t(2) country(16) us(840) organization(1)
+       gov(101) dod(2) infosec(1) algorithms(1) 22 }
+
+   KEA-Params-Id ::= OCTET STRING
+
+   -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
+   --  (Section 2.1.1 of RFC 5480)
+   --
+   -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA
+
+   pk-ec PUBLIC-KEY ::= {
+    IDENTIFIER id-ecPublicKey
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
+                         keyCertSign, cRLSign }
+   }
+
+   ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions
+
+   id-ecPublicKey OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
+
+   -- Elliptic Curve (EC) Signatures: Restricted Algorithms
+   --  (Section 2.1.2 of RFC 5480)
+   --
+   -- EC Diffie-Hellman Algorithm ID
+
+   pk-ecDH PUBLIC-KEY ::= {
+    IDENTIFIER id-ecDH
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   id-ecDH OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecdh(12) }
+
+   -- EC Menezes-Qu-Vanstone Algorithm ID
+
+   pk-ecMQV PUBLIC-KEY ::= {
+    IDENTIFIER id-ecMQV
+    KEY ECPoint
+    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+   }
+
+   id-ecMQV OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecmqv(13) }
+
+   -- Parameters and Keys for both Restricted and Unrestricted EC
+
+   ECParameters ::= CHOICE {
+    namedCurve      CURVE.&id({NamedCurve})
+    -- implicitCurve   NULL
+      -- implicitCurve MUST NOT be used in PKIX
+    -- specifiedCurve  SpecifiedCurve
+      -- specifiedCurve MUST NOT be used in PKIX
+      -- Details for specifiedCurve can be found in [X9.62]
+      -- Any future additions to this CHOICE should be coordinated
+      -- with ANSI X.9.
+   }
+   -- If you need to be able to decode ANSI X.9 parameter structures,
+   -- uncomment the implicitCurve and specifiedCurve above, and also
+   -- uncomment the following:
+   --(WITH COMPONENTS {namedCurve PRESENT})
+
+   -- Sec 2.1.1.1 Named Curve
+
+   CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE }
+    WITH SYNTAX { ID &id }
+
+   NamedCurve CURVE ::= {
+   { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
+   { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
+   { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
+   { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
+   { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
+   ... -- Extensible
+   }
+
+   -- Note in [X9.62] the curves are referred to as 'ansiX9' as
+   -- opposed to 'sec'.  For example, secp192r1 is the same curve as
+   -- ansix9p192r1.
+
+   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
+   -- prime192v1 and the secp256r1 curve was referred to as
+   -- prime256v1.
+
+   -- Note that [FIPS186-3] refers to secp192r1 as P-192,
+   -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384,
+   -- and secp521r1 as P-521.
+
+   secp192r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 1 }
+
+   sect163k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 1 }
+
+   sect163r2 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 15 }
+
+   secp224r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 33 }
+
+   sect233k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 26 }
+
+   sect233r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 27 }
+
+   secp256r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 7 }
+
+   sect283k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 16 }
+
+   sect283r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 17 }
+
+   secp384r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 34 }
+
+   sect409k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 36 }
+
+   sect409r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 37 }
+
+   secp521r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 35 }
+
+   sect571k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 38 }
+
+   sect571r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 39 }
+
+   -- RSA with MD-2
+
+   sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER md2WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-md2 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption }
+   }
+
+   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 2 }
+
+   -- RSA with MD-5
+
+   sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER md5WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-md5 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption }
+   }
+
+   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 4 }
+
+   -- RSA with SHA-1
+
+   sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER sha1WithRSAEncryption
+    PARAMS TYPE NULL ARE required
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-rsa }
+    SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
+   }
+
+   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 5 }
+
+   -- DSA with SHA-1
+
+   sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha1
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 }
+   }
+
+   dsa-with-sha1 OBJECT IDENTIFIER ::=  {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
+
+   -- DSA with SHA-224
+
+   sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha224
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha224 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 }
+   }
+
+   dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
+
+   -- DSA with SHA-256
+
+   sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER dsa-with-sha256
+    VALUE DSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha256 }
+    PUBLIC-KEYS { pk-dsa }
+    SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 }
+   }
+
+   dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
+
+   -- ECDSA with SHA-1
+
+   sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA1
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha1 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 }
+   }
+
+   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045)
+    signatures(4) 1 }
+
+   -- ECDSA with SHA-224
+
+   sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA224
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha224 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 }
+   }
+
+   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 1 }
+
+   -- ECDSA with SHA-256
+
+   sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA256
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha256 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 }
+   }
+
+   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 2 }
+
+   -- ECDSA with SHA-384
+
+   sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA384
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha384 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 }
+   }
+   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 3 }
+
+   -- ECDSA with SHA-512
+
+   sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= {
+    IDENTIFIER ecdsa-with-SHA512
+    VALUE ECDSA-Sig-Value
+    PARAMS TYPE NULL ARE absent
+    HASHES { mda-sha512 }
+    PUBLIC-KEYS { pk-ec }
+    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
+   }
+
+   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 4 }
+
+   --
+   -- Signature Values
+   --
+
+   -- DSA
+
+   DSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   -- ECDSA
+
+   ECDSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   --
+   -- Message Digest Algorithms (mda-)
+   --
+
+   HashAlgs DIGEST-ALGORITHM ::= {
+    mda-md2    |
+    mda-md5    |
+    mda-sha1,
+    ... -- Extensible
+   }
+   -- MD-2
+
+   mda-md2 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-md2
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-md2  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 2 }
+
+   -- MD-5
+
+   mda-md5 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-md5
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-md5  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 5 }
+
+   -- SHA-1
+
+   mda-sha1 DIGEST-ALGORITHM ::= {
+    IDENTIFIER id-sha1
+    PARAMS TYPE NULL ARE preferredAbsent
+   }
+
+   id-sha1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) oiw(14) secsig(3)
+    algorithm(2) 26 }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1
new file mode 100644
index 0000000000..3ab074643f
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1
@@ -0,0 +1,292 @@
+   PKIXAttributeCertificate-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47)}
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   AttributeSet{}, Extensions{}, SecurityCategory{},
+           EXTENSION, ATTRIBUTE, SECURITY-CATEGORY
+   FROM PKIX-CommonTypes-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+   AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+      -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
+      -- PKIX Certificate Extensions
+
+   CertificateSerialNumber, UniqueIdentifier, id-pkix, id-pe, id-kp,
+       id-ad, id-at, SIGNED{}, SignatureAlgorithms
+   FROM PKIX1Explicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+   GeneralName, GeneralNames, id-ce, ext-AuthorityKeyIdentifier,
+       ext-AuthorityInfoAccess, ext-CRLDistributionPoints
+   FROM PKIX1Implicit-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+   ContentInfo
+     FROM CryptographicMessageSyntax-2009
+       { iso(1) member-body(2) us(840) rsadsi(113549)
+       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) };
+   --  Define the set of extensions that can appear.
+   --  Some of these are imported from PKIX Cert
+
+   AttributeCertExtensions EXTENSION ::= {
+       ext-auditIdentity | ext-targetInformation |
+       ext-AuthorityKeyIdentifier | ext-AuthorityInfoAccess |
+       ext-CRLDistributionPoints | ext-noRevAvail | ext-ac-proxying |
+       ext-aaControls, ... }
+
+   ext-auditIdentity EXTENSION ::= { SYNTAX
+       OCTET STRING IDENTIFIED BY id-pe-ac-auditIdentity}
+
+   ext-targetInformation EXTENSION ::= { SYNTAX
+       Targets IDENTIFIED BY id-ce-targetInformation }
+
+   ext-noRevAvail EXTENSION ::= { SYNTAX
+       NULL IDENTIFIED BY id-ce-noRevAvail}
+
+   ext-ac-proxying EXTENSION ::= { SYNTAX
+       ProxyInfo IDENTIFIED BY id-pe-ac-proxying}
+
+   ext-aaControls EXTENSION ::= { SYNTAX
+       AAControls IDENTIFIED BY id-pe-aaControls}
+
+   -- Define the set of attributes used here
+
+   AttributesDefined ATTRIBUTE ::= {  at-authenticationInfo |
+        at-accesIdentity | at-chargingIdentity | at-group |
+        at-role | at-clearance | at-encAttrs, ...}
+
+   at-authenticationInfo ATTRIBUTE ::= { TYPE SvceAuthInfo
+       IDENTIFIED BY id-aca-authenticationInfo}
+
+   at-accesIdentity ATTRIBUTE ::= { TYPE SvceAuthInfo
+       IDENTIFIED BY id-aca-accessIdentity}
+
+   at-chargingIdentity ATTRIBUTE ::= { TYPE IetfAttrSyntax
+       IDENTIFIED BY id-aca-chargingIdentity}
+
+   at-group ATTRIBUTE ::= { TYPE IetfAttrSyntax
+       IDENTIFIED BY id-aca-group}
+
+   at-role ATTRIBUTE ::= { TYPE RoleSyntax
+       IDENTIFIED BY id-at-role}
+
+   at-clearance ATTRIBUTE ::= { TYPE Clearance
+       IDENTIFIED BY id-at-clearance}
+   at-clearance-RFC3281 ATTRIBUTE ::= {TYPE Clearance-rfc3281
+       IDENTIFIED BY id-at-clearance-rfc3281 }
+
+   at-encAttrs ATTRIBUTE ::= { TYPE ContentInfo
+       IDENTIFIED BY id-aca-encAttrs}
+
+   --
+   --  OIDs used by Attribute Certificate Extensions
+   --
+
+   id-pe-ac-auditIdentity       OBJECT IDENTIFIER ::= { id-pe 4 }
+   id-pe-aaControls             OBJECT IDENTIFIER ::= { id-pe 6 }
+   id-pe-ac-proxying            OBJECT IDENTIFIER ::= { id-pe 10 }
+   id-ce-targetInformation      OBJECT IDENTIFIER ::= { id-ce 55 }
+   id-ce-noRevAvail             OBJECT IDENTIFIER ::= { id-ce 56 }
+
+   --
+   --  OIDs used by Attribute Certificate Attributes
+   --
+
+   id-aca                       OBJECT IDENTIFIER ::= { id-pkix 10 }
+
+   id-aca-authenticationInfo    OBJECT IDENTIFIER ::= { id-aca 1 }
+   id-aca-accessIdentity        OBJECT IDENTIFIER ::= { id-aca 2 }
+   id-aca-chargingIdentity      OBJECT IDENTIFIER ::= { id-aca 3 }
+   id-aca-group                 OBJECT IDENTIFIER ::= { id-aca 4 }
+   -- { id-aca 5 } is reserved
+   id-aca-encAttrs              OBJECT IDENTIFIER ::= { id-aca 6 }
+
+   id-at-role                   OBJECT IDENTIFIER ::= { id-at 72}
+   id-at-clearance              OBJECT IDENTIFIER ::= {
+        joint-iso-ccitt(2) ds(5) attributeType(4) clearance (55) }
+
+   -- Uncomment the following declaration and comment the above line if
+   -- using the id-at-clearance attribute as defined in [RFC3281]
+   -- id-at-clearance ::= id-at-clearance-3281
+
+   id-at-clearance-rfc3281              OBJECT IDENTIFIER ::= {
+       joint-iso-ccitt(2) ds(5) module(1) selected-attribute-types(5)
+       clearance (55) }
+
+   --
+   --  The syntax of an Attribute Certificate
+   --
+
+   AttributeCertificate ::= SIGNED{AttributeCertificateInfo}
+
+   AttributeCertificateInfo ::= SEQUENCE {
+       version        AttCertVersion,  -- version is v2
+       holder         Holder,
+       issuer         AttCertIssuer,
+       signature      AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                          {SignatureAlgorithms}},
+       serialNumber   CertificateSerialNumber,
+       attrCertValidityPeriod   AttCertValidityPeriod,
+       attributes     SEQUENCE OF
+                          AttributeSet{{AttributesDefined}},
+       issuerUniqueID UniqueIdentifier OPTIONAL,
+       extensions     Extensions{{AttributeCertExtensions}} OPTIONAL
+   }
+
+   AttCertVersion ::= INTEGER { v2(1) }
+
+   Holder ::= SEQUENCE {
+       baseCertificateID   [0] IssuerSerial OPTIONAL,
+                 -- the issuer and serial number of
+                 -- the holder's Public Key Certificate
+       entityName          [1] GeneralNames OPTIONAL,
+                 -- the name of the claimant or role
+       objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
+                 -- used to directly authenticate the
+                 -- holder, for example, an executable
+   }
+
+   ObjectDigestInfo    ::= SEQUENCE {
+       digestedObjectType  ENUMERATED {
+            publicKey            (0),
+            publicKeyCert        (1),
+            otherObjectTypes     (2) },
+               -- otherObjectTypes MUST NOT
+               -- be used in this profile
+       otherObjectTypeID   OBJECT IDENTIFIER  OPTIONAL,
+       digestAlgorithm     AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+       objectDigest        BIT STRING
+   }
+
+   AttCertIssuer ::= CHOICE {
+       v1Form   GeneralNames,  -- MUST NOT be used in this
+                               -- profile
+       v2Form   [0] V2Form     -- v2 only
+   }
+
+   V2Form ::= SEQUENCE {
+       issuerName            GeneralNames  OPTIONAL,
+       baseCertificateID     [0] IssuerSerial  OPTIONAL,
+       objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
+          -- issuerName MUST be present in this profile
+          -- baseCertificateID and objectDigestInfo MUST
+          -- NOT be present in this profile
+   }
+
+   IssuerSerial  ::=  SEQUENCE {
+       issuer         GeneralNames,
+       serial         CertificateSerialNumber,
+       issuerUID      UniqueIdentifier OPTIONAL
+   }
+
+   AttCertValidityPeriod  ::= SEQUENCE {
+       notBeforeTime  GeneralizedTime,
+       notAfterTime   GeneralizedTime
+   }
+
+   --
+   -- Syntax used by Attribute Certificate Extensions
+   --
+
+   Targets ::= SEQUENCE OF Target
+
+   Target  ::= CHOICE {
+       targetName     [0] GeneralName,
+       targetGroup    [1] GeneralName,
+       targetCert     [2] TargetCert
+   }
+
+   TargetCert  ::= SEQUENCE {
+       targetCertificate  IssuerSerial,
+       targetName         GeneralName OPTIONAL,
+       certDigestInfo     ObjectDigestInfo OPTIONAL
+   }
+
+   AAControls ::= SEQUENCE {
+       pathLenConstraint INTEGER (0..MAX) OPTIONAL,
+       permittedAttrs    [0] AttrSpec OPTIONAL,
+       excludedAttrs     [1] AttrSpec OPTIONAL,
+       permitUnSpecified BOOLEAN DEFAULT TRUE
+   }
+
+   AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
+
+   ProxyInfo ::= SEQUENCE OF Targets
+
+   --
+   --  Syntax used by Attribute Certificate Attributes
+   --
+   IetfAttrSyntax ::= SEQUENCE {
+      policyAuthority[0] GeneralNames    OPTIONAL,
+      values         SEQUENCE OF CHOICE {
+                     octets    OCTET STRING,
+                     oid       OBJECT IDENTIFIER,
+                     string    UTF8String
+     }
+   }
+
+   SvceAuthInfo ::=    SEQUENCE {
+       service       GeneralName,
+       ident         GeneralName,
+       authInfo      OCTET STRING OPTIONAL
+   }
+
+   RoleSyntax ::= SEQUENCE {
+       roleAuthority  [0] GeneralNames OPTIONAL,
+       roleName       [1] GeneralName
+   }
+
+   Clearance ::= SEQUENCE {
+       policyId            OBJECT IDENTIFIER,
+       classList           ClassList DEFAULT {unclassified},
+       securityCategories  SET OF SecurityCategory
+                                {{SupportedSecurityCategories}} OPTIONAL
+   }
+
+   -- Uncomment the following lines to support deprecated clearance
+   -- syntax and comment out previous Clearance.
+
+   -- Clearance ::= Clearance-rfc3281
+
+   Clearance-rfc3281  ::=  SEQUENCE {
+       policyId       [0] OBJECT IDENTIFIER,
+       classList      [1] ClassList DEFAULT {unclassified},
+       securityCategories [2] SET OF SecurityCategory-rfc3281
+                              {{SupportedSecurityCategories}} OPTIONAL
+   }
+
+   ClassList  ::=  BIT STRING {
+       unmarked       (0),
+       unclassified   (1),
+       restricted     (2),
+       confidential   (3),
+       secret         (4),
+       topSecret      (5)
+   }
+   SupportedSecurityCategories SECURITY-CATEGORY ::= { ... }
+
+   SecurityCategory-rfc3281{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
+       type      [0]  IMPLICIT SECURITY-CATEGORY.
+               &id({Supported}),
+       value     [1]  EXPLICIT SECURITY-CATEGORY.
+               &Type({Supported}{@type})
+   }
+
+   ACClearAttrs ::= SEQUENCE {
+       acIssuer          GeneralName,
+       acSerial          INTEGER,
+       attrs             SEQUENCE OF AttributeSet{{AttributesDefined}}
+   }
+
+   END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1
new file mode 100644
index 0000000000..968a142f28
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1
@@ -0,0 +1,495 @@
+ PKIXCMP-2009
+     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) }
+ DEFINITIONS EXPLICIT TAGS ::=
+ BEGIN
+ IMPORTS
+
+ AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE
+ FROM PKIX-CommonTypes-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+ AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
+     DIGEST-ALGORITHM, MAC-ALGORITHM
+ FROM AlgorithmInformation-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-algorithmInformation-02(58)}
+
+ Certificate, CertificateList
+ FROM PKIX1Explicit-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+ GeneralName, KeyIdentifier
+ FROM PKIX1Implicit-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+ CertTemplate, PKIPublicationInfo, EncryptedValue, CertId,
+     CertReqMessages
+ FROM PKIXCRMF-2009
+     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) }
+ -- see also the behavioral clarifications to CRMF codified in
+ -- Appendix C of this specification
+
+ CertificationRequest
+ FROM PKCS-10
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
+ -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
+ -- tags).  Alternatively, implementers may directly include
+ -- the [PKCS10] syntax in this module
+ ;
+
+ -- the rest of the module contains locally defined OIDs and
+ -- constructs
+
+ CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... }
+ -- This syntax, while bits-on-the-wire compatible with the
+ -- standard X.509 definition of "Certificate", allows the
+ -- possibility of future certificate types (such as X.509
+ -- attribute certificates, WAP WTLS certificates, or other kinds
+ -- of certificates) within this certificate management protocol,
+ -- should a need ever arise to support such generality.  Those
+ -- implementations that do not foresee a need to ever support
+ -- other certificate types MAY, if they wish, comment out the
+ -- above structure and "uncomment" the following one prior to
+ -- compiling this ASN.1 module.  (Note that interoperability
+ -- with implementations that don't do this will be unaffected by
+ -- this change.)
+
+ -- CMPCertificate ::= Certificate
+
+ PKIMessage ::= SEQUENCE {
+     header           PKIHeader,
+     body             PKIBody,
+     protection   [0] PKIProtection OPTIONAL,
+     extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                   OPTIONAL }
+
+ PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+
+ PKIHeader ::= SEQUENCE {
+     pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+     sender              GeneralName,
+     -- identifies the sender
+     recipient           GeneralName,
+     -- identifies the intended recipient
+     messageTime     [0] GeneralizedTime         OPTIONAL,
+     -- time of production of this message (used when sender
+     -- believes that the transport will be "suitable"; i.e.,
+     -- that the time will still be meaningful upon receipt)
+     protectionAlg   [1] AlgorithmIdentifier{ALGORITHM, {...}}
+                             OPTIONAL,
+     -- algorithm used for calculation of protection bits
+     senderKID       [2] KeyIdentifier           OPTIONAL,
+     recipKID        [3] KeyIdentifier           OPTIONAL,
+     -- to identify specific keys used for protection
+     transactionID   [4] OCTET STRING            OPTIONAL,
+     -- identifies the transaction; i.e., this will be the same in
+     -- corresponding request, response, certConf, and PKIConf
+     -- messages
+     senderNonce     [5] OCTET STRING            OPTIONAL,
+     recipNonce      [6] OCTET STRING            OPTIONAL,
+     -- nonces used to provide replay protection, senderNonce
+     -- is inserted by the creator of this message; recipNonce
+     -- is a nonce previously inserted in a related message by
+     -- the intended recipient of this message
+     freeText        [7] PKIFreeText             OPTIONAL,
+     -- this may be used to indicate context-specific instructions
+     -- (this field is intended for human consumption)
+     generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
+                         InfoTypeAndValue     OPTIONAL
+     -- this may be used to convey context-specific information
+     -- (this field not primarily intended for human consumption)
+ }
+
+ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+     -- text encoded as UTF-8 String [RFC3629] (note: each
+     -- UTF8String MAY include an [RFC3066] language tag
+     -- to indicate the language of the contained text;
+     -- see [RFC2482] for details)
+
+ PKIBody ::= CHOICE {       -- message-specific body elements
+     ir       [0]  CertReqMessages,        --Initialization Request
+     ip       [1]  CertRepMessage,         --Initialization Response
+     cr       [2]  CertReqMessages,        --Certification Request
+     cp       [3]  CertRepMessage,         --Certification Response
+     p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
+     popdecc  [5]  POPODecKeyChallContent, --pop Challenge
+     popdecr  [6]  POPODecKeyRespContent,  --pop Response
+     kur      [7]  CertReqMessages,        --Key Update Request
+     kup      [8]  CertRepMessage,         --Key Update Response
+     krr      [9]  CertReqMessages,        --Key Recovery Request
+     krp      [10] KeyRecRepContent,       --Key Recovery Response
+     rr       [11] RevReqContent,          --Revocation Request
+     rp       [12] RevRepContent,          --Revocation Response
+     ccr      [13] CertReqMessages,        --Cross-Cert. Request
+     ccp      [14] CertRepMessage,         --Cross-Cert. Response
+     ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
+     cann     [16] CertAnnContent,         --Certificate Ann.
+     rann     [17] RevAnnContent,          --Revocation Ann.
+     crlann   [18] CRLAnnContent,          --CRL Announcement
+     pkiconf  [19] PKIConfirmContent,      --Confirmation
+     nested   [20] NestedMessageContent,   --Nested Message
+     genm     [21] GenMsgContent,          --General Message
+     genp     [22] GenRepContent,          --General Response
+     error    [23] ErrorMsgContent,        --Error Message
+     certConf [24] CertConfirmContent,     --Certificate confirm
+     pollReq  [25] PollReqContent,         --Polling request
+     pollRep  [26] PollRepContent          --Polling response
+ }
+
+ PKIProtection ::= BIT STRING
+
+ ProtectedPart ::= SEQUENCE {
+     header    PKIHeader,
+     body      PKIBody }
+
+ id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     usa(840) nt(113533) nsn(7) algorithms(66) 13 }
+ PBMParameter ::= SEQUENCE {
+     salt                OCTET STRING,
+     -- note:  implementations MAY wish to limit acceptable sizes
+     -- of this string to values appropriate for their environment
+     -- in order to reduce the risk of denial-of-service attacks
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     iterationCount      INTEGER,
+     -- number of times the OWF is applied
+     -- note:  implementations MAY wish to limit acceptable sizes
+     -- of this integer to values appropriate for their environment
+     -- in order to reduce the risk of denial-of-service attacks
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     -- or HMAC [RFC2104, RFC2202])
+ }
+
+ id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     usa(840) nt(113533) nsn(7) algorithms(66) 30 }
+ DHBMParameter ::= SEQUENCE {
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     -- or HMAC [RFC2104, RFC2202])
+ }
+
+ PKIStatus ::= INTEGER {
+     accepted               (0),
+     -- you got exactly what you asked for
+     grantedWithMods        (1),
+     -- you got something like what you asked for; the
+     -- requester is responsible for ascertaining the differences
+     rejection              (2),
+     -- you don't get it, more information elsewhere in the message
+     waiting                (3),
+     -- the request body part has not yet been processed; expect to
+     -- hear more later (note: proper handling of this status
+     -- response MAY use the polling req/rep PKIMessages specified
+     -- in Section 5.3.22; alternatively, polling in the underlying
+     -- transport layer MAY have some utility in this regard)
+     revocationWarning      (4),
+     -- this message contains a warning that a revocation is
+     -- imminent
+     revocationNotification (5),
+     -- notification that a revocation has occurred
+     keyUpdateWarning       (6)
+     -- update already done for the oldCertId specified in
+     -- CertReqMsg
+ }
+
+ PKIFailureInfo ::= BIT STRING {
+ -- since we can fail in more than one way!
+ -- More codes may be added in the future if/when required.
+     badAlg              (0),
+     -- unrecognized or unsupported Algorithm Identifier
+     badMessageCheck     (1),
+     -- integrity check failed (e.g., signature did not verify)
+     badRequest          (2),
+     -- transaction not permitted or supported
+     badTime             (3),
+     -- messageTime was not sufficiently close to the system time,
+     -- as defined by local policy
+     badCertId           (4),
+     -- no certificate could be found matching the provided criteria
+     badDataFormat       (5),
+     -- the data submitted has the wrong format
+     wrongAuthority      (6),
+     -- the authority indicated in the request is different from the
+     -- one creating the response token
+     incorrectData       (7),
+     -- the requester's data is incorrect (for notary services)
+     missingTimeStamp    (8),
+     -- when the timestamp is missing but should be there
+     -- (by policy)
+     badPOP              (9),
+     -- the proof-of-possession failed
+     certRevoked         (10),
+     -- the certificate has already been revoked
+     certConfirmed       (11),
+     -- the certificate has already been confirmed
+     wrongIntegrity      (12),
+     -- invalid integrity, password based instead of signature or
+     -- vice versa
+     badRecipientNonce   (13),
+     -- invalid recipient nonce, either missing or wrong value
+     timeNotAvailable    (14),
+     -- the TSA's time source is not available
+     unacceptedPolicy    (15),
+     -- the requested TSA policy is not supported by the TSA
+     unacceptedExtension (16),
+     -- the requested extension is not supported by the TSA
+     addInfoNotAvailable (17),
+     -- the additional information requested could not be
+     -- understood or is not available
+     badSenderNonce      (18),
+     -- invalid sender nonce, either missing or wrong size
+     badCertTemplate     (19),
+     -- invalid cert. template or missing mandatory information
+     signerNotTrusted    (20),
+     -- signer of the message unknown or not trusted
+     transactionIdInUse  (21),
+     -- the transaction identifier is already in use
+     unsupportedVersion  (22),
+     -- the version of the message is not supported
+     notAuthorized       (23),
+     -- the sender was not authorized to make the preceding
+     -- request or perform the preceding action
+     systemUnavail       (24),
+     -- the request cannot be handled due to system unavailability
+     systemFailure       (25),
+     -- the request cannot be handled due to system failure
+     duplicateCertReq    (26)
+     -- certificate cannot be issued because a duplicate
+     -- certificate already exists
+ }
+
+ PKIStatusInfo ::= SEQUENCE {
+     status        PKIStatus,
+     statusString  PKIFreeText     OPTIONAL,
+     failInfo      PKIFailureInfo  OPTIONAL }
+
+ OOBCert ::= CMPCertificate
+
+ OOBCertHash ::= SEQUENCE {
+     hashAlg     [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
+                         OPTIONAL,
+     certId      [1] CertId                  OPTIONAL,
+     hashVal         BIT STRING
+     -- hashVal is calculated over the DER encoding of the
+     -- self-signed certificate with the identifier certID.
+ }
+
+ POPODecKeyChallContent ::= SEQUENCE OF Challenge
+ -- One Challenge per encryption key certification request (in the
+ -- same order as these requests appear in CertReqMessages).
+
+ Challenge ::= SEQUENCE {
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
+                             OPTIONAL,
+     -- MUST be present in the first Challenge; MAY be omitted in
+     -- any subsequent Challenge in POPODecKeyChallContent (if
+     -- omitted, then the owf used in the immediately preceding
+     -- Challenge is to be used).
+     witness             OCTET STRING,
+     -- the result of applying the one-way function (owf) to a
+     -- randomly-generated INTEGER, A.  [Note that a different
+     -- INTEGER MUST be used for each Challenge.]
+     challenge           OCTET STRING
+     -- the encryption (under the public key for which the cert.
+     -- request is being made) of Rand, where Rand is specified as
+     --   Rand ::= SEQUENCE {
+     --      int      INTEGER,
+     --       - the randomly-generated INTEGER A (above)
+     --      sender   GeneralName
+     --       - the sender's name (as included in PKIHeader)
+     --   }
+ }
+
+ POPODecKeyRespContent ::= SEQUENCE OF INTEGER
+ -- One INTEGER per encryption key certification request (in the
+ -- same order as these requests appear in CertReqMessages).  The
+ -- retrieved INTEGER A (above) is returned to the sender of the
+ -- corresponding Challenge.
+
+ CertRepMessage ::= SEQUENCE {
+     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                   OPTIONAL,
+     response         SEQUENCE OF CertResponse }
+
+ CertResponse ::= SEQUENCE {
+     certReqId           INTEGER,
+     -- to match this response with the corresponding request (a value
+     -- of -1 is to be used if certReqId is not specified in the
+     -- corresponding request)
+     status              PKIStatusInfo,
+     certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
+     rspInfo             OCTET STRING        OPTIONAL
+     -- analogous to the id-regInfo-utf8Pairs string defined
+     -- for regInfo in CertReqMsg [RFC4211]
+ }
+
+ CertifiedKeyPair ::= SEQUENCE {
+     certOrEncCert       CertOrEncCert,
+     privateKey      [0] EncryptedValue      OPTIONAL,
+     -- see [RFC4211] for comment on encoding
+     publicationInfo [1] PKIPublicationInfo  OPTIONAL }
+
+ CertOrEncCert ::= CHOICE {
+     certificate     [0] CMPCertificate,
+     encryptedCert   [1] EncryptedValue }
+ KeyRecRepContent ::= SEQUENCE {
+     status                  PKIStatusInfo,
+     newSigCert          [0] CMPCertificate OPTIONAL,
+     caCerts             [1] SEQUENCE SIZE (1..MAX) OF
+                                      CMPCertificate OPTIONAL,
+     keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
+                                      CertifiedKeyPair OPTIONAL }
+
+ RevReqContent ::= SEQUENCE OF RevDetails
+
+ RevDetails ::= SEQUENCE {
+     certDetails         CertTemplate,
+     -- allows requester to specify as much as they can about
+     -- the cert. for which revocation is requested
+     -- (e.g., for cases in which serialNumber is not available)
+     crlEntryDetails     Extensions{{...}}    OPTIONAL
+     -- requested crlEntryExtensions
+ }
+
+ RevRepContent ::= SEQUENCE {
+     status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+     -- in same order as was sent in RevReqContent
+     revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
+     -- IDs for which revocation was requested
+     -- (same order as status)
+     crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
+     -- the resulting CRLs (there may be more than one)
+ }
+
+ CAKeyUpdAnnContent ::= SEQUENCE {
+     oldWithNew   CMPCertificate, -- old pub signed with new priv
+     newWithOld   CMPCertificate, -- new pub signed with old priv
+     newWithNew   CMPCertificate  -- new pub signed with new priv
+ }
+
+ CertAnnContent ::= CMPCertificate
+
+ RevAnnContent ::= SEQUENCE {
+     status              PKIStatus,
+     certId              CertId,
+     willBeRevokedAt     GeneralizedTime,
+     badSinceDate        GeneralizedTime,
+     crlDetails          Extensions{{...}}  OPTIONAL
+     -- extra CRL details (e.g., crl number, reason, location, etc.)
+ }
+
+ CRLAnnContent ::= SEQUENCE OF CertificateList
+ PKIConfirmContent ::= NULL
+
+ NestedMessageContent ::= PKIMessages
+
+ INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER
+
+ InfoTypeAndValue ::= SEQUENCE {
+     infoType    INFO-TYPE-AND-VALUE.
+                     &id({SupportedInfoSet}),
+     infoValue   INFO-TYPE-AND-VALUE.
+                     &Type({SupportedInfoSet}{@infoType}) }
+
+ SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... }
+
+ -- Example InfoTypeAndValue contents include, but are not limited
+ -- to, the following (uncomment in this ASN.1 module and use as
+ -- appropriate for a given environment):
+ --
+ --   id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
+ --      CAProtEncCertValue      ::= CMPCertificate
+ --   id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
+ --      SignKeyPairTypesValue   ::= SEQUENCE OF
+ --                                      AlgorithmIdentifier{{...}}
+ --   id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
+ --      EncKeyPairTypesValue    ::= SEQUENCE OF
+ --                                      AlgorithmIdentifier{{...}}
+ --   id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
+ --      PreferredSymmAlgValue   ::= AlgorithmIdentifier{{...}}
+ --   id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
+ --      CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
+ --   id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
+ --      CurrentCRLValue         ::= CertificateList
+ --   id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
+ --      UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
+ --   id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
+ --      KeyPairParamReqValue    ::= OBJECT IDENTIFIER
+ --   id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
+ --      KeyPairParamRepValue    ::= AlgorithmIdentifer
+ --   id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
+ --      RevPassphraseValue      ::= EncryptedValue
+ --   id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
+ --      ImplicitConfirmValue    ::= NULL
+ --   id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
+ --      ConfirmWaitTimeValue    ::= GeneralizedTime
+ --   id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
+ --      OrigPKIMessageValue     ::= PKIMessages
+ --   id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
+ --      SuppLangTagsValue       ::= SEQUENCE OF UTF8String
+ --
+ -- where
+ --
+ --   id-pkix OBJECT IDENTIFIER ::= {
+ --      iso(1) identified-organization(3)
+ --      dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
+ -- and
+ --   id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
+ --
+ --
+ -- This construct MAY also be used to define new PKIX Certificate
+ -- Management Protocol request and response messages, or general-
+ -- purpose (e.g., announcement) messages for future needs or for
+ -- specific environments.
+
+ GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
+
+ -- May be sent by EE, RA, or CA (depending on message content).
+ -- The OPTIONAL infoValue parameter of InfoTypeAndValue will
+ -- typically be omitted for some of the examples given above.
+ -- The receiver is free to ignore any contained OBJECT IDs that it
+ -- does not recognize.  If sent from EE to CA, the empty set
+ -- indicates that the CA may send
+ -- any/all information that it wishes.
+
+ GenRepContent ::= SEQUENCE OF InfoTypeAndValue
+ -- Receiver MAY ignore any contained OIDs that it does not
+ -- recognize.
+
+ ErrorMsgContent ::= SEQUENCE {
+     pKIStatusInfo          PKIStatusInfo,
+     errorCode              INTEGER           OPTIONAL,
+     -- implementation-specific error codes
+     errorDetails           PKIFreeText       OPTIONAL
+     -- implementation-specific error details
+ }
+
+ CertConfirmContent ::= SEQUENCE OF CertStatus
+
+ CertStatus ::= SEQUENCE {
+     certHash    OCTET STRING,
+     -- the hash of the certificate, using the same hash algorithm
+     -- as is used to create and verify the certificate signature
+     certReqId   INTEGER,
+     -- to match this confirmation with the corresponding req/rep
+     statusInfo  PKIStatusInfo OPTIONAL }
+
+ PollReqContent ::= SEQUENCE OF SEQUENCE {
+     certReqId              INTEGER }
+
+ PollRepContent ::= SEQUENCE OF SEQUENCE {
+     certReqId              INTEGER,
+     checkAfter             INTEGER,  -- time in seconds
+     reason                 PKIFreeText OPTIONAL }
+
+ END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1
new file mode 100644
index 0000000000..1c0b780499
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1
@@ -0,0 +1,409 @@
+  PKIXCRMF-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)}
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE,
+      SingleAttribute{}
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkixCommon-02(57) }
+
+  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
+      DIGEST-ALGORITHM, MAC-ALGORITHM, PUBLIC-KEY
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  Version, Name, Time, SubjectPublicKeyInfo, UniqueIdentifier, id-pkix,
+      SignatureAlgorithms
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  GeneralName, CertExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  EnvelopedData, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41)}
+  maca-hMAC-SHA1
+  FROM CryptographicMessageSyntaxAlgorithms-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+      { iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56) } ;
+
+  -- arc for Internet X.509 PKI protocols and their components
+
+  id-pkip  OBJECT IDENTIFIER ::= { id-pkix 5 }
+
+  id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+       us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
+
+  id-ct   OBJECT IDENTIFIER ::= { id-smime  1 }  -- content types
+
+  -- Core definitions for this module
+
+  CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
+
+  CertReqMsg ::= SEQUENCE {
+      certReq   CertRequest,
+      popo       ProofOfPossession  OPTIONAL,
+      -- content depends upon key type
+      regInfo   SEQUENCE SIZE(1..MAX) OF
+          SingleAttribute{{RegInfoSet}} OPTIONAL }
+
+  CertRequest ::= SEQUENCE {
+      certReqId     INTEGER,
+      -- ID for matching request and reply
+      certTemplate  CertTemplate,
+      -- Selected fields of cert to be issued
+      controls      Controls OPTIONAL }
+      -- Attributes affecting issuance
+
+  CertTemplate ::= SEQUENCE {
+      version      [0] Version               OPTIONAL,
+      serialNumber [1] INTEGER               OPTIONAL,
+      signingAlg   [2] AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                           {SignatureAlgorithms}}   OPTIONAL,
+      issuer       [3] Name                  OPTIONAL,
+      validity     [4] OptionalValidity      OPTIONAL,
+      subject      [5] Name                  OPTIONAL,
+      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
+      issuerUID    [7] UniqueIdentifier      OPTIONAL,
+      subjectUID   [8] UniqueIdentifier      OPTIONAL,
+      extensions   [9] Extensions{{CertExtensions}}  OPTIONAL }
+
+  OptionalValidity ::= SEQUENCE {
+      notBefore  [0] Time OPTIONAL,
+      notAfter   [1] Time OPTIONAL } -- at least one MUST be present
+
+  Controls  ::= SEQUENCE SIZE(1..MAX) OF SingleAttribute
+                    {{RegControlSet}}
+
+  ProofOfPossession ::= CHOICE {
+      raVerified        [0] NULL,
+      -- used if the RA has already verified that the requester is in
+      -- possession of the private key
+      signature         [1] POPOSigningKey,
+      keyEncipherment   [2] POPOPrivKey,
+      keyAgreement      [3] POPOPrivKey }
+
+  POPOSigningKey ::= SEQUENCE {
+      poposkInput           [0] POPOSigningKeyInput OPTIONAL,
+      algorithmIdentifier   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                                {SignatureAlgorithms}},
+      signature             BIT STRING }
+      -- The signature (using "algorithmIdentifier") is on the
+      -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
+      -- certReq CertTemplate contains the subject and publicKey values,
+      -- then poposkInput MUST be omitted and the signature MUST be
+      -- computed over the DER-encoded value of CertReqMsg certReq.  If
+      -- the CertReqMsg certReq CertTemplate does not contain both the
+      -- public key and subject values (i.e., if it contains only one
+      -- of these, or neither), then poposkInput MUST be present and
+      -- MUST be signed.
+
+  POPOSigningKeyInput ::= SEQUENCE {
+      authInfo            CHOICE {
+       sender              [0] GeneralName,
+       -- used only if an authenticated identity has been
+       -- established for the sender (e.g., a DN from a
+       -- previously-issued and currently-valid certificate)
+       publicKeyMAC        PKMACValue },
+       -- used if no authenticated GeneralName currently exists for
+       -- the sender; publicKeyMAC contains a password-based MAC
+       -- on the DER-encoded value of publicKey
+      publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
+
+  PKMACValue ::= SEQUENCE {
+      algId  AlgorithmIdentifier{MAC-ALGORITHM,
+                 {Password-MACAlgorithms}},
+      value  BIT STRING }
+
+  --
+  --  Define the currently only acceptable MAC algorithm to be used
+  --  for the PKMACValue structure
+  --
+
+  id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      usa(840) nt(113533) nsn(7) algorithms(66) 13 }
+
+  Password-MACAlgorithms MAC-ALGORITHM ::= {
+      {IDENTIFIER id-PasswordBasedMac
+       PARAMS TYPE PBMParameter ARE required
+       IS-KEYED-MAC TRUE
+      }, ...
+  }
+
+  PBMParameter ::= SEQUENCE {
+     salt                OCTET STRING,
+     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM,
+                             {DigestAlgorithms}},
+     -- AlgId for a One-Way Function (SHA-1 recommended)
+     iterationCount      INTEGER,
+     -- number of times the OWF is applied
+     mac                 AlgorithmIdentifier{MAC-ALGORITHM,
+                             {MACAlgorithms}}
+     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC, or HMAC
+  }
+
+  DigestAlgorithms DIGEST-ALGORITHM ::= {
+     mda-sha1, ...
+  }
+
+  MACAlgorithms MAC-ALGORITHM ::= {
+      -- The modules containing the ASN.1 for the DES and 3DES MAC
+      -- algorithms have not been updated at the time that this is
+      -- being published.  Users of this module should define the
+      -- appropriate MAC-ALGORITHM objects and uncomment the
+      -- following lines if they support these MAC algorithms.
+      -- maca-des-mac | maca-3des-mac --
+      maca-hMAC-SHA1,
+      ...
+  }
+
+  POPOPrivKey ::= CHOICE {
+      thisMessage       [0] BIT STRING,         -- Deprecated
+      -- possession is proven in this message (which contains
+      -- the private key itself (encrypted for the CA))
+      subsequentMessage [1] SubsequentMessage,
+      -- possession will be proven in a subsequent message
+      dhMAC             [2] BIT STRING,         -- Deprecated
+      agreeMAC          [3] PKMACValue,
+      encryptedKey      [4] EnvelopedData }
+      -- for keyAgreement (only), possession is proven in this message
+      -- (which contains a MAC (over the DER-encoded value of the
+      -- certReq parameter in CertReqMsg, which MUST include both
+      -- subject and publicKey) based on a key derived from the end
+      -- entity's private DH key and the CA's public DH key);
+
+  SubsequentMessage ::= INTEGER {
+      encrCert (0),
+      -- requests that resulting certificate be encrypted for the
+      -- end entity (following which, POP will be proven in a
+      -- confirmation message)
+      challengeResp (1) }
+      -- requests that CA engage in challenge-response exchange with
+      -- end entity in order to prove private key possession
+
+  --
+  -- id-ct-encKeyWithID content type used as the content type for the
+  -- EnvelopedData in POPOPrivKey.
+  -- It contains both a private key and an identifier for key escrow
+  -- agents to check against recovery requestors.
+  --
+
+  ct-encKeyWithID CONTENT-TYPE ::=
+      { EncKeyWithID IDENTIFIED BY id-ct-encKeyWithID }
+
+  id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21}
+
+  EncKeyWithID ::= SEQUENCE {
+      privateKey           PrivateKeyInfo,
+      identifier CHOICE {
+          string             UTF8String,
+          generalName        GeneralName
+      } OPTIONAL
+  }
+
+  PrivateKeyInfo ::= SEQUENCE {
+     version                   INTEGER,
+     privateKeyAlgorithm       AlgorithmIdentifier{PUBLIC-KEY, {...}},
+     privateKey                OCTET STRING,
+               --  Structure of public key is in PUBLIC-KEY.&PrivateKey
+     attributes                [0] IMPLICIT Attributes OPTIONAL
+  }
+
+  Attributes ::= SET OF AttributeSet{{PrivateKeyAttributes}}
+  PrivateKeyAttributes ATTRIBUTE ::= {...}
+
+  --
+  -- 6.  Registration Controls in CRMF
+  --
+
+  id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 }
+
+  RegControlSet ATTRIBUTE ::= {
+      regCtrl-regToken | regCtrl-authenticator |
+      regCtrl-pkiPublicationInfo | regCtrl-pkiArchiveOptions |
+      regCtrl-oldCertID | regCtrl-protocolEncrKey, ... }
+
+  --
+  --  6.1.  Registration Token Control
+  --
+
+  regCtrl-regToken ATTRIBUTE ::=
+      { TYPE RegToken IDENTIFIED BY id-regCtrl-regToken }
+
+  id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 }
+
+  RegToken ::= UTF8String
+
+  --
+  --  6.2.  Authenticator Control
+  --
+
+  regCtrl-authenticator ATTRIBUTE ::=
+      { TYPE Authenticator IDENTIFIED BY id-regCtrl-authenticator }
+
+  id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 }
+
+  Authenticator ::= UTF8String
+
+  --
+  --  6.3.  Publication Information Control
+  --
+
+  regCtrl-pkiPublicationInfo ATTRIBUTE ::=
+      { TYPE PKIPublicationInfo IDENTIFIED BY
+          id-regCtrl-pkiPublicationInfo }
+
+  id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 }
+
+  PKIPublicationInfo ::= SEQUENCE {
+      action     INTEGER {
+                     dontPublish (0),
+                     pleasePublish (1) },
+      pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
+      -- pubInfos MUST NOT be present if action is "dontPublish"
+      -- (if action is "pleasePublish" and pubInfos is omitted,
+      -- "dontCare" is assumed)
+
+  SinglePubInfo ::= SEQUENCE {
+      pubMethod    INTEGER {
+          dontCare    (0),
+          x500        (1),
+          web         (2),
+          ldap        (3) },
+      pubLocation  GeneralName OPTIONAL }
+
+  --
+  --  6.4.  Archive Options Control
+  --
+
+  regCtrl-pkiArchiveOptions ATTRIBUTE ::=
+      { TYPE PKIArchiveOptions IDENTIFIED BY
+          id-regCtrl-pkiArchiveOptions }
+
+  id-regCtrl-pkiArchiveOptions OBJECT IDENTIFIER ::= { id-regCtrl 4 }
+
+  PKIArchiveOptions ::= CHOICE {
+      encryptedPrivKey     [0] EncryptedKey,
+      -- the actual value of the private key
+      keyGenParameters     [1] KeyGenParameters,
+      -- parameters that allow the private key to be re-generated
+      archiveRemGenPrivKey [2] BOOLEAN }
+      -- set to TRUE if sender wishes receiver to archive the private
+      -- key of a key pair that the receiver generates in response to
+      -- this request; set to FALSE if no archive is desired.
+
+  EncryptedKey ::= CHOICE {
+      encryptedValue        EncryptedValue,   -- Deprecated
+      envelopedData     [0] EnvelopedData }
+      -- The encrypted private key MUST be placed in the envelopedData
+      -- encryptedContentInfo encryptedContent OCTET STRING.
+
+  --
+  --  We skipped doing the full constraints here since this structure
+  --      has been deprecated in favor of EnvelopedData
+  --
+
+  EncryptedValue ::= SEQUENCE {
+      intendedAlg   [0] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- the intended algorithm for which the value will be used
+      symmAlg       [1] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- the symmetric algorithm used to encrypt the value
+      encSymmKey    [2] BIT STRING           OPTIONAL,
+      -- the (encrypted) symmetric key used to encrypt the value
+      keyAlg        [3] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL,
+      -- algorithm used to encrypt the symmetric key
+      valueHint     [4] OCTET STRING         OPTIONAL,
+      -- a brief description or identifier of the encValue content
+      -- (may be meaningful only to the sending entity, and used only
+      -- if EncryptedValue might be re-examined by the sending entity
+      -- in the future)
+      encValue       BIT STRING }
+      -- the encrypted value itself
+  -- When EncryptedValue is used to carry a private key (as opposed to
+  -- a certificate), implementations MUST support the encValue field
+  -- containing an encrypted PrivateKeyInfo as defined in [PKCS11],
+  -- section 12.11.  If encValue contains some other format/encoding
+  -- for the private key, the first octet of valueHint MAY be used
+  -- to indicate the format/encoding (but note that the possible values
+  -- of this octet are not specified at this time).  In all cases, the
+  -- intendedAlg field MUST be used to indicate at least the OID of
+  -- the intended algorithm of the private key, unless this information
+  -- is known a priori to both sender and receiver by some other means.
+
+  KeyGenParameters ::= OCTET STRING
+
+  --
+  --  6.5.  OldCert ID Control
+  --
+
+  regCtrl-oldCertID ATTRIBUTE ::=
+      { TYPE OldCertId IDENTIFIED BY id-regCtrl-oldCertID }
+
+  id-regCtrl-oldCertID  OBJECT IDENTIFIER ::= { id-regCtrl 5 }
+
+  OldCertId ::= CertId
+
+  CertId ::= SEQUENCE {
+      issuer           GeneralName,
+      serialNumber     INTEGER }
+
+  --
+  -- 6.6.  Protocol Encryption Key Control
+  --
+
+  regCtrl-protocolEncrKey ATTRIBUTE ::=
+      { TYPE ProtocolEncrKey IDENTIFIED BY id-regCtrl-protocolEncrKey }
+  id-regCtrl-protocolEncrKey    OBJECT IDENTIFIER ::= { id-regCtrl 6 }
+
+  ProtocolEncrKey ::= SubjectPublicKeyInfo
+
+  --
+  -- 7.  Registration Info in CRMF
+  --
+
+  id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 }
+
+  RegInfoSet ATTRIBUTE ::=
+      { regInfo-utf8Pairs | regInfo-certReq }
+
+  --
+  -- 7.1.  utf8Pairs RegInfo Control
+  --
+
+  regInfo-utf8Pairs ATTRIBUTE ::=
+      { TYPE UTF8Pairs IDENTIFIED BY id-regInfo-utf8Pairs }
+
+  id-regInfo-utf8Pairs    OBJECT IDENTIFIER ::= { id-regInfo 1 }
+  --with syntax
+  UTF8Pairs ::= UTF8String
+
+  --
+  --  7.2.  certReq RegInfo Control
+  --
+
+  regInfo-certReq ATTRIBUTE ::=
+      { TYPE CertReq IDENTIFIED BY id-regInfo-certReq }
+
+  id-regInfo-certReq       OBJECT IDENTIFIER ::= { id-regInfo 2 }
+  --with syntax
+  CertReq ::= CertRequest
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1
index 5512f1590b..5512f1590b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1
index d6e88a2e47..d6e88a2e47 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1
index 258c5f0b23..258c5f0b23 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1
index c8f3a2ff33..c8f3a2ff33 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1
index 365144ff35..365144ff35 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1
index d00570b7e7..d00570b7e7 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1
index 4a59cc403b..4a59cc403b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1
index e55ea3c05e..e55ea3c05e 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1
index 671cf0e780..671cf0e780 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1
index b497e4126b..b497e4126b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1
index 73b49c8d7a..73b49c8d7a 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1
index e526ff4600..e526ff4600 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1
new file mode 100644
index 0000000000..f74f76ff7c
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1
@@ -0,0 +1,608 @@
+  SCVP-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-scvp-02(52) }
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
+
+  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, PUBLIC-KEY, KEY-AGREE,
+      DIGEST-ALGORITHM, KEY-DERIVATION, MAC-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  Certificate, CertificateList, CertificateSerialNumber,
+      SignatureAlgorithms, SubjectPublicKeyInfo
+  FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }
+
+  GeneralNames, GeneralName, KeyUsage, KeyPurposeId
+  FROM PKIX1Implicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) }
+
+  AttributeCertificate
+  FROM PKIXAttributeCertificate-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) }
+
+  OCSPResponse
+  FROM OCSP-2009
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48) }
+
+  ContentInfo, CONTENT-TYPE
+  FROM CryptographicMessageSyntax-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+      smime(16) modules(0) id-mod-cms-2004-02(41) }
+
+  mda-sha1
+  FROM PKIXAlgs-2009
+      { iso(1) identified-organization(3) dod(6)
+      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56) } ;
+
+  ContentTypes CONTENT-TYPE ::= {ct-scvp-certValRequest |
+      ct-scvp-certValResponse | ct-scvp-valPolRequest |
+      ct-scvp-valPolResponse, ... }
+
+  id-ct OBJECT IDENTIFIER ::=
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+      id-smime(16) 1 }
+
+  ct-scvp-certValRequest CONTENT-TYPE ::=
+      { CVRequest IDENTIFIED BY id-ct-scvp-certValRequest }
+
+  id-ct-scvp-certValRequest OBJECT IDENTIFIER ::= { id-ct 10 }
+
+  -- SCVP Certificate Validation Request
+
+  CVRequest ::= SEQUENCE {
+      cvRequestVersion           INTEGER DEFAULT 1,
+      query                      Query,
+      requestorRef           [0] GeneralNames OPTIONAL,
+      requestNonce           [1] OCTET STRING OPTIONAL,
+      requestorName          [2] GeneralName OPTIONAL,
+      responderName          [3] GeneralName OPTIONAL,
+      requestExtensions      [4] Extensions{{RequestExtensions}}
+                                     OPTIONAL,
+      signatureAlg           [5] AlgorithmIdentifier
+                                     {SIGNATURE-ALGORITHM,
+                                         {SignatureAlgorithms}}
+                                     OPTIONAL,
+      hashAlg                [6] OBJECT IDENTIFIER OPTIONAL,
+      requestorText          [7] UTF8String (SIZE (1..256)) OPTIONAL
+  }
+
+  -- Set of signature algorithms is coming from RFC 5280
+  -- SignatureAlgorithms SIGNATURE-ALGORITHM ::= {...}
+
+  -- Add supported request extensions here; all new items should
+  --      be added after the extension marker
+
+  RequestExtensions EXTENSION ::= {...}
+
+  Query ::= SEQUENCE {
+      queriedCerts             CertReferences,
+      checks                   CertChecks,
+      wantBack             [1] WantBack OPTIONAL,
+      validationPolicy         ValidationPolicy,
+      responseFlags            ResponseFlags OPTIONAL,
+      serverContextInfo    [2] OCTET STRING OPTIONAL,
+      validationTime       [3] GeneralizedTime OPTIONAL,
+      intermediateCerts    [4] CertBundle OPTIONAL,
+      revInfos             [5] RevocationInfos OPTIONAL,
+      producedAt           [6] GeneralizedTime OPTIONAL,
+      queryExtensions      [7] Extensions{{QueryExtensions}} OPTIONAL
+  }
+
+  -- Add supported query extensions here; all new items should be added
+  --      after the extension marker
+
+  QueryExtensions EXTENSION ::= {...}
+
+  CertReferences ::= CHOICE {
+      pkcRefs       [0] SEQUENCE SIZE (1..MAX) OF PKCReference,
+      acRefs        [1] SEQUENCE SIZE (1..MAX) OF ACReference
+  }
+
+  CertReference::= CHOICE {
+      pkc               PKCReference,
+      ac                ACReference
+  }
+
+  PKCReference ::= CHOICE {
+      cert          [0] Certificate,
+      pkcRef        [1] SCVPCertID
+  }
+
+  ACReference ::= CHOICE {
+      attrCert      [2] AttributeCertificate,
+      acRef         [3] SCVPCertID
+  }
+
+  HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM,
+                        {mda-sha1, ...}}
+
+  SCVPCertID ::= SEQUENCE {
+     certHash        OCTET STRING,
+     issuerSerial    SCVPIssuerSerial,
+     hashAlgorithm   HashAlgorithm
+                         DEFAULT { algorithm mda-sha1.&id }
+  }
+
+  SCVPIssuerSerial ::= SEQUENCE {
+      issuer         GeneralNames,
+      serialNumber   CertificateSerialNumber
+  }
+
+  ValidationPolicy ::= SEQUENCE {
+      validationPolRef           ValidationPolRef,
+      validationAlg          [0] ValidationAlg OPTIONAL,
+      userPolicySet          [1] SEQUENCE SIZE (1..MAX) OF OBJECT
+                                IDENTIFIER OPTIONAL,
+      inhibitPolicyMapping   [2] BOOLEAN OPTIONAL,
+      requireExplicitPolicy  [3] BOOLEAN OPTIONAL,
+      inhibitAnyPolicy       [4] BOOLEAN OPTIONAL,
+      trustAnchors           [5] TrustAnchors OPTIONAL,
+      keyUsages              [6] SEQUENCE OF KeyUsage OPTIONAL,
+      extendedKeyUsages      [7] SEQUENCE OF KeyPurposeId OPTIONAL,
+      specifiedKeyUsages     [8] SEQUENCE OF KeyPurposeId OPTIONAL
+  }
+
+  CertChecks ::= SEQUENCE SIZE (1..MAX) OF
+      OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... )
+
+  WantBack ::= SEQUENCE SIZE (1..MAX) OF
+      WANT-BACK.&id ({AllWantBacks})
+
+  POLICY ::= ATTRIBUTE
+
+  ValidationPolRefSet POLICY ::= {
+      svp-defaultValPolicy, ...
+  }
+
+  ValidationPolRef ::= SEQUENCE {
+     valPolId             POLICY.&id,
+     valPolParams         POLICY.&Type OPTIONAL
+  }
+
+  ValidationAlgSet POLICY ::= {
+          svp-basicValAlg, ...
+  }
+
+  ValidationAlg ::= SEQUENCE {
+      valAlgId               POLICY.&id,
+      parameters             POLICY.&Type OPTIONAL
+  }
+
+  NameValidationAlgSet POLICY ::= {
+      svp-nameValAlg, ...
+  }
+
+  NameValidationAlgParams ::= SEQUENCE {
+      nameCompAlgId          OBJECT IDENTIFIER (NameCompAlgSet, ... ),
+      validationNames        GeneralNames
+  }
+
+  TrustAnchors ::= SEQUENCE SIZE (1..MAX) OF PKCReference
+  KeyAgreePublicKey ::= SEQUENCE {
+      algorithm           AlgorithmIdentifier{KEY-AGREE,
+                              {SupportedKeyAgreePublicKeys}},
+      publicKey           BIT STRING,
+      macAlgorithm        AlgorithmIdentifier{MAC-ALGORITHM,
+                              {SupportedMACAlgorithms}},
+      kDF                 AlgorithmIdentifier{KEY-DERIVATION,
+                              {SupportedKeyDerivationFunctions}}
+                              OPTIONAL
+  }
+
+  SupportedKeyAgreePublicKeys KEY-AGREE ::= {...}
+  SupportedMACAlgorithms MAC-ALGORITHM ::= {...}
+  SupportedKeyDerivationFunctions KEY-DERIVATION ::= {...}
+
+  ResponseFlags ::= SEQUENCE {
+      fullRequestInResponse      [0] BOOLEAN DEFAULT FALSE,
+      responseValidationPolByRef [1] BOOLEAN DEFAULT TRUE,
+      protectResponse            [2] BOOLEAN DEFAULT TRUE,
+      cachedResponse             [3] BOOLEAN DEFAULT TRUE
+  }
+
+  CertBundle ::= SEQUENCE SIZE (1..MAX) OF Certificate
+
+  RevocationInfos ::= SEQUENCE SIZE (1..MAX) OF RevocationInfo
+
+  RevocationInfo ::= CHOICE {
+      crl                    [0] CertificateList,
+      delta-crl              [1] CertificateList,
+      ocsp                   [2] OCSPResponse,
+      other                  [3] OtherRevInfo
+  }
+
+  REV-INFO ::= TYPE-IDENTIFIER
+
+  OtherRevInfo ::= SEQUENCE {
+      riType                     REV-INFO.&id,
+      riValue                    REV-INFO.&Type
+  }
+
+  -- SCVP Certificate Validation Response
+
+  ct-scvp-certValResponse CONTENT-TYPE ::=
+      { CVResponse IDENTIFIED BY id-ct-scvp-certValResponse }
+
+  id-ct-scvp-certValResponse OBJECT IDENTIFIER ::= { id-ct 11 }
+
+  CVResponse ::= SEQUENCE {
+      cvResponseVersion          INTEGER,
+      serverConfigurationID      INTEGER,
+      producedAt                 GeneralizedTime,
+      responseStatus             ResponseStatus,
+      respValidationPolicy   [0] RespValidationPolicy OPTIONAL,
+      requestRef             [1] RequestReference OPTIONAL,
+      requestorRef           [2] GeneralNames OPTIONAL,
+      requestorName          [3] GeneralNames OPTIONAL,
+      replyObjects           [4] ReplyObjects OPTIONAL,
+      respNonce              [5] OCTET STRING OPTIONAL,
+      serverContextInfo      [6] OCTET STRING OPTIONAL,
+      cvResponseExtensions   [7] Extensions{{CVResponseExtensions}}
+                                     OPTIONAL,
+      requestorText          [8] UTF8String (SIZE (1..256)) OPTIONAL
+  }
+
+  --  This document defines no extensions
+  CVResponseExtensions EXTENSION ::= {...}
+
+  ResponseStatus ::= SEQUENCE {
+     statusCode               CVStatusCode DEFAULT  okay,
+     errorMessage             UTF8String OPTIONAL
+  }
+
+  CVStatusCode ::= ENUMERATED {
+     okay                               (0),
+     skipUnrecognizedItems              (1),
+     tooBusy                           (10),
+     invalidRequest                    (11),
+     internalError                     (12),
+     badStructure                      (20),
+     unsupportedVersion                (21),
+     abortUnrecognizedItems            (22),
+     unrecognizedSigKey                (23),
+     badSignatureOrMAC                 (24),
+     unableToDecode                    (25),
+     notAuthorized                     (26),
+     unsupportedChecks                 (27),
+     unsupportedWantBacks              (28),
+     unsupportedSignatureOrMAC         (29),
+     invalidSignatureOrMAC             (30),
+     protectedResponseUnsupported      (31),
+     unrecognizedResponderName         (32),
+     relayingLoop                      (40),
+     unrecognizedValPol                (50),
+     unrecognizedValAlg                (51),
+     fullRequestInResponseUnsupported  (52),
+     fullPolResponseUnsupported        (53),
+     inhibitPolicyMappingUnsupported   (54),
+     requireExplicitPolicyUnsupported  (55),
+     inhibitAnyPolicyUnsupported       (56),
+     validationTimeUnsupported         (57),
+     unrecognizedCritQueryExt          (63),
+     unrecognizedCritRequestExt        (64),
+     ...
+  }
+
+  RespValidationPolicy ::= ValidationPolicy
+
+  RequestReference ::= CHOICE {
+      requestHash   [0] HashValue, -- hash of CVRequest
+      fullRequest   [1] CVRequest }
+
+  HashValue ::= SEQUENCE {
+      algorithm         HashAlgorithm
+                            DEFAULT { algorithm mda-sha1.&id },
+      value             OCTET STRING }
+
+  ReplyObjects ::= SEQUENCE SIZE (1..MAX) OF CertReply
+
+  CertReply ::= SEQUENCE {
+      cert                       CertReference,
+      replyStatus                ReplyStatus DEFAULT success,
+      replyValTime               GeneralizedTime,
+      replyChecks                ReplyChecks,
+      replyWantBacks             ReplyWantBacks,
+      validationErrors       [0] SEQUENCE SIZE (1..MAX) OF
+          OBJECT IDENTIFIER ( BasicValidationErrorSet |
+                              NameValidationErrorSet,
+                              ... ) OPTIONAL,
+      nextUpdate             [1] GeneralizedTime OPTIONAL,
+      certReplyExtensions    [2] Extensions{{...}} OPTIONAL
+  }
+
+  ReplyStatus ::= ENUMERATED {
+      success                    (0),
+      malformedPKC               (1),
+      malformedAC                (2),
+      unavailableValidationTime  (3),
+      referenceCertHashFail      (4),
+      certPathConstructFail      (5),
+      certPathNotValid           (6),
+      certPathNotValidNow        (7),
+      wantBackUnsatisfied        (8)
+  }
+  ReplyChecks ::= SEQUENCE OF ReplyCheck
+
+  ReplyCheck ::= SEQUENCE {
+      check    OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... ),
+      status   INTEGER DEFAULT 0
+  }
+
+  ReplyWantBacks ::= SEQUENCE OF ReplyWantBack
+
+  ReplyWantBack::= SEQUENCE {
+      wb     WANT-BACK.&id({AllWantBacks}),
+      value  OCTET STRING
+                 (CONTAINING WANT-BACK.&Type({AllWantBacks}{@wb}))
+  }
+
+  WANT-BACK ::= TYPE-IDENTIFIER
+
+  AllWantBacks WANT-BACK ::= {
+      WantBackSet | ACertWantBackSet | AnyWantBackSet, ...
+  }
+
+  CertBundles ::= SEQUENCE SIZE (1..MAX) OF CertBundle
+
+  RevInfoWantBack ::= SEQUENCE {
+      revocationInfo             RevocationInfos,
+      extraCerts                 CertBundle OPTIONAL
+  }
+
+  SCVPResponses ::= SEQUENCE OF ContentInfo
+
+  -- SCVP Validation Policies Request
+
+  ct-scvp-valPolRequest CONTENT-TYPE ::=
+      { ValPolRequest IDENTIFIED BY id-ct-scvp-valPolRequest }
+
+  id-ct-scvp-valPolRequest OBJECT IDENTIFIER ::= { id-ct 12 }
+
+  ValPolRequest ::= SEQUENCE {
+      vpRequestVersion           INTEGER DEFAULT 1,
+      requestNonce               OCTET STRING
+  }
+
+  -- SCVP Validation Policies Response
+
+  ct-scvp-valPolResponse CONTENT-TYPE ::=
+      { ValPolResponse IDENTIFIED BY id-ct-scvp-valPolResponse }
+
+  id-ct-scvp-valPolResponse OBJECT IDENTIFIER ::= { id-ct 13 }
+  ValPolResponse ::= SEQUENCE {
+      vpResponseVersion       INTEGER,
+      maxCVRequestVersion     INTEGER,
+      maxVPRequestVersion     INTEGER,
+      serverConfigurationID   INTEGER,
+      thisUpdate              GeneralizedTime,
+      nextUpdate              GeneralizedTime OPTIONAL,
+      supportedChecks         CertChecks,
+      supportedWantBacks      WantBack,
+      validationPolicies      SEQUENCE OF OBJECT IDENTIFIER,
+      validationAlgs          SEQUENCE OF OBJECT IDENTIFIER,
+      authPolicies            SEQUENCE OF AuthPolicy,
+      responseTypes           ResponseTypes,
+      defaultPolicyValues     RespValidationPolicy,
+      revocationInfoTypes     RevocationInfoTypes,
+      signatureGeneration     SEQUENCE OF AlgorithmIdentifier
+                                  {SIGNATURE-ALGORITHM,
+                                      {SignatureAlgorithms}},
+      signatureVerification   SEQUENCE OF AlgorithmIdentifier
+                                  {SIGNATURE-ALGORITHM,
+                                      {SignatureAlgorithms}},
+      hashAlgorithms          SEQUENCE SIZE (1..MAX) OF
+                                 OBJECT IDENTIFIER,
+      serverPublicKeys        SEQUENCE OF KeyAgreePublicKey
+                                 OPTIONAL,
+      clockSkew               INTEGER DEFAULT 10,
+      requestNonce            OCTET STRING OPTIONAL
+  }
+
+  ResponseTypes  ::= ENUMERATED {
+      cached-only                (0),
+      non-cached-only            (1),
+      cached-and-non-cached      (2)
+  }
+
+  RevocationInfoTypes ::= BIT STRING {
+      fullCRLs                   (0),
+      deltaCRLs                  (1),
+      indirectCRLs               (2),
+      oCSPResponses              (3)
+  }
+
+  AuthPolicy ::= OBJECT IDENTIFIER
+
+  -- SCVP Check Identifiers
+
+  id-stc OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 17 }
+
+  CertCheckSet OBJECT IDENTIFIER ::= {
+      id-stc-build-pkc-path | id-stc-build-valid-pkc-path |
+      id-stc-build-status-checked-pkc-path, ... }
+
+  id-stc-build-pkc-path        OBJECT IDENTIFIER ::= { id-stc 1 }
+  id-stc-build-valid-pkc-path  OBJECT IDENTIFIER ::= { id-stc 2 }
+  id-stc-build-status-checked-pkc-path
+                              OBJECT IDENTIFIER ::= { id-stc 3 }
+
+  ACertCheckSet OBJECT IDENTIFIER ::= {
+      id-stc-build-aa-path | id-stc-build-valid-aa-path |
+      id-stc-build-status-checked-aa-path |
+      id-stc-status-check-ac-and-build-status-checked-aa-path
+  }
+
+  id-stc-build-aa-path         OBJECT IDENTIFIER ::= { id-stc 4 }
+  id-stc-build-valid-aa-path   OBJECT IDENTIFIER ::= { id-stc 5 }
+  id-stc-build-status-checked-aa-path
+                              OBJECT IDENTIFIER ::= { id-stc 6 }
+  id-stc-status-check-ac-and-build-status-checked-aa-path
+                              OBJECT IDENTIFIER ::= { id-stc 7 }
+
+  -- SCVP WantBack Identifiers
+
+  id-swb OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 18 }
+
+  WantBackSet WANT-BACK ::= {
+      swb-pkc-cert | swb-pkc-best-cert-path |
+      swb-pkc-revocation-info | swb-pkc-public-key-info |
+      swb-pkc-all-cert-paths | swb-pkc-ee-revocation-info |
+      swb-pkc-CAs-revocation-info
+  }
+
+  ACertWantBackSet WANT-BACK ::= {
+      swb-ac-cert | swb-aa-cert-path |
+      swb-aa-revocation-info | swb-ac-revocation-info
+  }
+
+  AnyWantBackSet WANT-BACK ::= { swb-relayed-responses }
+
+  swb-pkc-best-cert-path WANT-BACK ::=
+      { CertBundle IDENTIFIED BY id-swb-pkc-best-cert-path }
+  id-swb-pkc-best-cert-path       OBJECT IDENTIFIER ::= { id-swb 1 }
+  swb-pkc-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-revocation-info }
+  id-swb-pkc-revocation-info      OBJECT IDENTIFIER ::= { id-swb 2 }
+
+  swb-pkc-public-key-info WANT-BACK ::=
+      { SubjectPublicKeyInfo IDENTIFIED BY id-swb-pkc-public-key-info }
+  id-swb-pkc-public-key-info      OBJECT IDENTIFIER ::= { id-swb 4 }
+
+  swb-aa-cert-path WANT-BACK ::=
+      {CertBundle IDENTIFIED BY id-swb-aa-cert-path }
+  id-swb-aa-cert-path             OBJECT IDENTIFIER ::= { id-swb 5 }
+
+  swb-aa-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-aa-revocation-info }
+  id-swb-aa-revocation-info       OBJECT IDENTIFIER ::= { id-swb 6 }
+
+  swb-ac-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-ac-revocation-info }
+  id-swb-ac-revocation-info       OBJECT IDENTIFIER ::= { id-swb 7 }
+
+  swb-relayed-responses WANT-BACK ::=
+      {SCVPResponses IDENTIFIED BY id-swb-relayed-responses }
+
+  id-swb-relayed-responses        OBJECT IDENTIFIER ::= { id-swb 9 }
+
+  swb-pkc-all-cert-paths WANT-BACK ::=
+      {CertBundles IDENTIFIED BY id-swb-pkc-all-cert-paths }
+  id-swb-pkc-all-cert-paths       OBJECT IDENTIFIER ::= { id-swb 12}
+
+  swb-pkc-ee-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-ee-revocation-info }
+  id-swb-pkc-ee-revocation-info   OBJECT IDENTIFIER ::= { id-swb 13}
+
+  swb-pkc-CAs-revocation-info WANT-BACK ::=
+      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-CAs-revocation-info }
+  id-swb-pkc-CAs-revocation-info  OBJECT IDENTIFIER ::= { id-swb 14}
+
+  swb-pkc-cert WANT-BACK ::=
+      { Certificate IDENTIFIED BY id-swb-pkc-cert }
+  id-swb-pkc-cert OBJECT IDENTIFIER ::= { id-swb 10}
+
+  swb-ac-cert WANT-BACK ::=
+      { AttributeCertificate IDENTIFIED BY id-swb-ac-cert }
+  id-swb-ac-cert OBJECT IDENTIFIER ::= { id-swb 11}
+
+  -- SCVP Validation Policy and Algorithm Identifiers
+
+  id-svp OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 19 }
+
+  svp-defaultValPolicy POLICY ::=
+      { IDENTIFIED BY id-svp-defaultValPolicy }
+
+  id-svp-defaultValPolicy OBJECT IDENTIFIER ::= { id-svp 1 }
+
+  -- SCVP Basic Validation Algorithm Identifier
+
+  svp-basicValAlg POLICY ::= {IDENTIFIED BY id-svp-basicValAlg }
+
+  id-svp-basicValAlg OBJECT IDENTIFIER ::= { id-svp 3 }
+
+  -- SCVP Basic Validation Algorithm Errors
+
+  id-bvae OBJECT IDENTIFIER ::= id-svp-basicValAlg
+
+  BasicValidationErrorSet OBJECT IDENTIFIER ::= {
+      id-bvae-expired | id-bvae-not-yet-valid |
+      id-bvae-wrongTrustAnchor | id-bvae-noValidCertPath |
+      id-bvae-revoked | id-bvae-invalidKeyPurpose |
+      id-bvae-invalidKeyUsage | id-bvae-invalidCertPolicy
+  }
+
+  id-bvae-expired              OBJECT IDENTIFIER ::= { id-bvae 1 }
+  id-bvae-not-yet-valid        OBJECT IDENTIFIER ::= { id-bvae 2 }
+  id-bvae-wrongTrustAnchor     OBJECT IDENTIFIER ::= { id-bvae 3 }
+  id-bvae-noValidCertPath      OBJECT IDENTIFIER ::= { id-bvae 4 }
+  id-bvae-revoked              OBJECT IDENTIFIER ::= { id-bvae 5 }
+  id-bvae-invalidKeyPurpose    OBJECT IDENTIFIER ::= { id-bvae 9 }
+  id-bvae-invalidKeyUsage      OBJECT IDENTIFIER ::= { id-bvae 10 }
+  id-bvae-invalidCertPolicy    OBJECT IDENTIFIER ::= { id-bvae 11 }
+
+  -- SCVP Name Validation Algorithm Identifier
+
+  svp-nameValAlg POLICY ::=
+      {TYPE NameValidationAlgParams IDENTIFIED BY id-svp-nameValAlg }
+
+  id-svp-nameValAlg OBJECT IDENTIFIER ::= { id-svp 2 }
+
+  -- SCVP Name Validation Algorithm DN comparison algorithm
+
+  NameCompAlgSet OBJECT IDENTIFIER ::= {
+      id-nva-dnCompAlg
+  }
+
+  id-nva-dnCompAlg   OBJECT IDENTIFIER ::= { id-svp 4 }
+  -- SCVP Name Validation Algorithm Errors
+
+  id-nvae OBJECT IDENTIFIER ::= id-svp-nameValAlg
+
+  NameValidationErrorSet OBJECT IDENTIFIER ::= {
+      id-nvae-name-mismatch | id-nvae-no-name | id-nvae-unknown-alg |
+      id-nvae-bad-name | id-nvae-bad-name-type | id-nvae-mixed-names
+  }
+
+  id-nvae-name-mismatch   OBJECT IDENTIFIER ::= { id-nvae 1 }
+  id-nvae-no-name         OBJECT IDENTIFIER ::= { id-nvae 2 }
+  id-nvae-unknown-alg     OBJECT IDENTIFIER ::= { id-nvae 3 }
+  id-nvae-bad-name        OBJECT IDENTIFIER ::= { id-nvae 4 }
+  id-nvae-bad-name-type   OBJECT IDENTIFIER ::= { id-nvae 5 }
+  id-nvae-mixed-names     OBJECT IDENTIFIER ::= { id-nvae 6 }
+
+  -- SCVP Extended Key Usage Key Purpose Identifiers
+
+  id-kp OBJECT IDENTIFIER ::=
+      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) 3 }
+
+  SvcpExtKeyUsageSet OBJECT IDENTIFIER ::= {
+      id-kp-scvpServer | id-kp-scvpClient
+  }
+
+  id-kp-scvpServer   OBJECT IDENTIFIER ::= { id-kp 15 }
+
+  id-kp-scvpClient   OBJECT IDENTIFIER ::= { id-kp 16 }
+
+  END
diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1
new file mode 100644
index 0000000000..2bd2aaa435
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1
@@ -0,0 +1,122 @@
+ SecureMimeMessageV3dot1-2009
+       {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+       smime(16) modules(0) id-mod-msg-v3dot1-02(39)}
+ DEFINITIONS IMPLICIT TAGS ::=
+ BEGIN
+ IMPORTS
+
+ SMIME-CAPS, SMIMECapabilities{}
+ FROM AlgorithmInformation-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-algorithmInformation-02(58)}
+
+ ATTRIBUTE
+ FROM PKIX-CommonTypes-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+ SubjectKeyIdentifier, IssuerAndSerialNumber, RecipientKeyIdentifier
+ FROM CryptographicMessageSyntax-2009
+     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) modules(0) id-mod-cms-2004-02(41)}
+
+ rc2-cbc, SMimeCaps
+ FROM CryptographicMessageSyntaxAlgorithms-2009
+     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) modules(0) id-mod-cmsalg-2001-02(37)}
+
+ SMimeCaps
+ FROM PKIXAlgs-2009
+     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0)
+     id-mod-pkix1-algorithms2008-02(56)}
+
+ SMimeCaps
+ FROM PKIX1-PSS-OAEP-Algorithms-2009
+      {iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-rsa-pkalgs-02(54)};
+
+ SMimeAttributeSet ATTRIBUTE ::=
+     { aa-smimeCapabilities | aa-encrypKeyPref, ... }
+
+ --  id-aa is the arc with all new authenticated and unauthenticated
+ --  attributes produced by the S/MIME Working Group
+
+ id-aa OBJECT IDENTIFIER ::=
+     { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) attributes(2)}
+
+ -- The S/MIME Capabilities attribute provides a method of broadcasting
+ -- the symmetric capabilities understood.  Algorithms SHOULD be ordered
+ -- by preference and grouped by type
+
+ aa-smimeCapabilities ATTRIBUTE ::=
+     { TYPE SMIMECapabilities{{SMimeCapsSet}} IDENTIFIED BY
+           smimeCapabilities }
+ smimeCapabilities OBJECT IDENTIFIER ::=
+     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     15 }
+
+ SMimeCapsSet SMIME-CAPS ::=
+     { cap-preferBinaryInside | cap-RC2CBC |
+     PKIXAlgs-2009.SMimeCaps |
+     CryptographicMessageSyntaxAlgorithms-2009.SMimeCaps |
+     PKIX1-PSS-OAEP-Algorithms-2009.SMimeCaps, ... }
+
+ -- Encryption Key Preference provides a method of broadcasting the
+ -- preferred encryption certificate.
+
+ aa-encrypKeyPref ATTRIBUTE ::=
+     { TYPE SMIMEEncryptionKeyPreference
+         IDENTIFIED BY id-aa-encrypKeyPref }
+
+ id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
+
+ SMIMEEncryptionKeyPreference ::= CHOICE {
+    issuerAndSerialNumber   [0] IssuerAndSerialNumber,
+    receipentKeyId          [1] RecipientKeyIdentifier,
+    subjectAltKeyIdentifier [2] SubjectKeyIdentifier
+ }
+
+ -- receipentKeyId is spelt incorrectly, but kept for historical
+ -- reasons.
+
+ id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
+
+ id-cap  OBJECT IDENTIFIER ::= { id-smime 11 }
+
+ -- The preferBinaryInside indicates an ability to receive messages
+ -- with binary encoding inside the CMS wrapper
+
+ cap-preferBinaryInside SMIME-CAPS ::=
+     { -- No value -- IDENTIFIED BY id-cap-preferBinaryInside }
+
+ id-cap-preferBinaryInside  OBJECT IDENTIFIER ::= { id-cap 1 }
+
+ --  The following list OIDs to be used with S/MIME V3
+
+ -- Signature Algorithms Not Found in [RFC3370]
+ --
+ -- md2WithRSAEncryption OBJECT IDENTIFIER ::=
+ --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+ --     2}
+ --
+ -- Other Signed Attributes
+ --
+ -- signingTime OBJECT IDENTIFIER ::=
+ --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+ --     5}
+ --    See [RFC5652] for a description of how to encode the attribute
+ --    value.
+
+ cap-RC2CBC SMIME-CAPS ::=
+     { TYPE SMIMECapabilitiesParametersForRC2CBC
+         IDENTIFIED BY rc2-cbc}
+
+ SMIMECapabilitiesParametersForRC2CBC ::= INTEGER (40 | 128, ...)
+ --    (RC2 Key Length (number of bits))
+
+ END
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1
index 07bba30690..07bba30690 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1
index 2917122e94..2917122e94 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1
index 02205bd64c..02205bd64c 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1
index 8f033eab6f..8f033eab6f 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1
index bfcd0b5dbc..bfcd0b5dbc 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1
index 9633995e3b..9633995e3b 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1
index ccc64a52f5..ccc64a52f5 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1
index c97c83a569..c97c83a569 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1
index d9601bb7d0..d9601bb7d0 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1
diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1
index 18e51cbc0d..18e51cbc0d 100644
--- a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1
diff --git a/lib/asn1/test/asn1_test_lib.erl b/lib/asn1/test/asn1_test_lib.erl
index da07cd1118..a5f46046ff 100644
--- a/lib/asn1/test/asn1_test_lib.erl
+++ b/lib/asn1/test/asn1_test_lib.erl
@@ -21,6 +21,7 @@
 
 -export([compile/3,compile_all/3,compile_erlang/3,
 	 hex_to_bin/1,
+	 match_value/2,
 	 parallel/0,
 	 roundtrip/3,roundtrip/4,roundtrip_enc/3,roundtrip_enc/4]).
 
@@ -106,6 +107,24 @@ compile_erlang(Mod, Config, Options) ->
 hex_to_bin(S) ->
     << <<(hex2num(C)):4>> || C <- S, C =/= $\s >>.
 
+%% match_value(Pattern, Value) -> ok.
+%%  Match Pattern against Value. If the Pattern contains in any
+%%  position, the corresponding position in the Value can be
+%%  anything. Generate an exception if the Pattern and Value don't
+%%  match.
+
+match_value('_', _) ->
+    ok;
+match_value([H1|T1], [H2|T2]) ->
+    match_value(H1, H2),
+    match_value(T1, T2);
+match_value(T1, T2) when tuple_size(T1) =:= tuple_size(T2) ->
+    match_value_tuple(1, T1, T2);
+match_value(Same, Same) ->
+    ok;
+match_value(V1, V2) ->
+    error({nomatch,V1,V2}).
+
 roundtrip(Mod, Type, Value) ->
     roundtrip(Mod, Type, Value, Value).
 
@@ -132,6 +151,12 @@ hex2num(C) when $0 =< C, C =< $9 -> C - $0;
 hex2num(C) when $A =< C, C =< $F -> C - $A + 10;
 hex2num(C) when $a =< C, C =< $f -> C - $a + 10.
 
+match_value_tuple(I, T1, T2) when I =< tuple_size(T1) ->
+    match_value(element(I, T1), element(I, T2)),
+    match_value_tuple(I+1, T1, T2);
+match_value_tuple(_, _, _) ->
+    ok.
+
 test_ber_indefinite(Mod, Type, Encoded, ExpectedValue) ->
     case Mod:encoding_rule() of
 	ber ->
diff --git a/lib/asn1/test/error_SUITE.erl b/lib/asn1/test/error_SUITE.erl
index 1edd60f7c8..a9893b91cc 100644
--- a/lib/asn1/test/error_SUITE.erl
+++ b/lib/asn1/test/error_SUITE.erl
@@ -19,9 +19,12 @@
 
 -module(error_SUITE).
 -export([suite/0,all/0,groups/0,
-	 already_defined/1,bitstrings/1,enumerated/1,
-	 imports/1,instance_of/1,integers/1,objects/1,
-	 parameterization/1,values/1]).
+	 already_defined/1,bitstrings/1,
+	 classes/1,constraints/1,constructed/1,enumerated/1,
+	 imports_exports/1,instance_of/1,integers/1,objects/1,
+	 object_field_extraction/1,oids/1,rel_oids/1,
+	 object_sets/1,parameterization/1,
+	 syntax/1,table_constraints/1,tags/1,values/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -34,12 +37,22 @@ groups() ->
     [{p,parallel(),
       [already_defined,
        bitstrings,
+       classes,
+       constraints,
+       constructed,
        enumerated,
-       imports,
+       imports_exports,
        instance_of,
        integers,
        objects,
+       object_field_extraction,
+       object_sets,
+       oids,
+       rel_oids,
        parameterization,
+       syntax,
+       table_constraints,
+       tags,
        values]}].
 
 parallel() ->
@@ -94,6 +107,46 @@ bitstrings(Config) ->
      ]} = run(P, Config),
     ok.
 
+classes(Config) ->
+    M = 'Classes',
+    P = {M,
+	 <<"Classes DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "  LowerCase ::= CLASS { &id INTEGER UNIQUE }\n"
+	   "  CL ::= CLASS { &id INTEGER UNIQUE DEFAULT 42}\n"
+	   "END\n">>},
+    {error,
+     [{structured_error,{M,2},asn1ct_check,
+       {illegal_class_name,'LowerCase'}},
+      {structured_error,{M,3},asn1ct_check,
+       {unique_and_default,id}}
+     ]} = run(P, Config),
+    ok.
+
+constraints(Config) ->
+    M = 'Constraints',
+    P = {M,
+	 <<"Constraints DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "  II-1 ::= INTEGER (holder-1.&obj)\n"
+	   "  II-2 ::= INTEGER ('1234'H<..20)\n"
+	   "  II-3 ::= INTEGER (1..<\"abc\")\n"
+	   "  II-4 ::= INTEGER (10..1)\n"
+
+	   "  HOLDER ::= CLASS {\n"
+	   "    &obj HOLDER OPTIONAL\n"
+	   "  }\n"
+
+	   "  holder-1 HOLDER ::= { &obj holder-2 }\n"
+	   "  holder-2 HOLDER ::= { }\n"
+	   "END\n">>},
+    {error,
+     [
+      {structured_error,{M,2},asn1ct_check,illegal_value},
+      {structured_error,{M,3},asn1ct_check,illegal_integer_value},
+      {structured_error,{M,4},asn1ct_check,illegal_integer_value},
+      {structured_error,{M,5},asn1ct_check,reversed_range}
+     ]} = run(P, Config),
+    ok.
+
 enumerated(Config) ->
     M = 'Enumerated',
     P = {M,
@@ -111,38 +164,77 @@ enumerated(Config) ->
 	   "  S2 ::= SEQUENCE {\n"
 	   "    e2 EnumExt DEFAULT xyz\n"
 	   "  }\n"
+
+	   "  BadEnum1 ::= ENUMERATED {a, b, c, b }\n"
+	   "  BadEnum2 ::= ENUMERATED {a(1), b(2), b(3) }\n"
+	   "  BadEnum3 ::= ENUMERATED {a(1), b(1) }\n"
+	   "  BadEnum4 ::= ENUMERATED {a, b, ..., c(0) }\n"
+	   "  BadEnum5 ::= ENUMERATED {a, b, ..., c(10), d(5) }\n"
 	   "END\n">>},
     {error,
      [
-      {structured_error,{'Enumerated',3},asn1ct_check,{undefined,d}},
-      {structured_error,{'Enumerated',5},asn1ct_check,{undefined,z}},
-      {structured_error,{'Enumerated',10},asn1ct_check,{undefined,aa}},
-      {structured_error,{'Enumerated',13},asn1ct_check,{undefined,xyz}}
+      {structured_error,{M,3},asn1ct_check,{undefined,d}},
+      {structured_error,{M,5},asn1ct_check,{undefined,z}},
+      {structured_error,{M,6},asn1ct_check,{undefined,aa}},
+      {structured_error,{M,12},asn1ct_check,{undefined,xyz}},
+      {structured_error,{M,15},asn1ct_check,
+       {enum_illegal_redefinition,b}},
+      {structured_error,{M,16},asn1ct_check,
+       {enum_illegal_redefinition,b}},
+      {structured_error,{M,17},asn1ct_check,
+       {enum_reused_value,b,1}},
+      {structured_error,{M,18},asn1ct_check,
+       {enum_reused_value,c,0}},
+      {structured_error,{M,19},asn1ct_check,
+       {enum_not_ascending,d,5,10}}
      ]
     } = run(P, Config),
     ok.
 
-imports(Config) ->
+imports_exports(Config) ->
     Ext = 'ExternalModule',
     ExtP = {Ext,
 	    <<"ExternalModule DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	      "IMPORTS\n"
+	      " Int, NonExistingImport FROM ImportsFrom;\n"
+
+	      " Existing ::= INTEGER\n"
 	      "END\n">>},
-    ok = run(ExtP, Config),
+    {error,
+     [{structured_error,
+       {Ext,3},
+       asn1ct_check,
+       {undefined_import,'NonExistingImport',
+	'ImportsFrom'}}]} = run(ExtP, Config),
 
     M = 'Imports',
     P = {M,
 	 <<"Imports DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
-	   "IMPORTS NotDefined FROM ExternalModule\n"
-	   "X FROM UndefinedModule objid\n"
-	   "Y, Z FROM UndefinedModule2;\n"
+	   "EXPORTS\n"
+	   " T, UndefinedType;\n"
+
+	   "IMPORTS\n"
+	   " NotDefined, Existing, Int, NonExistingImport\n"
+	   "   FROM ExternalModule\n"
+	   " X FROM UndefinedModule objid\n"
+	   " Y, Z FROM UndefinedModule2;\n"
+
 	   "objid OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) remote-operations(4)\n"
 	   "    notation(0)}\n"
+	   "T ::= INTEGER\n"
 	   "END\n">>},
-    {error,[{structured_error,{M,2},asn1ct_check,
-	     {undefined_import,'NotDefined','ExternalModule'}},
-	    {structured_error,{M,3},asn1ct_check,{undefined_import,'X','UndefinedModule'}},
-	    {structured_error,{M,4},asn1ct_check,{undefined_import,'Y','UndefinedModule2'}},
-	    {structured_error,{M,4},asn1ct_check,{undefined_import,'Z','UndefinedModule2'}}
+    {error,[{structured_error,{M,3},asn1ct_check,
+	     {undefined_export, 'UndefinedType'}},
+	    {structured_error,{M,5},asn1ct_check,
+	     {undefined_import,'NonExistingImport',Ext}},
+	    {structured_error,{M,5},asn1ct_check,
+	     {undefined_import,'NotDefined',Ext}},
+	    {structured_error,{M,7},asn1ct_check,
+	     {undefined_import,'X','UndefinedModule'}},
+	    {structured_error,{M,8},asn1ct_check,
+	     {undefined_import,'Y','UndefinedModule2'}},
+	    {structured_error,{M,8},asn1ct_check,
+	     {undefined_import,'Z','UndefinedModule2'}}
 	   ]} = run(P, Config),
     ok.
 
@@ -170,11 +262,14 @@ integers(Config) ->
 	   "  Int1 ::= INTEGER {a(1), a(1)}\n"
 	   "  Int2 ::= INTEGER {a(1), b(2), a(3)}\n"
 	   "  Int3 ::= INTEGER {x(1), y(1)}\n"
+	   "  i0 INTEGER ::= 1\n"
+	   "  Int4 ::= INTEGER {x(i0), y(undef) }\n"
 	   "END\n">>},
     {error,
      [{structured_error,{M,2},asn1ct_check,{namelist_redefinition,a}},
       {structured_error,{M,3},asn1ct_check,{namelist_redefinition,a}},
-      {structured_error,{M,4},asn1ct_check,{value_reused,1}}
+      {structured_error,{M,4},asn1ct_check,{value_reused,1}},
+      {structured_error,{M,6},asn1ct_check,{undefined,undef}}
      ]} = run(P, Config),
     ok.
 
@@ -188,6 +283,11 @@ objects(Config) ->
 	   "  obj3 CL ::= { &Data OCTET STRING }\n"
 	   "  obj4 SMALL ::= { &code 42 }\n"
 	   "  InvalidSet CL ::= { obj1 }\n"
+	   "  obj5 CL ::= {}\n"
+	   "  ErrSet ::= PT{ {PT{inst}}}\n"
+	   "  obj6 CL ::= 7\n"
+	   "  obj7 CL ::= int\n"
+	   "  obj8 NON-CLASS ::= { &id 1 }\n"
 
 	   "  CL ::= CLASS {\n"
 	   "    &code INTEGER UNIQUE,\n"
@@ -203,6 +303,12 @@ objects(Config) ->
 	   "    &code INTEGER UNIQUE,\n"
            "    &i INTEGER\n"
            "  }\n"
+
+	   "  PT{SMALL:Small} ::= SEQUENCE { a SMALL.&code ({Small}) }\n"
+	   "  inst SMALL ::= {&code 42, &i 4711}\n"
+
+	   "  int INTEGER ::= 42\n"
+	   "  NON-CLASS ::= SEQUENCE { a BOOLEAN }\n"
 	   "END\n">>},
     {error,
      [
@@ -216,24 +322,490 @@ objects(Config) ->
       {structured_error,{M,5},asn1ct_check,
        {missing_mandatory_fields,[i],obj4}},
       {structured_error,{M,6},asn1ct_check,
-       {invalid_fields,[wrong],'InvalidSet'}}
+       {invalid_fields,[wrong],'InvalidSet'}},
+      {structured_error,{M,7},asn1ct_check,
+       {missing_mandatory_fields,
+	['Data','Set','VarTypeValue',code,enum,object,
+	 vartypevalue],obj5}},
+      {structured_error,{M,8},asn1ct_check,invalid_objectset},
+      {structured_error,{M,9},asn1ct_check,illegal_object},
+      {structured_error,{M,10},asn1ct_check,illegal_object},
+      {structured_error,{M,11},asn1ct_check,illegal_object}
+     ]
+    } = run(P, Config),
+    ok.
+
+object_field_extraction(Config) ->
+    M = 'ObjectFieldExtraction',
+    P = {M,
+	 <<"ObjectFieldExtraction DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+
+	   "  DataObjSet DATA-CLASS ::= {\n"
+	   "    holder-object-1.&int,\n"
+	   "    ...\n"
+	   "  }\n"
+
+	   "  DataObjSetNoExt DATA-CLASS ::= {\n"
+	   "    holder-object-1.&int\n"
+	   "  }\n"
+
+	   "  holder-object-1 HOLDER-CLASS ::= {\n"
+	   "    &int 42\n"
+	   "  }\n"
+
+	   "  HOLDER-CLASS ::= CLASS {\n"
+           "    &int INTEGER\n"
+           "  }\n"
+
+	   "  DATA-CLASS ::= CLASS {\n"
+           "    &id INTEGER\n"
+           "  }\n"
+
+	   "END\n">>},
+    {error,
+     [
+      {structured_error,{M,2},asn1ct_check,illegal_object},
+      {structured_error,{M,6},asn1ct_check,illegal_object}
+     ]
+    } = run(P, Config),
+    ok.
+
+object_sets(Config) ->
+    M = 'ObjectSets',
+    P = {M, <<"ObjectSets DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	      "TEST-UNIQ ::= CLASS { &id INTEGER UNIQUE,  &test INTEGER }\n"
+	      "UniqSet TEST-UNIQ ::= { { &id 1, &test 1 } | {&id 1, &test 2} }\n"
+
+	      "DOUBLE-UNIQ ::= CLASS { &id1 INTEGER UNIQUE,"
+              "           &id INTEGER UNIQUE }\n"
+              "DoubleSet DOUBLE-UNIQ ::= { {&id1 1, &id2 2} }\n"
+	      "END\n">>},
+    {error,
+     [{structured_error,{M,3},asn1ct_check,{non_unique_object,1}},
+      {structured_error,{M,5},asn1ct_check,multiple_uniqs}
+     ]
+    } = run(P, Config),
+    ok.
+
+oids(Config) ->
+    M = 'OIDS',
+    P = {M,<<"OIDS DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	    "CONTAINER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE,\n"
+	    "                      &int INTEGER OPTIONAL,\n"
+	    "                      &seq SEQUENCE { a INTEGER } OPTIONAL\n"
+	    "}\n"
+
+	    "-- This is line 6.\n"
+	    "object-1 CONTAINER ::= { &id {1 2 3}, &int 42 }\n"
+	    "object-2 CONTAINER ::= { &id {1 999}, &int 0 }\n"
+	    "object-3 CONTAINER ::= { &id {1 2}, &seq { a 42 } }\n"
+	    "oid-1 OBJECT IDENTIFIER ::= object-1.&int\n"
+	    "oid-2 OBJECT IDENTIFIER ::= object-2.&id\n"
+	    "oid-3 OBJECT IDENTIFIER ::= object-3.&seq\n"
+	    "-- This is line 13.\n"
+
+	    "oid-5 OBJECT IDENTIFIER ::= { a 42, b 19 }\n"
+
+	    "oid-6 OBJECT IDENTIFIER ::= int\n"
+	    "int INTEGER ::= 42\n"
+
+	    "oid-7 OBJECT IDENTIFIER ::= seq\n"
+	    "seq SEQUENCE { x INTEGER } ::= { x 11 }\n"
+
+	    "oid-8 OBJECT IDENTIFIER ::= os\n"
+	    "os OCTET STRING ::= '1234'H\n"
+
+	    "oid-9 OBJECT IDENTIFIER ::= { 1 os }\n"
+
+	    "oid-10 OBJECT IDENTIFIER ::= { 1 invalid }\n"
+
+	    "-- This is line 23.\n"
+	    "oid-11 OBJECT IDENTIFIER ::= { 0 legal-oid }\n"
+	    "legal-oid OBJECT IDENTIFIER ::= {1 2 3}\n"
+
+	    "bad-root-1 OBJECT IDENTIFIER ::= {99}\n"
+	    "bad-root-2 OBJECT IDENTIFIER ::= {0 42}\n"
+
+	    "oid-object-ref-1 OBJECT IDENTIFIER ::= object-1\n"
+	    "oid-object-ref-2 OBJECT IDENTIFIER ::= { object-1 19 } \n"
+
+	    "oid-int OBJECT IDENTIFIER ::= 42\n"
+	    "oid-sequence OBJECT IDENTIFIER ::= {a 42, b 35}\n"
+
+	     "END\n">>},
+    {error,
+     [
+      {structured_error,{M,8},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,10},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,11},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,12},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,14},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,15},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,17},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,19},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,21},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,22},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,24},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,26},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,27},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,28},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,29},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,30},asn1ct_check,{illegal_oid,o_id}},
+      {structured_error,{M,31},asn1ct_check,{illegal_oid,o_id}}
      ]
     } = run(P, Config),
     ok.
 
+rel_oids(Config) ->
+    M = 'REL-OIDS',
+    P = {M,<<"REL-OIDS DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	     "legal-oid OBJECT IDENTIFIER ::= {1 2}\n"
+	     "legal-roid RELATIVE-OID ::= {1 2}\n"
+	     "CONTAINER ::= CLASS { &oid OBJECT IDENTIFIER OPTIONAL,\n"
+	     "                      &int INTEGER OPTIONAL,\n"
+	     "                      &seq SEQUENCE { a INTEGER } OPTIONAL\n"
+	     "}\n"
+	     "object-1 CONTAINER ::= { &oid {1 2 3},\n"
+	     "                         &int 42,\n",
+	     "                         &seq {a 42}\n"
+	     "                       }\n"
+
+	     "wrong-type-rel-oid-1 RELATIVE-OID ::= legal-oid\n"
+	     "wrong-type-rel-oid-2 RELATIVE-OID ::= object-1.&oid\n"
+	     "wrong-type-rel-oid-3 RELATIVE-OID ::= object-1.&int\n"
+	     "wrong-type-rel-oid-4 RELATIVE-OID ::= object-1.&seq\n"
+	     "wrong-type-rel-oid-5 RELATIVE-OID ::= object-1.&undef\n"
+
+	     "oid-bad-first OBJECT IDENTIFIER ::= {legal-roid 3}\n"
+	     "END\n">>},
+    {error,
+     [
+      {structured_error,{M,12},asn1ct_check,{illegal_oid,rel_oid}},
+      {structured_error,{M,13},asn1ct_check,{illegal_oid,rel_oid}},
+      {structured_error,{M,14},asn1ct_check,{illegal_oid,rel_oid}},
+      {structured_error,{M,15},asn1ct_check,{illegal_oid,rel_oid}},
+      {structured_error,{M,16},asn1ct_check,{undefined_field,undef}},
+      {structured_error,{M,17},asn1ct_check,{illegal_oid,o_id}}
+     ]
+    } = run(P, Config),
+    ok.
+
+
 parameterization(Config) ->
     M = 'Parameterization',
     P = {M,
 	 <<"Parameterization DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
 	   "  NotUppercase{lowercase} ::= INTEGER (lowercase)\n"
+
+	   "  P{T1,T2} ::= SEQUENCE { a T1, b T2 }\n"
+	   "  S ::= P{OCTET STRING}\n"
+
+	   "  Seq ::= SEQUENCE { a INTEGER }\n"
+	   "  Sbad ::= Seq{INTEGER}\n"
+
+	   "END\n">>},
+    {error,
+     [{structured_error,{M,2},asn1ct_check,
+       {illegal_typereference,lowercase}},
+      {structured_error,{M,4},asn1ct_check,
+       param_wrong_number_of_arguments},
+      {structured_error,{M,6},asn1ct_check,
+       {param_bad_type, 'Seq'}}
+     ]
+    } = run(P, Config),
+    ok.
+
+
+constructed(Config) ->
+    M = 'Const',
+    P = {M,
+	 <<"Const DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "  Seq1 ::= SEQUENCE {a INTEGER, b BIT STRING, a BOOLEAN}\n"
+	   "  Ch   ::= CHOICE {a INTEGER, b BIT STRING, a BOOLEAN}\n"
+	   "  Seq2 ::= SEQUENCE {COMPONENTS OF Ch}\n"
+	   "  CL   ::= CLASS { &id INTEGER UNIQUE, &Type }\n"
+	   "  Seq3 ::= SEQUENCE { id CL.&id, d CL.&foo }\n"
+
+	   "  Seq4 ::= SEQUENCE { a INTEGER, z INTEGER OPTIONAL, b Set1 }\n"
+	   "  Set1 ::= SET { c BOOLEAN, d INTEGER }\n"
+	   "  s1 Seq4 ::= {a 42, b {c TRUE, zz 4711}}\n"
+	   "  s2 Seq4 ::= {a 42, b {c TRUE, d FALSE}}\n"
+	   "  s3 Seq4 ::= {a 42, b {c TRUE}}\n"
+	   "  s4 Seq4 ::= {a 42, b {c TRUE, d 4711}, zz 4712}\n"
+	   "  s5 Seq4 ::= {a 42}\n"
+	   "  s6 Seq4 ::= {a 42, zz 4712, b {c TRUE, d 4711}}\n"
 	   "END\n">>},
     {error,
-     [{structured_error,{'Parameterization',2},asn1ct_check,
-       {illegal_typereference,lowercase}}
-      ]
-     } = run(P, Config),
+     [{structured_error,{M,2},asn1ct_check,{duplicate_identifier,a}},
+      {structured_error,{M,3},asn1ct_check,{duplicate_identifier,a}},
+      {structured_error,{M,4},asn1ct_check,{illegal_COMPONENTS_OF,'Ch'}},
+      {structured_error,{M,6},asn1ct_check,{illegal_object_field,foo}},
+
+      {structured_error,{M,9},asn1ct_check,{illegal_id,zz}},
+      {structured_error,{M,10},asn1ct_check,illegal_integer_value},
+      {structured_error,{M,11},asn1ct_check,{missing_id,d}},
+      {structured_error,{M,12},asn1ct_check,{illegal_id,zz}},
+      {structured_error,{M,13},asn1ct_check,{missing_id,b}},
+      {structured_error,{M,14},asn1ct_check,{illegal_id,zz}}
+     ]
+    } = run(P, Config),
+    ok.
+
+syntax(Config) ->
+    M = 'Syntax',
+    P = {M,
+	 <<"Syntax DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "  obj1  CL ::= { WRONG }\n"
+	   "  obj2  CL ::= { CODE 42 AGAIN WRONG }\n"
+	   "  obj3  CL ::= { INTEGER }\n"
+	   "  obj4  CL ::= { BIT STRING }\n"
+	   "  obj5  CL ::= { , }\n"
+	   "  obj6  CL ::= { CODE , }\n"
+	   "  obj7  CL ::= { CODE \"abc\" }\n"
+	   "  obj8  CL ::= { CODE }\n"
+	   "  obj9  CL ::= { CODE 42 ENUM}\n"
+	   "  obj10 CL ::= { CODE 42 ENUM BIT STRING}\n"
+
+	   "  obj11 CL ::= { CODE 42 TYPE 13}\n"
+	   "  obj12 CL ::= { CODE 42 TYPE d}\n"
+	   "  obj13 CL ::= { CODE 42 TYPE bs-value}\n"
+
+	   "  bad-syntax-1 BAD-SYNTAX-1 ::= { BAD 42 }\n"
+
+	   "  obj14 CL ::= { CODE 42 OBJ-SET integer }\n"
+	   "  obj15 CL ::= { CODE 42 OBJ-SET { A B } }\n"
+	   "  obj16 CL ::= { CODE 42 OBJ-SET SEQUENCE { an INTEGER } }\n"
+
+	   "  obj17 CL ::= { CODE 42 OID {seqtag 42} }\n"
+	   "  obj18 CL ::= { CODE 42 OID {seqtag 42, seqtag-again 43} }\n"
+	   "  obj19 CL ::= { CODE 42 OID {one 1 two 2} }\n"
+
+	   "  BAD-SYNTAX-1 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE\n"
+	   "  } WITH SYNTAX {\n"
+	   "    BAD &bad\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-2 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE\n"
+	   "  } WITH SYNTAX {\n"
+	   "    BAD &Bad\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-3 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE\n"
+	   "  } WITH SYNTAX {\n"
+	   "    [ID &code]\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-4 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE\n"
+	   "  } WITH SYNTAX {\n"
+	   "    ID\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-5 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE,\n"
+	   "    &Type\n"
+	   "  } WITH SYNTAX {\n"
+	   "    ID\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-6 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE\n"
+	   "  } WITH SYNTAX {\n"
+	   "    ID &code, &code\n"
+	   "  }\n"
+
+	   "  BAD-SYNTAX-7 ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE,\n"
+	   "    &Type\n"
+	   "  } WITH SYNTAX {\n"
+	   "    ID &Type, &code, &code, &Type\n"
+	   "  }\n"
+
+	   "  CL ::= CLASS {\n"
+	   "    &code INTEGER UNIQUE,\n"
+	   "    &enum ENUMERATED { a, b, c} OPTIONAL,\n"
+	   "    &Type OPTIONAL,\n"
+	   "    &ObjSet CL OPTIONAL,\n"
+	   "    &oid OBJECT IDENTIFIER OPTIONAL\n"
+	   "  } WITH SYNTAX {\n"
+	   "    CODE &code [ENUM &enum] [TYPE &Type] [OBJ-SET &ObjSet]\n"
+           "    [OID &oid]\n"
+	   "  }\n"
+
+	   "  bs-value BIT STRING ::= '1011'B\n"
+
+	   "  integer INTEGER ::= 42\n"
+	   "END\n">>},
+    {error,
+     [
+      {structured_error,{M,2},asn1ct_check,
+       {syntax_nomatch,"WRONG"}},
+      {structured_error,{M,3},asn1ct_check,
+       {syntax_nomatch,"AGAIN"}},
+      {structured_error,{M,4},asn1ct_check,
+       {syntax_nomatch,"INTEGER"}},
+      {structured_error,{M,5},asn1ct_check,
+       {syntax_nomatch,"BIT STRING"}},
+      {structured_error,{M,6},asn1ct_check,
+       {syntax_nomatch,"\",\""}},
+      {structured_error,{M,7},asn1ct_check,
+       {syntax_nomatch,"\",\""}},
+      {structured_error,{M,8},asn1ct_check,
+       {syntax_nomatch,"\"abc\""}},
+      {structured_error,{M,9},asn1ct_check,
+       syntax_nomatch},
+      {structured_error,{M,10},asn1ct_check,
+       syntax_nomatch},
+      {structured_error,{M,11},asn1ct_check,
+       {syntax_nomatch,"BIT STRING"}},
+      {structured_error,{M,12},asn1ct_check,
+       {syntax_nomatch,"13"}},
+      {structured_error,{M,13},asn1ct_check,
+       {syntax_nomatch,"d"}},
+      {structured_error,{M,14},asn1ct_check,
+       {syntax_nomatch,"bs-value"}},
+      {structured_error,{M,15},asn1ct_check,
+       {syntax_undefined_field,bad}},
+      {structured_error,{M,16},asn1ct_check,
+       {syntax_nomatch,"integer"}},
+      {structured_error,{M,17},asn1ct_check,
+       {syntax_nomatch,"\"A B\""}},
+      {structured_error,{M,18},asn1ct_check,
+       {syntax_nomatch,"SEQUENCE"}},
+      {structured_error,{M,19},asn1ct_check,
+       {syntax_nomatch,"\"seqtag 42\""}},
+      {structured_error,{M,20},asn1ct_check,
+       {syntax_nomatch,"\"seqtag 42 seqtag-again 43\""}},
+      {structured_error,{M,21},asn1ct_check,
+       {syntax_nomatch,"\"one 1 two 2\""}},
+      {structured_error,{M,22},asn1ct_check,
+       {syntax_undefined_field,bad}},
+      {structured_error,{M,27},asn1ct_check,
+       {syntax_undefined_field,'Bad'}},
+      {structured_error,{M,32},asn1ct_check,
+       {syntax_mandatory_in_optional_group,code}},
+      {structured_error,{M,37},asn1ct_check,
+       {syntax_missing_mandatory_fields,[code]}},
+      {structured_error,{M,42},asn1ct_check,
+       {syntax_missing_mandatory_fields,['Type',code]}},
+      {structured_error,{M,48},asn1ct_check,
+       {syntax_duplicated_fields,[code]}},
+      {structured_error,{M,53},asn1ct_check,
+       {syntax_duplicated_fields,['Type',code]}}
+     ]
+    } = run(P, Config),
+    ok.
+
+table_constraints(Config) ->
+    M = 'TableConstraints',
+    P = {M,
+	 <<"TableConstraints DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "  Seq-1 ::= SEQUENCE {\n"
+	   "    contentType CONTENTS.&id,\n"
+	   "    content CONTENTS.&Type({Contents}{@contentType})\n"
+	   "  }\n"
+
+	   "  Seq-2 ::= SEQUENCE {\n"
+	   "    contentType INTEGER,\n"
+	   "    content CONTENTS.&Type({Contents}{@contentType})\n"
+	   "  }\n"
+
+	   "  Int ::= INTEGER ({1})\n"
+
+	   "  Seq-3 ::= SEQUENCE {\n"
+	   "    contentType CONTENTS.&id({1})\n"
+	   "  }\n"
+
+	   "Contents CONTENTS ::= {\n"
+	   "  {OCTET STRING IDENTIFIED BY {2 1 1}}\n"
+	   "}\n"
+
+	   "CONTENTS ::= TYPE-IDENTIFIER\n"
+	   "END\n">>},
+    {error,
+     [{structured_error,
+       {M,2},asn1ct_check,
+       {missing_table_constraint,contentType}},
+      {structured_error,
+       {M,6},asn1ct_check,
+       {missing_ocft,contentType}},
+      {structured_error,
+       {M,10},asn1ct_check,
+       illegal_table_constraint},
+      {structured_error,
+       {M,11},asn1ct_check,
+       invalid_table_constraint}
+     ]} = run(P, Config),
+    ok.
+
+tags(Config) ->
+    M = 'Tags',
+    P = {M,
+	 <<"Tags DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"
+	   "SeqOpt1 ::= SEQUENCE\n"
+	   "{\n"
+	   "bool1  BOOLEAN OPTIONAL,\n"
+	   "int1  INTEGER,\n"
+	   "seq1  SeqIn OPTIONAL\n"
+	   "}\n"
+
+	   "SeqOpt1Imp ::= SEQUENCE \n"
+	   "{\n"
+	   "bool1 [1] BOOLEAN OPTIONAL,\n"
+	   "int1  INTEGER,\n"
+	   "seq1  [2] SeqIn OPTIONAL,\n"
+	   "seq2  [2] SeqIn OPTIONAL,\n"
+	   "...,\n"
+	   "int2  [3] SeqIn,\n"
+	   "int3  [3] SeqIn\n"
+	   "}\n"
+
+	   "SeqIn ::= SEQUENCE \n"
+	   "{\n"
+	   "boolIn  BOOLEAN,\n"
+	   "intIn  INTEGER\n"
+	   "}\n"
+	   "\n"
+
+
+	   "Set1 ::= SET {\n"
+	   " os [0] OCTET STRING,\n"
+	   " bool [0] BOOLEAN\n"
+	   "}\n"
+
+	   "Seq1 ::= SEQUENCE {\n"
+	   "a [0] IMPLICIT Choice OPTIONAL\n"
+	   "}\n"
+	   "Seq2 ::= SEQUENCE {\n"
+	   "a [0] IMPLICIT ANY OPTIONAL\n"
+	   "}\n"
+	   "Choice ::=\n"
+	   "CHOICE {\n"
+	   "a [0] BOOLEAN,\n"
+	   "b [1] INTEGER\n"
+	   "}\n"
+
+	   "END\n">>},
+    {error,
+     [{structured_error,
+       {M,8},asn1ct_check,
+       {duplicate_tags,[seq1,seq2]}},
+      {structured_error,
+       {M,24},asn1ct_check,
+       {duplicate_tags,[bool,os]}},
+      {structured_error,
+       {M,28},asn1ct_check,
+       {implicit_tag_before,choice}},
+      {structured_error,
+       {M,31},asn1ct_check,
+       {implicit_tag_before,open_type}}
+     ]} = run(P, Config),
     ok.
 
+
 values(Config) ->
     M = 'Values',
     P = {M,
@@ -241,6 +813,53 @@ values(Config) ->
 	   "  os1 OCTET STRING ::= \"abc\"\n"
 	   "  os2 OCTET STRING ::= 42\n"
 	   "  os3 OCTET STRING ::= { 1, 3 }\n"
+	   "  os4 OCTET STRING ::= '1234'H\n"
+	   "  Seq ::= SEQUENCE {\n"
+	   "    an OCTET STRING\n"
+	   "  }\n"
+	   "  seq Seq ::= { an int }\n"
+	   "  os5 OCTET STRING ::= holder-1.&str\n"
+	   "  os6 OCTET STRING ::= int\n"
+
+	   "  int1 INTEGER ::= \"string\"\n"
+	   "  int2 INTEGER ::= os4\n"
+	   "  int3 INTEGER ::= not-defined\n"
+	   "  int4 INTEGER ::= holder-1.&str\n"
+	   "  int5 INTEGER ::= holder-2.&obj\n"
+	   "  int6 INTEGER ::= holder-2.&undefined-field\n"
+	   "  int7 INTEGER ::= holder-2.&UndefinedField.&id\n"
+
+	   "  bs1 BIT STRING ::= 42\n"
+	   "  bs2 BIT STRING ::= {a,b}\n"
+	   "  bs3 BIT STRING {a(0),z(25)} ::= {a,b}\n"
+	   "  bs4 BIT STRING {a(0),z(25)} ::= int\n"
+	   "  bs5 BIT STRING ::= holder-2.&str\n"
+	   "  bs6 BIT STRING ::= holder-2.&obj\n"
+
+	   "  b1 BOOLEAN ::= 42\n"
+	   "  b2 BOOLEAN ::= {a,b}\n"
+
+	   "  HOLDER ::= CLASS {\n"
+	   "    &str IA5String,\n"
+	   "    &obj HOLDER OPTIONAL\n"
+	   "  }\n"
+
+	   "  holder-1 HOLDER ::= { &str \"xyz\" }\n"
+	   "  holder-2 HOLDER ::= { &str \"xyz\", &obj holder-1 }\n"
+
+	   "  ext-1 EXTERNAL ::= {identification bad:{1 2 3}, data-value '123'H}\n"
+	   "  ext-2 EXTERNAL ::= {identification syntax:{1 2 3}, data '123'H}\n"
+
+	   "  CH ::= CHOICE { a INTEGER, b BOOLEAN }\n"
+	   "  ch1 CH ::= 2344\n"
+	   "  ch2 CH ::= zz:34\n"
+
+	   "  st1 an < Seq ::= 42\n"
+	   "  st2 zz < CH ::= 42\n"
+	   "  st3 a < HOLDER ::= 42\n"
+	   "  st4 a < INTEGER ::= 42\n"
+
+	   "  int INTEGER ::= 42\n"
 	   "END\n">>},
     {error,
      [
@@ -249,7 +868,59 @@ values(Config) ->
       {structured_error,{M,3},asn1ct_check,
        illegal_octet_string_value},
       {structured_error,{M,4},asn1ct_check,
-       illegal_octet_string_value}
+       illegal_octet_string_value},
+      {structured_error,{M,9},asn1ct_check,
+       illegal_octet_string_value},
+      {structured_error,{M,10},asn1ct_check,
+       illegal_octet_string_value},
+      {structured_error,{M,11},asn1ct_check,
+       illegal_octet_string_value},
+      {structured_error,{M,12},asn1ct_check,
+       illegal_integer_value},
+      {structured_error,{M,13},asn1ct_check,
+       illegal_integer_value},
+      {structured_error,{M,14},asn1ct_check,
+       illegal_integer_value},
+      {structured_error,{M,15},asn1ct_check,
+       illegal_integer_value},
+      {structured_error,{M,16},asn1ct_check,
+       illegal_integer_value},
+      {structured_error,{M,17},asn1ct_check,
+       {undefined_field,'undefined-field'}},
+      {structured_error,{M,18},asn1ct_check,
+       {undefined_field,'UndefinedField'}},
+      {structured_error,{M,19},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,20},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,21},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,22},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,23},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,24},asn1ct_check,
+       {illegal_value, "BIT STRING"}},
+      {structured_error,{M,25},asn1ct_check,
+       {illegal_value, "BOOLEAN"}},
+      {structured_error,{M,26},asn1ct_check,
+       {illegal_value, "BOOLEAN"}},
+      {structured_error,{M,33},asn1ct_check,
+       illegal_external_value},
+      {structured_error,{M,34},asn1ct_check,
+       illegal_external_value},
+      {structured_error,{M,36},asn1ct_check,
+       {illegal_id, 2344}},
+      {structured_error,{M,37},asn1ct_check,
+       {illegal_id, zz}},
+      {structured_error,{M,38},asn1ct_check,
+       {illegal_choice_type, 'Seq'}},
+      {structured_error,{M,39},asn1ct_check,
+       {illegal_id, zz}},
+      {structured_error,{M,40},asn1ct_check,
+       {illegal_choice_type, 'HOLDER'}},
+      {structured_error,{M,41},asn1ct_check,
+       {illegal_choice_type, 'INTEGER'}}
      ]
     } = run(P, Config),
     ok.
@@ -258,5 +929,7 @@ values(Config) ->
 run({Mod,Spec}, Config) ->
     Base = atom_to_list(Mod) ++ ".asn1",
     File = filename:join(?config(priv_dir, Config), Base),
+    Include0 = filename:dirname(?config(data_dir, Config)),
+    Include = filename:join(filename:dirname(Include0), "asn1_SUITE_data"),
     ok = file:write_file(File, Spec),
-    asn1ct:compile(File).
+    asn1ct:compile(File, [{i, Include}]).
diff --git a/lib/asn1/test/syntax_SUITE.erl b/lib/asn1/test/syntax_SUITE.erl
new file mode 100644
index 0000000000..1a2c938fe5
--- /dev/null
+++ b/lib/asn1/test/syntax_SUITE.erl
@@ -0,0 +1,340 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(syntax_SUITE).
+-export([suite/0,all/0,groups/0,
+	 assignment/1,
+	 class/1,
+	 constraints/1,
+	 exports/1,
+	 header/1,
+	 imports/1,
+	 objects/1,
+	 sequence/1,
+	 syntax/1,
+	 tokenizer/1,
+	 types/1,
+	 values/1]).
+
+-include_lib("test_server/include/test_server.hrl").
+
+suite() -> [{ct_hooks, [ts_install_cth]}].
+
+all() ->
+    [{group,p}].
+
+groups() ->
+    [{p,parallel(),
+      [assignment,
+       class,
+       constraints,
+       exports,
+       header,
+       imports,
+       objects,
+       sequence,
+       syntax,
+       tokenizer,
+       types,
+       values]}].
+
+parallel() ->
+    case erlang:system_info(schedulers) > 1 of
+        true  -> [parallel];
+        false -> []
+    end.
+
+assignment(Config) ->
+    Head = "Assignment DEFINITIONS AUTOMATIC TAGS ::=\nBEGIN\n",
+    End = "\nEND\n",
+    L0 = [{"42",3,{syntax_error,42}},
+	  {"i",4,{syntax_error,'END'}},
+	  {"i ::=",3,{syntax_error,'::='}},
+	  {"i type",4,{syntax_error,'END'}},
+	  {"i type ::=",3,{syntax_error,'::='}},
+	  {"i TYPE",4,{syntax_error,'END'}},
+	  {"i TYPE ::= ",4,{syntax_error,'END'}},
+	  {"i INTEGER ::= 42 garbage",4,{syntax_error,'END'}},
+	  {"i{T} Type",4,{syntax_error,'END'}},
+	  {"TYPE",4,{syntax_error,'END'}},
+	  {"TYPE ::=",4,{syntax_error,'END'}},
+	  {"TYPE{ ::=",3,{syntax_error,'::='}},
+	  {"TYPE{P, ::=",3,{syntax_error,'::='}},
+	  {"TYPE{P,} ::=",3,{syntax_error,'}'}},
+	  {"TYPE{Gov:} ::=",3,{syntax_error,':'}},
+	  {"TYPE{A} CL ",4,{syntax_error,'END'}},
+	  {"ObjSet CL",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Assignment", Config),
+    ok.
+
+class(Config) ->
+    Head = "Class DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	" CL ::= CLASS {",
+    End = "\nEND\n",
+    L0 = [{"id",3,{syntax_error,'id'}},
+	  {"&id INTEGER",4,{syntax_error,'END'}},
+	  {"&id INTEGER,",4,{syntax_error,'END'}},
+	  {"&id,",3,{syntax_error,','}},
+	  {"&id OPTIONAL",3,{syntax_error,'OPTIONAL'}},
+	  {"&id INTEGER OPTIONAL",4,{syntax_error,'END'}},
+	  {"&var &Field",4,{syntax_error,'END'}},
+	  {"&Type,",4,{syntax_error,'END'}},
+	  {"&Type OPTIONAL",4,{syntax_error,'END'}},
+	  {"&ValueSet INTEGER OPTIONAL",4,{syntax_error,'END'}},
+	  {"&ValueSet INTEGER DEFAULT",4,{syntax_error,'END'}},
+	  {"&ValueSet INTEGER DEFAULT {",4,{syntax_error,'END'}},
+	  {"&ValueSet INTEGER DEFAULT {a",4,{syntax_error,'END'}},
+	  {"&Var &Field",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Class", Config),
+    ok.
+
+constraints(Config) ->
+    Head = "Constraints DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	" Type ::= ",
+    End = "\nEND\n",
+    L0 = [{"INTEGER (",4,{syntax_error,'END'}},
+	  {"INTEGER (10x",3,{syntax_error,x}},
+	  {"INTEGER (10|(10y",3,{syntax_error,y}},
+	  {"INTEGER (CONSTRAINED BY {}",4,{syntax_error,'END'}},
+	  {"INTEGER (CONSTRAINED BY {INTEGER garbage",3,
+	   {syntax_error,garbage}},
+	  {"INTEGER ({ObjSet",4,{syntax_error,'END'}},
+	  {"INTEGER ({ObjSet}{",3,{syntax_error,'{'}},
+	  {"INTEGER ({ObjSet}{@",3,{syntax_error,'{'}},
+	  {"INTEGER ({ObjSet}{@x",3,{syntax_error,'{'}},
+	  {"INTEGER ({ObjSet}{@x}",4,{syntax_error,'END'}},
+	  {"INTEGER (10 !BOOLEAN",4,{syntax_error,'END'}},
+	  {"INTEGER (10 !BOOLEAN:",4,{syntax_error,'END'}},
+	  {"INTEGER (10 !BOOLEAN:FALSE",4,{syntax_error,'END'}},
+	  {"SEQUENCE {} (WITH COMPONENTS { Type })",
+	   3,{syntax_error,'Type'}},
+	  {"SEQUENCE {} (WITH COMPONENTS { x (10)",
+	   4,{syntax_error,'END'}},
+	  {"SEQUENCE {} (WITH COMPONENTS { ..., x (10)",
+	   4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Constraints", Config),
+    ok.
+
+exports(Config) ->
+    Head = "Exports DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	" EXPORTS ",
+    End = "\nEND\n",
+    L0 = [{"Type",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Exports", Config),
+    ok.
+
+header(Config) ->
+    L = [{"lowercase",1,{syntax_error,lowercase}},
+	 {"H ",2,{syntax_error,'END-OF-FILE'}},
+	 {"H-",1,{syntax_error,'-'}},
+	 {"42",1,{syntax_error,42}},
+	 {"H definitions",1,{syntax_error,definitions}},
+	 {"H DEFINITIONS STUPID TAGS",1,{syntax_error,'STUPID'}},
+	 {"H DEFINITIONS WHATEVER",1,{syntax_error,'WHATEVER'}},
+	 {"H DEFINITIONS ::= BEGIN",2,{syntax_error,'END-OF-FILE'}},
+	 {"BOOLEAN",1,{syntax_error,'BOOLEAN'}}
+	],
+    run(L, "H", Config),
+    ok.
+
+imports(Config) ->
+    Head = "Imports DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	" IMPORTS ",
+    End = "\nEND\n",
+    L0 = [{"Type FROM X",4,{syntax_error,'END'}},
+	  {"Symbols TO Y",3,{syntax_error,'TO'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Imports", Config),
+    ok.
+
+objects(Config) ->
+    Head = "Objects DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	"  object CLASS-NAME ::= ",
+    End = "\nEND\n",
+    L0 = [{"{",4,{syntax_error,'END'}},
+	  {"{&min 1, max 10}",3,{syntax_error,max}},
+	  {"{&min 1, Max 10}",3,{syntax_error,'Max'}},
+	  {"{min 1, &max 10}",3,{syntax_error,'&max'}},
+	  {"{min 1, &Max 10}",3,{syntax_error,'&Max'}},
+	  {"{RESERVERD WORD BIT}",3,{syntax_error,'BIT'}},
+	  {"{&min 1",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Objects", Config),
+    ok.
+
+sequence(Config) ->
+    Head = "Sequence DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	"  Type ::= SEQUENCE {",
+    End = "\nEND\n",
+    L0 = [{"",4,{syntax_error,'END'}},
+	  {" UpperCase",3,{syntax_error,'UpperCase'}},
+	  {" a b",4,{syntax_error,'END'}},
+	  {" i INTEGER",4,{syntax_error,'END'}},
+	  {" ...",4,{syntax_error,'END'}},
+	  {" ..., [[",4,{syntax_error,'END'}},
+	  {" ..., [[ a INTEGER ]",3,{syntax_error,']'}},
+	  {" ..., [[ a INTEGER,",3,{syntax_error,','}},
+	  {" ..., [[ a INTEGER, ... ]]",3,{syntax_error,','}},
+	  {" ... !42 xxx",3,{syntax_error,'xxx'}},
+	  {" ... !42, a INTEGER,",3,{syntax_error,','}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Sequence", Config),
+    ok.
+
+syntax(Config) ->
+    Head = "Syntax DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	" CL ::= CLASS { &id INTEGER UNIQUE } WITH SYNTAX ",
+    End = "\nEND\n",
+    L0 = [{"{}",3,{syntax_error,'}'}},
+	  {"WORD",3,{syntax_error,'WORD'}},
+	  {"{ Word }",3,{syntax_error,'Word'}},
+	  {"{ [ Word ] }",3,{syntax_error,'Word'}},
+	  {"{ [ WORD }",3,{syntax_error,'}'}},
+	  {"{ WORD;",3,{syntax_error,';'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Syntax", Config),
+    ok.
+
+tokenizer(Config) ->
+    Head = "Tokenize DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n",
+    End = "\nEND\n",
+    L0 = [{"'",3,eol_in_token},
+	  {"'42'B",3,{invalid_binary_number,"42"}},
+	  {"'ZZZ'H",3,{invalid_hex_number,"ZZZ"}},
+	  {"\"abc",3,missing_quote_at_eof},
+	  {"/*",3,eof_in_comment}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Tokenizer", Config, asn1ct_tok),
+    ok.
+
+types(Config) ->
+    Head = "Types DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	"  Type ::= ",
+    End = "\nEND\n",
+    L0 = [{"BIT STRING garbage",4,{syntax_error,'END'}},
+	  {"BIT STRING {",4,{syntax_error,'END'}},
+	  {"BIT STRING { a(42",3,{syntax_error,42}},
+	  {"BIT STRING { a(0)",4,{syntax_error,'END'}},
+	  {"CHOICE {",4,{syntax_error,'END'}},
+	  {"CHOICE { ..., a}",3,{syntax_error,'...'}},
+	  {"CHOICE { UpperCase",3,{syntax_error,'UpperCase'}},
+	  {"CHOICE { i INTEGER",4,{syntax_error,'END'}},
+	  {"CHOICE { ..., i INTEGER }",3,{syntax_error,'...'}},
+	  {"CHOICE { b BOOLEAN, ..., i INTEGER",
+	   4,{syntax_error,'END'}},
+	  {"CHOICE { b BOOLEAN, ..., [[ e BOOLEAN, ...]]}",
+	   3,{syntax_error,','}},
+	  {"CHOICE { b BOOLEAN, ..., i INTEGER, ..., x BIT STRING}",
+	   3,{syntax_error,','}},
+	  {"ENUMERATED {",4,{syntax_error,'END'}},
+	  {"ENUMERATED { 42 }",3,{syntax_error,42}},
+	  {"ENUMERATED { a, b",4,{syntax_error,'END'}},
+	  {"ENUMERATED { a, }",3,{syntax_error,','}},
+	  {"ENUMERATED { a, ...,\nb, ..., c }",4,{syntax_error,','}},
+	  {"INTEGER {",4,{syntax_error,'END'}},
+	  {"INTEGER { a(42)",4,{syntax_error,'END'}},
+	  {"SEQUENCE",3,{syntax_error,'SEQUENCE'}},
+	  %% More tests for SEQUENCE in sequence/1.
+	  {"SEQUENCE SIZE (1..10)",4,{syntax_error,'END'}},
+	  {"SEQUENCE (SIZE (1..10))",4,{syntax_error,'END'}},
+	  {"SET { i INTEGER",4,{syntax_error,'END'}},
+	  {"SET { ...",4,{syntax_error,'END'}},
+	  {"SET SIZE (1..10)",4,{syntax_error,'END'}},
+	  {"SET (SIZE (1..10))",4,{syntax_error,'END'}},
+	  {"SET { ... !42 xxx",3,{syntax_error,'xxx'}},
+	  {"SET { ... !42, a INTEGER,",3,{syntax_error,','}},
+	  {"[",4,{syntax_error,'END'}},
+	  {"[42",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Types", Config),
+    ok.
+
+values(Config) ->
+    Head = "Values DEFINITIONS AUTOMATIC TAGS ::=\n"
+	"BEGIN\n"
+	"  value Type ::= ",
+    End = "\nEND\n",
+    L0 = [{"",4,{syntax_error,'END'}}
+	 ],
+    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0],
+    run(L, "Values", Config),
+    ok.
+
+run(List, File, Config) ->
+    run(List, File, Config, asn1ct_parser2).
+
+run(List, File0, Config, Module) ->
+    Base = File0 ++ ".asn1",
+    File = filename:join(?config(priv_dir, Config), Base),
+    case run_1(List, Base, File, Module, 0) of
+	0 -> ok;
+	Errors -> ?t:fail(Errors)
+    end.
+
+run_1([{Source,Line,Error}=Exp|T], Base, File, Module, N) ->
+    ok = file:write_file(File, Source),
+    io:format("~s", [Source]),
+    case asn1ct:compile(File) of
+	{error,[{structured_error,{Base,L},Module,E}]} ->
+	    case {L,E} of
+		{Line,Error} ->
+		    run_1(T, Base, File, Module, N);
+		{Line,OtherError} ->
+		    io:format("*** Wrong error: ~p, expected ~p ***\n",
+			      [OtherError,Error]),
+		    run_1(T, Base, File, Module, N+1);
+		{OtherLine,Error} ->
+		    io:format("*** Wrong line: ~p, expected ~p ***\n",
+			      [OtherLine,Line]),
+		    run_1(T, Base, File, Module, N+1);
+		{_,_} ->
+		    io:format("*** Wrong line: ~p, expected ~p ***",
+			      [L,Line]),
+		    io:format("*** Wrong error: ~p, expected ~p ***\n",
+			      [E,Error]),
+		    run_1(T, Base, File, Module, N+1)
+	    end;
+	Other ->
+	    io:format("~p\nGOT: ~p", [Exp,Other])
+    end;
+run_1([], _, _, _, N) ->
+    N.
diff --git a/lib/asn1/test/testChoExtension.erl b/lib/asn1/test/testChoExtension.erl
index 09e19ceebb..f36d6c1cbf 100644
--- a/lib/asn1/test/testChoExtension.erl
+++ b/lib/asn1/test/testChoExtension.erl
@@ -39,11 +39,6 @@ extension(_Rules) ->
     roundtrip('ChoExt3', {int,33}),
     roundtrip('ChoExt4', {str,<<"abc">>}),
 
-    roundtrip('ChoEmptyRoot', {bool,false}),
-    roundtrip('ChoEmptyRoot', {bool,true}),
-    roundtrip('ChoEmptyRoot', {int,0}),
-    roundtrip('ChoEmptyRoot', {int,7}),
-
     ok.
 
 
diff --git a/lib/asn1/test/testConstraints.erl b/lib/asn1/test/testConstraints.erl
index 3ccf883bd6..5d65cb8d73 100644
--- a/lib/asn1/test/testConstraints.erl
+++ b/lib/asn1/test/testConstraints.erl
@@ -231,6 +231,28 @@ int_constraints(Rules) ->
     seq_roundtrip(Rules, 'SeqOverlapping', 'SeqNonOverlapping', 19000),
     seq_roundtrip(Rules, 'SeqOverlapping', 'SeqNonOverlapping', 26900),
 
+    %%==========================================================
+    %%  Constraints from object fields.
+    %%==========================================================
+    range_error(Rules, 'IntObjectConstr', 1),
+    roundtrip('IntObjectConstr', 2),
+    roundtrip('IntObjectConstr', 3),
+    roundtrip('IntObjectConstr', 4),
+    range_error(Rules, 'IntObjectConstr', 5),
+
+
+    %%==========================================================
+    %% INTEGER constraints defined using named INTEGERs.
+    %%==========================================================
+    42 = 'Constraints':'constrainedNamedInt-1'(),
+    100 = 'Constraints':'constrainedNamedInt-2'(),
+    range_error(Rules, 'ConstrainedNamedInt', 41),
+    roundtrip('ConstrainedNamedInt', v1),
+    range_error(Rules, 'ConstrainedNamedInt', 43),
+
+    range_error(Rules, 'SeqWithNamedInt', {'SeqWithNamedInt',-100}),
+    roundtrip('SeqWithNamedInt', {'SeqWithNamedInt',v2}),
+
     ok.
 
 %% PER: Ensure that if the lower bound is Lb, Lb+16#80 is encoded
diff --git a/lib/asn1/test/testDoubleEllipses.erl b/lib/asn1/test/testDoubleEllipses.erl
index 4e8972cdfc..3caa166ae0 100644
--- a/lib/asn1/test/testDoubleEllipses.erl
+++ b/lib/asn1/test/testDoubleEllipses.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,17 +24,20 @@
 -include_lib("test_server/include/test_server.hrl").
 
 -record('Seq',{a, c}).
+-record('SeqV1',{a, b}).
 -record('SeqV2',{a, b ,c}).
 -record('SeqAlt',{a,d,b,e,c,f,g}).
 -record('SeqAltV2',{a,d,b,e,h,i,c,f,g}).
 
 -record('Set',{a, c}).
+-record('SetV1',{a, b}).
 -record('SetV2',{a, b ,c}).
 -record('SetAlt',{a,d,b,e,c,f,g}).
 -record('SetAltV2',{a,d,b,e,h,i,c,f,g}).
 
 main(_Rules) ->
     roundtrip('Seq', #'Seq'{a=10,c=true}),
+    roundtrip('SeqV1', #'SeqV1'{a=10,b=false}),
     roundtrip('SeqV2', #'SeqV2'{a=10,b=false,c=true}),
     roundtrip('SeqAlt',
 	      #'SeqAlt'{a=10,d=12,b = <<2#1010:4>>,
@@ -45,6 +48,7 @@ main(_Rules) ->
 			  e=true,h="PS",i=13,c=false,f=14,g=16}),
     
     roundtrip('Set', #'Set'{a=10,c=true}),
+    roundtrip('SetV1', #'SetV1'{a=10,b=false}),
     roundtrip('SetV2', #'SetV2'{a=10,b=false,c=true}),
     roundtrip('SetAlt',
 	      #'SetAlt'{a=10,d=12,
diff --git a/lib/asn1/test/testEnumExt.erl b/lib/asn1/test/testEnumExt.erl
index 878518be11..29995d6340 100644
--- a/lib/asn1/test/testEnumExt.erl
+++ b/lib/asn1/test/testEnumExt.erl
@@ -78,6 +78,9 @@ common(Erule) ->
 
     v_roundtrip(Erule, 'SeqBig', {'SeqBig',true,e40,9357}),
     v_roundtrip(Erule, 'SeqBig', {'SeqBig',true,e80,9357}),
+
+    v_roundtrip(Erule, 'EnumSkip', d),
+
     ok.
 
 roundtrip(Type, Value) ->
@@ -85,11 +88,20 @@ roundtrip(Type, Value) ->
 
 v_roundtrip(Erule, Type, Value) ->
     Encoded = roundtrip(Type, Value),
-    Encoded = asn1_test_lib:hex_to_bin(v(Erule, Value)).
-
-v(ber, {'SeqBig',true,e40,9357}) -> "300A8001 FF810141 8202248D";
-v(ber, {'SeqBig',true,e80,9357}) -> "300B8001 FF810200 81820224 8D";
-v(per, {'SeqBig',true,e40,9357}) -> "E0014002 248D";
-v(per, {'SeqBig',true,e80,9357}) -> "E0018002 248D";
-v(uper, {'SeqBig',true,e40,9357}) -> "E0280044 91A0";
-v(uper, {'SeqBig',true,e80,9357}) -> "E0300044 91A0".
+    Encoded = asn1_test_lib:hex_to_bin(v(Erule, Type, Value)).
+
+v(Erule, 'SeqBig', Value) ->
+    v_seq_big(Erule, Value);
+v(Erule, 'EnumSkip', Value) ->
+    v_enum_skip(Erule, Value).
+
+v_seq_big(ber, {'SeqBig',true,e40,9357}) -> "300A8001 FF810141 8202248D";
+v_seq_big(ber, {'SeqBig',true,e80,9357}) -> "300B8001 FF810200 81820224 8D";
+v_seq_big(per, {'SeqBig',true,e40,9357}) -> "E0014002 248D";
+v_seq_big(per, {'SeqBig',true,e80,9357}) -> "E0018002 248D";
+v_seq_big(uper, {'SeqBig',true,e40,9357}) -> "E0280044 91A0";
+v_seq_big(uper, {'SeqBig',true,e80,9357}) -> "E0300044 91A0".
+
+v_enum_skip(per, d) -> "82";
+v_enum_skip(uper, d) -> "82";
+v_enum_skip(ber, d) -> "0A0103".
diff --git a/lib/asn1/test/testExtensibilityImplied.erl b/lib/asn1/test/testExtensibilityImplied.erl
new file mode 100644
index 0000000000..8049bb6e53
--- /dev/null
+++ b/lib/asn1/test/testExtensibilityImplied.erl
@@ -0,0 +1,29 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+
+-module(testExtensibilityImplied).
+-export([main/0]).
+
+main() ->
+    M = 'ExtensibilityImplied',
+    {'Seq2',true} = M:decode('Seq2', M:encode('Seq1', {'Seq1',true,42})),
+    {'Set2',true} = M:decode('Set2', M:encode('Set1', {'Set1',true,42})),
+    {asn1_enum,_} = M:decode('Enum2', M:encode('Enum1', ext)),
+    ok.
diff --git a/lib/asn1/test/testImporting.erl b/lib/asn1/test/testImporting.erl
new file mode 100644
index 0000000000..de8beae38b
--- /dev/null
+++ b/lib/asn1/test/testImporting.erl
@@ -0,0 +1,34 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+
+-module(testImporting).
+-export([main/0]).
+
+main() ->
+    M = 'Importing',
+    roundtrip('Seq', {'Seq',5}),
+    roundtrip('OtherSeq', {'Seq',42,true}),
+    {'Seq',42,true} = M:seq(),
+    roundtrip('ObjSeq', {'ObjSeq',1,<<"XYZ">>}),
+    roundtrip('ObjSeq', {'ObjSeq',2,19}),
+    ok.
+
+roundtrip(Type, Value) ->
+    asn1_test_lib:roundtrip('Importing', Type, Value).
diff --git a/lib/asn1/test/testInfObj.erl b/lib/asn1/test/testInfObj.erl
index 37c134b1b9..3044d5cd2a 100644
--- a/lib/asn1/test/testInfObj.erl
+++ b/lib/asn1/test/testInfObj.erl
@@ -74,6 +74,12 @@ main(_Erule) ->
 	      {'ConstructedPdu',7,[]}),
     roundtrip('InfObj', 'ConstructedPdu',
 	      {'ConstructedPdu',7,[64,1,19,17,35]}),
+    {'ConstructedPdu',8,[{_,-15,35},{_,533,-70}]} =
+	enc_dec('InfObj', 'ConstructedPdu',
+		{'ConstructedPdu',8,[{'_',-15,35},{'_',533,-70}]}),
+    {'ConstructedPdu',9,[{RecTag9,-15,35},{RecTag9,533,-70}]} =
+	enc_dec('InfObj', 'ConstructedPdu',
+		{'ConstructedPdu',9,[{'_',-15,35},{'_',533,-70}]}),
 
     roundtrip('InfObj', 'ConstructedSet',
 	      {'ConstructedSet',1,{'CONSTRUCTED-DEFAULT_Type',-2001,true}}),
@@ -96,6 +102,12 @@ main(_Erule) ->
 	      {'ConstructedSet',7,[]}),
     roundtrip('InfObj', 'ConstructedSet',
 	      {'ConstructedSet',7,[64,1,19,17,35]}),
+    {'ConstructedSet',8,[{_,-15,35},{_,533,-70}]} =
+	enc_dec('InfObj', 'ConstructedSet',
+		{'ConstructedSet',8,[{'_',-15,35},{'_',533,-70}]}),
+    {'ConstructedSet',9,[{_,-15,35},{_,533,-70}]} =
+	enc_dec('InfObj', 'ConstructedSet',
+		{'ConstructedSet',9,[{'_',-15,35},{'_',533,-70}]}),
 
     roundtrip('InfObj', 'Seq2',
 	      {'Seq2',42,[true,false,false,true],
@@ -126,12 +138,37 @@ main(_Erule) ->
     test_objset('OstSeq45', [4,5]),
     test_objset('OstSeq12345', [1,2,3,4,5]),
 
+    test_objset('OstSeq12Except', [1,2]),
+    test_objset('OstSeq123Except', [1,2]),
+
     test_objset('ExOstSeq12', [1,2]),
     test_objset('ExOstSeq123', [1,2,3]),
-    %%test_objset('ExOstSeq1234', [1,2,3,4]),
+    test_objset('ExOstSeq1234', [1,2,3,4]),
     test_objset('ExOstSeq45', [4,5]),
     test_objset('ExOstSeq12345', [1,2,3,4,5]),
 
+    test_objset('ExOstSeq12Except', [1,2]),
+    test_objset('ExOstSeq123Except', [1,2]),
+
+    roundtrip('InfObj', 'ExtClassSeq', {'ExtClassSeq', 4}),
+
+    {1,2,42} = 'InfObj':'value-1'(),
+    {1,2,42,25} = 'InfObj':'value-2'(),
+    {100,101} = 'InfObj':'value-3'(),
+    {1,2,100,101} = 'InfObj':'value-4'(),
+
+    roundtrip('InfObj', 'Rdn', {'Rdn',{2,5,4,41},"abc"}),
+
+    roundtrip('InfObj', 'TiAliasSeq',
+	      {'TiAliasSeq',{'TiAliasSeq_prf',{2,1,2},'NULL'}}),
+
+    roundtrip('InfObj', 'ContentInfo',
+	      {'ContentInfo',{2,7,8,9},"string"}),
+    {2,7,8,9} = 'InfObj':'id-content-type'(),
+
+    <<2#1011:4>> = 'InfObj':'tricky-bit-string'(),
+    <<16#CAFE:16>> = 'InfObj':'tricky-octet-string'(),
+
     ok.
 
 test_objset(Type, Keys) ->
diff --git a/lib/asn1/test/testInfObjExtract.erl b/lib/asn1/test/testInfObjExtract.erl
new file mode 100644
index 0000000000..0ef967c1f6
--- /dev/null
+++ b/lib/asn1/test/testInfObjExtract.erl
@@ -0,0 +1,72 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+
+-module(testInfObjExtract).
+
+-export([main/0]).
+
+main() ->
+    roundtrip_data_object_13('DataSeq-1'),
+
+    roundtrip_data_object_1('DataSeq-2'),
+    roundtrip_data_object_1('DataSeq-3'),
+    roundtrip_data_object_1('DataSeq-4'),
+
+    roundtrip_data_object_13('DataSeq-5'),
+    roundtrip_data_object_13('DataSeq-6'),
+
+    roundtrip_data_object_1('DataSeqSingleSet-1'),
+    roundtrip_data_object_1('DataSeqSingleSet-2'),
+
+    roundtrip('ObjClassSeq-1', {'ObjClassSeq-1',1,true}),
+    roundtrip('ObjClassSeq-1', {'ObjClassSeq-1',2,true}),
+
+    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',0,false}),
+    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',3,true}),
+    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',4,false}),
+    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',5,true}),
+
+    ok.
+
+roundtrip_data_object_13(SeqType) ->
+    roundtrip(SeqType, {SeqType,1,true}),
+    roundtrip(SeqType, {SeqType,2,<<"abc">>}),
+    roundtrip(SeqType, {SeqType,3,<<42:5>>}),
+    roundtrip_error(SeqType, {SeqType,4,42}).
+
+roundtrip_data_object_1(SeqType) ->
+    roundtrip(SeqType, {SeqType,1,false}),
+    roundtrip(SeqType, {SeqType,1,true}),
+    roundtrip_error(SeqType, {SeqType,1,42}),
+    roundtrip_error(SeqType, {SeqType,2,<<"abc">>}),
+    roundtrip_error(SeqType, {SeqType,3,<<42:5>>}),
+    roundtrip_error(SeqType, {SeqType,999,42}).
+
+roundtrip(T, V) ->
+    asn1_test_lib:roundtrip('InfObjExtract', T, V).
+
+roundtrip_error(T, V) ->
+    try asn1_test_lib:roundtrip('InfObjExtract', T, V) of
+	ok ->
+	    test_server:fail()
+    catch
+	_:_ ->
+	    ok
+    end.
diff --git a/lib/asn1/test/testParamBasic.erl b/lib/asn1/test/testParamBasic.erl
index 39f7947e8d..5f6116bba4 100644
--- a/lib/asn1/test/testParamBasic.erl
+++ b/lib/asn1/test/testParamBasic.erl
@@ -46,6 +46,14 @@ main(Rules) ->
     roundtrip('AnAlgorithm', {'AnAlgorithm',1,42}),
     roundtrip('AnAlgorithm', {'AnAlgorithm',2,true}),
     roundtrip('AnAlgorithm', {'AnAlgorithm',2,false}),
+    {'AnAlgorithm',1,42} = 'ParamBasic':'alg-seq-1'(),
+    {'AnAlgorithm',2,true} = 'ParamBasic':'alg-seq-2'(),
+
+    roundtrip('Seq', {'Seq',
+		      {'Seq_c1',{2,1,1},42},
+		      {'Seq_c2',{2,1,1,1},asn1_NOVALUE}}),
+
+    {_,{2,9,9,9,7},'NULL'} = 'ParamBasic':'algid-hmacWithSHA1'(),
     ok.
 
 roundtrip(Type, Value) ->
diff --git a/lib/asn1/test/testPrim.erl b/lib/asn1/test/testPrim.erl
index e07379e634..d7893a2d58 100644
--- a/lib/asn1/test/testPrim.erl
+++ b/lib/asn1/test/testPrim.erl
@@ -98,6 +98,11 @@ enum(Rules) ->
 	ber ->
 	    ok
     end,
+
+    roundtrip('NegEnumVal', neg),
+    roundtrip('NegEnumVal', zero),
+    roundtrip('EnumVal128', val),
+
     ok.
 
 
diff --git a/lib/asn1/test/testRfcs.erl b/lib/asn1/test/testRfcs.erl
new file mode 100644
index 0000000000..6281d09873
--- /dev/null
+++ b/lib/asn1/test/testRfcs.erl
@@ -0,0 +1,75 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+
+-module(testRfcs).
+
+-export([compile/3,test/0]).
+
+-include_lib("test_server/include/test_server.hrl").
+
+compile(Config, Erules, Options0) ->
+    Options = [no_ok_wrapper|Options0],
+    DataDir = ?config(data_dir, Config),
+    Specs0 = filelib:wildcard("*.asn1", filename:join(DataDir, rfcs)),
+    Specs = [filename:join(rfcs, Spec) || Spec <- Specs0],
+    122 = length(Specs),
+    CaseDir = ?config(case_dir, Config),
+    asn1_test_lib:compile_all(Specs, Config, [Erules,{i,CaseDir}|Options]).
+
+test() ->
+    {1,3,6,1,5,5,7,48,1,2} =
+	IdPkixOcspNonce =
+	'OCSP-2009':'id-pkix-ocsp-nonce'(),
+    roundtrip('OCSP-2009', 'OCSPRequest',
+	      {'OCSPRequest',
+	       {'TBSRequest',
+		0,
+		{rfc822Name,"name string"},
+		[{'Request',
+		  {'CertID',{'_',{2,9,3,4,5},asn1_NOVALUE},
+		   <<"POTATOHASH">>,<<"HASHBROWN">>,42},
+		  [{'_',IdPkixOcspNonce,true,<<34,159,16,57,199>>}]}],
+		asn1_NOVALUE},
+	       asn1_NOVALUE}),
+    otp_7759(),
+    ok.
+
+roundtrip(Module, Type, Value0) ->
+    Enc = Module:encode(Type, Value0),
+    Value1 = Module:decode(Type, Enc),
+    asn1_test_lib:match_value(Value0, Value1),
+    ok.
+
+otp_7759() ->
+    %% The release note for asn-1.6.6 says:
+    %%   Decode of an open_type when the value was empty tagged
+    %%   type encoded with indefinite length failed.
+    Mod = 'OLD-PKCS7',
+    Encoded = encoded_msg(),
+    ContentInfo = Mod:decode('ContentInfo', Encoded),
+    io:format("~p\n", [ContentInfo]),
+    {'ContentInfo',_Id,PKCS7_content} = ContentInfo,
+    X = Mod:decode('SignedData', PKCS7_content),
+    io:format("~p\n", [X]),
+    io:nl(),
+    ok.
+
+encoded_msg() ->
+    <<48,128,6,9,42,134,72,134,247,13,1,7,2,160,128,48,128,2,1,1,49,11,48,9,6,5,43,14,3,2,26,5,0,48,128,6,9,42,134,72,134,247,13,1,7,1,160,128,36,128,0,0,0,0,0,0,  49,130,1,192,48,130,1,188,2,1,1,48,50,48,38,49,17,48,15,6,3,85,4,3,12,8,65,100,109,105,110,67,65,49,49,17,48,15,6,3,85,4,10,12,8,69,82,73,67,83,83,79,78,2,8,15,151,245,186,21,23,240,96,48,9,6,5,43,14,3,2,26,5,0,160,129,229,48,17,6,10,96,134,72,1,134,248,69,1,9,2,49,3,19,1,51,48,17,6,10,96,134,72,1,134,248,69,1,9,3,49,3,19,1,51,48,24,6,9,42,134,72,134,247,13,1,9,3,49,11,6,9,42,134,72,134,247,13,1,7,1,48,28,6,9,42,134,72,134,247,13,1,9,5,49,15,23,13,48,56,49,50,49,48,48,57,53,52,50,51,90,48,28,6,10,96,134,72,1,134,248,69,1,9,7,49,14,19,12,49,53,50,56,49,52,50,52,48,57,53,53,48,32,6,10,96,134,72,1,134,248,69,1,9,5,49,18,4,16,165,115,177,71,78,88,239,113,78,56,98,98,18,202,217,235,48,32,6,10,96,134,72,1,134,248,69,1,9,6,49,18,4,16,227,174,230,251,43,153,252,65,11,93,231,83,34,18,55,46,48,35,6,9,42,134,72,134,247,13,1,9,4,49,22,4,20,218,57,163,238,94,107,75,13,50,85,191,239,149,96,24,144,175,216,7,9,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,4,129,128,106,233,116,125,140,51,133,173,63,41,54,138,214,211,89,215,169,125,98,77,16,222,216,240,211,79,125,111,87,186,73,63,253,204,107,102,177,63,174,197,224,212,231,172,149,246,33,68,223,67,102,93,64,152,152,5,216,102,247,134,36,197,150,236,57,77,56,138,95,71,204,31,23,149,241,213,78,172,165,249,100,187,12,45,19,57,67,120,54,63,15,239,41,217,127,61,254,60,201,104,68,3,135,214,206,93,253,255,192,94,56,107,68,210,57,61,41,249,47,156,130,244,52,12,163,216,236,69,0,0,0,0,0,0>>.
diff --git a/lib/asn1/test/testSelectionTypes.erl b/lib/asn1/test/testSelectionTypes.erl
index 6d060321da..7d273fe656 100644
--- a/lib/asn1/test/testSelectionTypes.erl
+++ b/lib/asn1/test/testSelectionTypes.erl
@@ -23,10 +23,34 @@
 -include_lib("test_server/include/test_server.hrl").
 
 test() ->
-    Val = ["PrintableString","PrintableString","PrintableString"],
     ["Es"] = Val2 = ['SelectionType':einsteinium()],
-    roundtrip('MendeleyevTable', Val),
+    roundtrip('MendeleyevTable', ["fox","tree","cat","stone"]),
     roundtrip('MendeleyevTable', Val2),
+    roundtrip('MendeleyevSet', [42,57,93,101]),
+
+    M = 'SelectionType',
+    true = M:boolv(),
+    4 = M:intv(),
+    <<2#1001:4>> = M:bsv(),
+    <<16#3130:16>> = M:osv(),
+    'NULL' = M:nullv(),
+    {2,1,1} = M:oiv(),
+    "ObjectDesc" = M:odv(),
+    "utf8" = M:utfv(),
+    {5,32767,256} = M:rov(),
+    "089" = M:numsv(),
+    "telet" = M:teletv(),
+    "t61" = M:t61v(),
+    "video" = M:videov(),
+    "ia5" = M:ia5v(),
+    "9805281429Z" = M:utctimev(),
+    "19980528142905.1" = M:gTime(),
+    "graphic" = M:gsv(),
+    "visible" = M:vsv(),
+    "general" = M:gStringv(),
+    "Universal" = M:univv(),
+    "bmp" = M:bmov(),
+
     ok.
 
 roundtrip(T, V) ->
diff --git a/lib/asn1/test/testUniqueObjectSets.erl b/lib/asn1/test/testUniqueObjectSets.erl
new file mode 100644
index 0000000000..1ef61a885a
--- /dev/null
+++ b/lib/asn1/test/testUniqueObjectSets.erl
@@ -0,0 +1,175 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+
+-module(testUniqueObjectSets).
+-export([main/3]).
+
+%% Run-time function called by the generated code.
+seq_roundtrip(I, D0) ->
+    M = 'UniqueObjectSets',
+    try
+	{ok,Enc} = M:encode('Seq', {'Seq',I,D0}),
+	{ok,{'Seq',I,D}} = M:decode('Seq', Enc),
+	D
+    catch C:E ->
+	    Stk = erlang:get_stacktrace(),
+	    io:format("FAILED: ~p ~p\n", [I,D0]),
+	    erlang:raise(C, E, Stk)
+    end.
+
+types() ->
+    [{"CHOICE { a INTEGER, b BIT STRING }", {b,<<42:3>>}},
+     {"INTEGER",42},
+     {"SEQUENCE {a OCTET STRING}",{'_',<<"abc">>}},
+     {"SEQUENCE {b BOOLEAN, ...}",{'_',true}},
+     {"SEQUENCE {b BOOLEAN, ..., s IA5String, ..., e ENUMERATED { x, y, z}}",
+      {'_',false,"string",y}},
+     {"SET {a BIT STRING}",{'_',<<1:17>>}},
+     {"SEQUENCE OF INTEGER",[-19,0,555,777]},
+     {"SET OF BOOLEAN",[true,false,true]},
+     {"SEQUENCE OF SEQUENCE {x INTEGER (0..7)}",[{'_',7},{'_',0}]},
+     {"SET OF SEQUENCE {x INTEGER (0..7)}",[{'_',7},{'_',0}]}
+    ].
+
+main(CaseDir, Rule, Opts) ->
+    D0 = types(),
+    {D1,_} = lists:mapfoldl(fun({T,S}, I) ->
+				    {{I,T,S},I+1}
+			    end, 1, D0),
+    Types = [gen_types(I, Type) || {I,Type,_} <- D1],
+    Set = [gen_set_items(I, T) || {I,T,_} <- D1],
+    Objs = [gen_obj(I) || {I,_,_} <- D1],
+    DupObjs = [gen_dup_obj(I, T) || {I,T,_} <- D1],
+    DupObjRefs0 = [gen_dup_obj_refs(I) || {I,_,_} <- D1],
+    DupObjRefs = string:join(DupObjRefs0, " |\n"),
+    Asn1Spec = 'UniqueObjectSets',
+    A = ["UniqueObjectSets DEFINITIONS AUTOMATIC TAGS ::=\n",
+	 "BEGIN\n\n",
+	 "TEST-UNIQUE ::= CLASS {\n"
+	 " &id   INTEGER UNIQUE,\n"
+	 " &Type OPTIONAL\n"
+	 "}\n"
+	 "WITH SYNTAX {IDENTIFIED BY &id [TYPE &Type]}\n",
+	 $\n,
+	 "DUP-CONTAINER ::= CLASS {\n"
+	 " &id   INTEGER UNIQUE,\n"
+	 " &data TEST-UNIQUE\n"
+	 "} WITH SYNTAX {\n"
+	 " ID &id, &data\n"
+	 "}\n",
+	 $\n,
+	 Types,$\n,
+	 "UniqSet TEST-UNIQUE ::= {\n",
+	 Set,
+	 " DupSet-1 |\n",
+	 " DupSet-2, ...\n",
+	 "}\n\n",
+	 Objs,$\n,
+	 DupObjs,$\n,
+	 "DupSet-1 TEST-UNIQUE ::= {\n",
+	 DupObjRefs,$\n,
+	 "}\n\n",
+	 "DupSet-2 TEST-UNIQUE ::= {\n",
+	 DupObjRefs,",...\n",
+	 "}\n\n",
+	 "Seq ::= SEQUENCE {\n"
+	 "  id TEST-UNIQUE.&id ({UniqSet}),\n"
+	 "  type TEST-UNIQUE.&Type ({UniqSet}{@id})\n"
+	 "}\n"
+	 "END\n"],
+    Asn1File = filename:join(CaseDir, atom_to_list(Asn1Spec)++".asn1"),
+    ok = file:write_file(Asn1File, A),
+
+    TestModule = 'unique_object_sets',
+    Test0 = [gen_test(I, Data) || {I,_,Data} <- D1],
+    Test = ["-module(",atom_to_list(TestModule),").\n"
+	    "-export([main/1]).\n"
+	    "\n"
+	    "main(SeqRoundtrip) ->\n",
+	    "  ",atom_to_list(Rule)," = '",atom_to_list(Asn1Spec),
+	    "':encoding_rule(),\n",
+	    Test0,
+	    "  ok.\n"
+	    ],
+    ErlFile = filename:join(CaseDir, atom_to_list(TestModule)++".erl"),
+    ok = file:write_file(ErlFile, Test),
+
+    io:format("~s\n~s\n", [Asn1File,ErlFile]),
+    case Rule of
+	per ->
+	    io:put_chars([A,$\n,Test,$\n]);
+	_ ->
+	    ok
+    end,
+
+    ok = asn1ct:compile(Asn1File, [Rule,{outdir,CaseDir}|Opts]),
+    {ok,TestModule} = c:c(ErlFile, [{outdir,CaseDir}]),
+    TestModule:main(fun seq_roundtrip/2),
+    ok.
+
+gen_types(I, Type) ->
+    io_lib:format("AType~p ::= ~s\n", [I,Type]).
+
+gen_set_items(I, T) ->
+    io_lib:format(" {IDENTIFIED BY ~p TYPE AType~p} |\n"
+		  " {IDENTIFIED BY ~p TYPE AType~p} |\n"
+		  " {IDENTIFIED BY ~p TYPE ~s} |\n"
+		  " obj-~p |\n\n",
+		  [I,I,I,I,I,T,I]).
+
+gen_obj(I) ->
+    io_lib:format("obj-~p TEST-UNIQUE ::= {IDENTIFIED BY ~p TYPE AType~p}\n",
+		  [I,I,I]).
+
+gen_dup_obj(I, T) ->
+    io_lib:format("dup-obj-~p DUP-CONTAINER ::= "
+		  "{ID ~p, {IDENTIFIED BY ~p TYPE ~s}}\n",
+		  [I,I,I+1000,T]).
+
+gen_dup_obj_refs(I) ->
+    io_lib:format("dup-obj-~p.&data", [I]).
+
+gen_test(I, Data) ->
+    io_lib:format("  ~s = SeqRoundtrip(~p, ~p),\n",
+		  [match_term(Data),I,Data]).
+
+match_term('_') ->
+    "_";
+match_term([H|T]=L) ->
+    case is_intlist(L) of
+	true ->
+	    io_lib:format("~p", [L]);
+	false ->
+	    ["[",match_term(H),"|",match_term(T),"]"]
+    end;
+match_term(Tuple) when is_tuple(Tuple) ->
+    ["{",match_term_tuple(Tuple, 1),"}"];
+match_term(Other) ->
+    io_lib:format("~p", [Other]).
+
+match_term_tuple(T, I) when I =< tuple_size(T) ->
+    [match_term(element(I, T)),
+     if I < tuple_size(T) -> ",";
+	true -> "" end|match_term_tuple(T, I+1)];
+match_term_tuple(_, _) ->
+    [].
+
+is_intlist(L) ->
+    lists:all(fun is_integer/1, L).
diff --git a/lib/asn1/test/testValueTest.erl b/lib/asn1/test/testValueTest.erl
new file mode 100644
index 0000000000..8a8e973621
--- /dev/null
+++ b/lib/asn1/test/testValueTest.erl
@@ -0,0 +1,114 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2014. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+-module(testValueTest).
+
+-export([main/0]).
+
+main() ->
+    M = 'ValueTest',
+
+    %% Basic types
+    12 = M:'vANY'(),
+    true = M:'vBOOLEAN'(),
+    12 = M:'vINTEGER'(),
+    0 = M:'vINTEGERNNL'(),
+    button1 = M:'vENUMERATED'(),
+    [zero,two] = M:'vBS'(),
+    'NULL' = M:'vNULL'(),
+    <<16#31,16#32,16#33>> = M:'vOS'(),
+
+    %% OID
+    {2,1,1} = M:'vOD'(),
+    {1,2} = M:'integer-first'(),
+    {2,4,5} = M:'rel-oid-1'(),
+    {0,2,4,5} = M:'include-roid'(),
+    {1,2,1} = M:'include-oid'(),
+    {1,2,1,2,4,5,42} = M:'include-all'(),
+
+    %% Character strings
+    "01234567" = M:'numericstring'(),
+    "PrintableString" = M:'printablestring'(),
+    "VisibleString" = M:'visiblestring'(),
+    [0,13] = M:'cr'(),
+    ["First line",[0,13],"Second line"] = M:'ia5string1'(),
+    [[5,5],[4,4],[6,6]] = M:'ia5string2'(),
+    "TeletexString" = M:'teletexstring'(),
+    "VideotexString" = M:'videotexstring'(),
+    "97100211-0500" = M:'utctime'(),
+    "19971002103130.5" = M:'generalizedtime'(),
+    "ObjectDescriptor" = M:'objectdescriptor'(),
+    "GraphicString" = M:'graphicstring'(),
+    "GeneralString" = M:'generalstring'(),
+    "BMPString" = M:'bmpstring1'(),
+    [0,0,0,65] = M:'latinCapitalLetterA'(),
+    [0,0,3,145] = M:'greekCapitalLetterSigma'(),
+    ["This is a capital A: ",
+     [0,0,0,65],
+     ", and a capital sigma: ",
+     [0,0,3,145],
+     "; try and spot the difference!"] = M:'my-universalstring'(),
+
+    %% Integers
+    42 = M:someInteger(),
+    42 = M:otherInteger(),
+    {'IntegerSeq',42} = M:integerSeq1(),
+
+    %% Value from object
+    2 = M:'int-from-object-1'(),
+    4 = M:'int-from-object-2'(),
+    roundtrip_error('II', 1),
+    roundtrip('II', 2),
+    roundtrip('II', 3),
+    roundtrip('II', 4),
+    roundtrip_error('II', 5),
+
+    %% Recursive value definitions.
+    {'OctetStringSeq',<<16#40,16#41,16#42>>} = M:octetStringSeq1(),
+    <<16#40,16#41,16#42>> = M:otherOctetString(),
+    <<16#40,16#41,16#42>> = M:someOctetString(),
+    {'OctetStringSeq',<<16#40,16#41,16#42>>} = M:octetStringSeq2(),
+    {'OctetStringSeq',<<16#40,16#41,16#FF>>} = M:octetStringSeq3(),
+    <<16#40,16#41,16#FF>> = M:'os-1'(),
+    <<16#40,16#41,16#FF>> = M:'os-2'(),
+
+    %% Recursive BIT STRING definitions.
+    {'BsSeq',<<2#101101:6>>,[c]} = M:bsSeq1(),
+    {'BsSeq',<<2#101101:6>>,[c]} = M:bsSeq2(),
+    {'BsSeq',<<2#101:3>>,[a,c]} = M:bsSeq3(),
+    <<2#101101:6>> = M:someBitString(),
+    <<2#101101:6>> = M:otherBitString(),
+    <<2#101:3>> = M:bsFromObject(),
+    <<2#101:3>> = M:bsFromObjectInd(),
+    [c] = M:someNamedBs(),
+    [c] = M:someOtherNamedBs(),
+
+    ok.
+
+
+roundtrip(T, V) ->
+    asn1_test_lib:roundtrip('ValueTest', T, V).
+
+roundtrip_error(T, V) ->
+    try asn1_test_lib:roundtrip('ValueTest', T, V) of
+	ok ->
+	    test_server:fail()
+    catch _:_ ->
+	    ok
+    end.
diff --git a/lib/asn1/test/testX420.erl b/lib/asn1/test/testX420.erl
deleted file mode 100644
index 4ddc55dc16..0000000000
--- a/lib/asn1/test/testX420.erl
+++ /dev/null
@@ -1,93 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-%%
-%%-------------------------------------------------------------------
-
--module(testX420).
-
--export([compile/3, ticket7759/2]).
-
--include_lib("test_server/include/test_server.hrl").
-
-
-compile(Erule, Options, Config) ->
-    Specs0 = specs(),
-    99 = length(Specs0),
-    CaseDir = ?config(case_dir, Config),
-    Specs = [filename:join(x420, Spec) || Spec <- Specs0],
-    asn1_test_lib:compile_all(Specs, Config, [Erule,{i,CaseDir}|Options]).
-
-specs() ->
-    ["ACSE-1", "AuthenticationFramework", "BasicAccessControl",
-     "CertificateExtensions", "Character-Coding-Attributes",
-     "Character-Presentation-Attributes", "Character-Profile-Attributes",
-     "Colour-Attributes", "DOR-definition", "DSAOperationalAttributeTypes",
-     "Default-Value-Lists", "DirectoryAbstractService",
-     "DirectoryAccessProtocol", "DirectoryInformationShadowProtocol",
-     "DirectoryOperationalBindingManagementProtocol",
-     "DirectoryOperationalBindingTypes", "DirectoryProtectionMappings",
-     "DirectoryShadowAbstractService", "DirectorySystemProtocol",
-     "DistributedOperations", "Document-Profile-Descriptor",
-     "EnhancedSecurity", "External-References", "GULSProtectionMappings",
-     "GenericProtectingTransferSyntax", "Geo-Gr-Coding-Attributes",
-     "Geo-Gr-Presentation-Attributes", "Geo-Gr-Profile-Attributes",
-     "GulsSecurityExchanges", "GulsSecurityTransformations",
-     "HierarchicalOperationalBindings", "IPMSAbstractService",
-     "IPMSAutoActionTypes", "IPMSExtendedBodyPartTypes",
-     "IPMSExtendedBodyPartTypes2", "IPMSExtendedVoiceBodyPartType",
-     "IPMSFileTransferBodyPartType", "IPMSForwardedContentBodyPartType",
-     "IPMSForwardedReportBodyPartType", "IPMSFunctionalObjects",
-     "IPMSHeadingExtensions", "IPMSInformationObjects",
-     "IPMSMessageStoreAttributes", "IPMSObjectIdentifiers",
-     "IPMSObjectIdentifiers2", "IPMSSecurityExtensions", "IPMSUpperBounds",
-     "ISO-STANDARD-9541-FONT-ATTRIBUTE-SET", "ISO8571-FTAM", "ISO9541-SN",
-     "Identifiers-and-Expressions", "InformationFramework",
-     "Interchange-Data-Elements", "Layout-Descriptors", "Link-Descriptors",
-     "Location-Expressions", "Logical-Descriptors", "MHSObjectIdentifiers",
-     "MHSProtocolObjectIdentifiers", "MSAbstractService",
-     "MSAccessProtocol", "MSGeneralAttributeTypes",
-     "MSGeneralAutoActionTypes", "MSMatchingRules", "MSObjectIdentifiers",
-     "MSUpperBounds", "MTAAbstractService", "MTSAbstractService",
-     "MTSAbstractService88", "MTSAccessProtocol", "MTSObjectIdentifiers",
-     "MTSUpperBounds", "Notation", "ObjectIdentifiers",
-     "OperationalBindingManagement", "PKCS7", "PKCS7BodyPartType",
-     "Protected-Part-Descriptors", "ProtocolObjectIdentifiers",
-     "Raster-Gr-Coding-Attributes", "Raster-Gr-Presentation-Attributes",
-     "Raster-Gr-Profile-Attributes", "Reliable-Transfer-APDU",
-     "Remote-Operations-Abstract-Syntaxes",
-     "Remote-Operations-Generic-ROS-PDUs",
-     "Remote-Operations-Information-Objects-extensions",
-     "Remote-Operations-Information-Objects",
-     "Remote-Operations-Realizations",
-     "Remote-Operations-Useful-Definitions", "SelectedAttributeTypes",
-     "SeseAPDUs", "SpkmGssTokens", "Style-Descriptors", "Subprofiles",
-     "Temporal-Relationships", "Text-Units", "UpperBounds",
-     "UsefulDefinitions", "Videotex-Coding-Attributes"].
-
-ticket7759(_Erule,_Config) ->
-    Encoded = encoded_msg(),
-    io:format("Testing ticket7759 ...~n",[]),
-    {ok, ContentInfo} = 'PKCS7':decode('ContentInfo',Encoded),
-    {'ContentInfo',_Id,PKCS7_content} = ContentInfo,
-    {ok,_} = 'PKCS7':decode('SignedData',PKCS7_content),
-    ok.
-
-
-encoded_msg() ->
-    <<48,128,6,9,42,134,72,134,247,13,1,7,2,160,128,48,128,2,1,1,49,11,48,9,6,5,43,14,3,2,26,5,0,48,128,6,9,42,134,72,134,247,13,1,7,1,160,128,36,128,0,0,0,0,0,0,  49,130,1,192,48,130,1,188,2,1,1,48,50,48,38,49,17,48,15,6,3,85,4,3,12,8,65,100,109,105,110,67,65,49,49,17,48,15,6,3,85,4,10,12,8,69,82,73,67,83,83,79,78,2,8,15,151,245,186,21,23,240,96,48,9,6,5,43,14,3,2,26,5,0,160,129,229,48,17,6,10,96,134,72,1,134,248,69,1,9,2,49,3,19,1,51,48,17,6,10,96,134,72,1,134,248,69,1,9,3,49,3,19,1,51,48,24,6,9,42,134,72,134,247,13,1,9,3,49,11,6,9,42,134,72,134,247,13,1,7,1,48,28,6,9,42,134,72,134,247,13,1,9,5,49,15,23,13,48,56,49,50,49,48,48,57,53,52,50,51,90,48,28,6,10,96,134,72,1,134,248,69,1,9,7,49,14,19,12,49,53,50,56,49,52,50,52,48,57,53,53,48,32,6,10,96,134,72,1,134,248,69,1,9,5,49,18,4,16,165,115,177,71,78,88,239,113,78,56,98,98,18,202,217,235,48,32,6,10,96,134,72,1,134,248,69,1,9,6,49,18,4,16,227,174,230,251,43,153,252,65,11,93,231,83,34,18,55,46,48,35,6,9,42,134,72,134,247,13,1,9,4,49,22,4,20,218,57,163,238,94,107,75,13,50,85,191,239,149,96,24,144,175,216,7,9,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,4,129,128,106,233,116,125,140,51,133,173,63,41,54,138,214,211,89,215,169,125,98,77,16,222,216,240,211,79,125,111,87,186,73,63,253,204,107,102,177,63,174,197,224,212,231,172,149,246,33,68,223,67,102,93,64,152,152,5,216,102,247,134,36,197,150,236,57,77,56,138,95,71,204,31,23,149,241,213,78,172,165,249,100,187,12,45,19,57,67,120,54,63,15,239,41,217,127,61,254,60,201,104,68,3,135,214,206,93,253,255,192,94,56,107,68,210,57,61,41,249,47,156,130,244,52,12,163,216,236,69,0,0,0,0,0,0>>.
diff --git a/lib/asn1/test/test_compile_options.erl b/lib/asn1/test/test_compile_options.erl
index 7f358e863c..4b6357a395 100644
--- a/lib/asn1/test/test_compile_options.erl
+++ b/lib/asn1/test/test_compile_options.erl
@@ -24,7 +24,7 @@
 
 
 -export([wrong_path/1,comp/2,path/1,ticket_6143/1,noobj/1,
-	 record_name_prefix/1,verbose/1,warnings_as_errors/1]).
+	 record_name_prefix/1,verbose/1]).
 
 %% OTP-5689
 wrong_path(Config) ->
@@ -132,43 +132,6 @@ verbose(Config) when is_list(Config) ->
     ?line [] = test_server:capture_get(),
     ok.
 
-warnings_as_errors(Config) when is_list(Config) ->
-    PrivDir = ?config(priv_dir,Config),
-    Asn1File = filename:join([PrivDir,"WERROR.asn1"]),
-    OutFile = filename:join([PrivDir,"WERROR.erl"]),
-    Opts = [{outdir,PrivDir},noobj,verbose],
-
-    %% Generate WERR.asn to emit warning
-    %% Warning: Wrong format of type/value
-    %%     false/{'Externalvaluereference',_,'WERR',noInvokeId}
-    Warn = <<"WERROR DEFINITIONS IMPLICIT TAGS ::=\n"
-	     "\n"
-	     "BEGIN\n"
-	     "\n"
-	     "InvokeId ::= CHOICE\n"
-	     "{\n"
-	     "    present INTEGER,\n"
-	     "    absent NULL\n"
-	     "}\n"
-	     "\n"
-	     "noInvokeId InvokeId ::= absent:NULL\n"
-	     "\n"
-	     "NoInvokeId InvokeId ::= {noInvokeId}\n"
-	     "\n"
-	     "END -- end of useful definitions.\n">>,
-    ?line ok = file:write_file(Asn1File, Warn),
-
-    %% Test warnings_as_errors compile
-    ?line false = filelib:is_regular(OutFile),
-    ?line {error, _} = asn1ct:compile(Asn1File, [warnings_as_errors|Opts]),
-    ?line false = filelib:is_regular(OutFile),
-
-    %% Test normal compile
-    ?line ok = asn1ct:compile(Asn1File, Opts),
-    ?line true = filelib:is_regular(OutFile),
-    ?line ok = file:delete(OutFile),
-    ok.
-
 outfiles_check(OutDir) ->
     outfiles_check(OutDir,outfiles1()).