1 files changed, 25 insertions, 22 deletions
diff --git a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
index fd2c743bb..054a9c45e 100644
--- a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
@@ -140,31 +140,30 @@ namespace Org.BouncyCastle.Cms
 				authGen.AddObject(new DerInteger(AuthenticatedData.CalculateVersion(null)));
 
 				Stream authRaw = authGen.GetRawOutputStream();
-				Asn1Generator recipGen = _berEncodeRecipientSet
-					?	(Asn1Generator) new BerSetGenerator(authRaw)
-					:	new DerSetGenerator(authRaw);
-
-				foreach (Asn1Encodable ae in recipientInfos)
+				using (var recipGen = _berEncodeRecipientSet
+					? (Asn1Generator)new BerSetGenerator(authRaw)
+					: new DerSetGenerator(authRaw))
 				{
-					recipGen.AddObject(ae);
-				}
-
-				recipGen.Close();
+                    foreach (Asn1Encodable ae in recipientInfos)
+                    {
+                        recipGen.AddObject(ae);
+                    }
+                }
 
 				authGen.AddObject(macAlgId);
 
 				BerSequenceGenerator eiGen = new BerSequenceGenerator(authRaw);
 				eiGen.AddObject(CmsObjectIdentifiers.Data);
 
-				Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream(
-					eiGen.GetRawOutputStream(), 0, true, _bufferSize);
+                BerOctetStringGenerator octGen = new BerOctetStringGenerator(eiGen.GetRawOutputStream(), 0, true);
+                Stream octetOutputStream = octGen.GetOctetOutputStream(_bufferSize);
 
                 IMac mac = MacUtilities.GetMac(macAlgId.Algorithm);
 				// TODO Confirm no ParametersWithRandom needed
 	            mac.Init(cipherParameters);
 				Stream mOut = new TeeOutputStream(octetOutputStream, new MacSink(mac));
 
-				return new CmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen);
+				return new CmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen, octGen);
 			}
 			catch (SecurityUtilityException e)
 			{
@@ -214,23 +213,26 @@ namespace Org.BouncyCastle.Cms
 		{
 			private readonly Stream					macStream;
 			private readonly IMac					mac;
-			private readonly BerSequenceGenerator	cGen;
+            private readonly BerSequenceGenerator	cGen;
 			private readonly BerSequenceGenerator	authGen;
 			private readonly BerSequenceGenerator	eiGen;
+            private readonly BerOctetStringGenerator octGen;
 
-			public CmsAuthenticatedDataOutputStream(
+            public CmsAuthenticatedDataOutputStream(
 				Stream					macStream,
 				IMac					mac,
-				BerSequenceGenerator	cGen,
+                BerSequenceGenerator	cGen,
 				BerSequenceGenerator	authGen,
-				BerSequenceGenerator	eiGen)
-			{
+				BerSequenceGenerator	eiGen,
+                BerOctetStringGenerator octGen)
+            {
 				this.macStream = macStream;
 				this.mac = mac;
 				this.cGen = cGen;
 				this.authGen = authGen;
 				this.eiGen = eiGen;
-			}
+                this.octGen = octGen;
+            }
 
             public override void Write(byte[] buffer, int offset, int count)
             {
@@ -255,17 +257,18 @@ namespace Org.BouncyCastle.Cms
                 {
                     macStream.Dispose();
 
-                    // TODO Parent context(s) should really be be closed explicitly
+					// TODO Parent context(s) should really be be closed explicitly
 
-				    eiGen.Close();
+					octGen.Dispose();
+				    eiGen.Dispose();
 
 				    // [TODO] auth attributes go here 
 				    byte[] macOctets = MacUtilities.DoFinal(mac);
 				    authGen.AddObject(new DerOctetString(macOctets));
 				    // [TODO] unauth attributes go here
 
-				    authGen.Close();
-				    cGen.Close();
+				    authGen.Dispose();
+				    cGen.Dispose();
                 }
                 base.Dispose(disposing);
             }