From e2e8018b6c1d4bd87178ed6a034581dcc672ace7 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 9 Nov 2015 18:11:21 +0700 Subject: Add contributor entries --- crypto/Contributors.html | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/Contributors.html b/crypto/Contributors.html index 3d0992f68..8908b857a 100644 --- a/crypto/Contributors.html +++ b/crypto/Contributors.html @@ -105,7 +105,8 @@

Kalev Lember <kalev@smartlink.ee> - patch to fix compilation problem under Mono 2.8+.

  • -

    Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion.

    +

    Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion, + proposed improvements in use of random numbers.

  • Atanas Krachev <akrachev@gmail.com> - added support for revocation signatures in OpenPGP.

    @@ -128,6 +129,16 @@

  • Michael Krueger <michael.krueger@secardeo.com> - patch to fix Asn1.Cmp.RevDetails constructor.

    • +
  • +

    Daniel Nauck <daniel.nauck@gmail.com> - patch for Portable Class Library support.

    +
    • +
  • +

    John Allberg <john@ayoy.se> - improvements to Portable Class Library patch.

    +
    • +
  • +

    Oren Novotny (https://github.com/onovotny) - developed and maintained a fork supporting Portable Class Library, worked closely with us + to integrate the changes back into the main project.

    +
    • -- cgit 1.5.1 From bf9600f6e8c3e8c83ba95a5e0821ec78e270cfa0 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 9 Nov 2015 19:25:07 +0700 Subject: Improve random prime constructor --- crypto/src/math/BigInteger.cs | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/crypto/src/math/BigInteger.cs b/crypto/src/math/BigInteger.cs index 3d0509fe0..2ca3da978 100644 --- a/crypto/src/math/BigInteger.cs +++ b/crypto/src/math/BigInteger.cs @@ -681,6 +681,7 @@ namespace Org.BouncyCastle.Math int xBits = BitsPerByte * nBytes - bitLength; byte mask = (byte)(255U >> xBits); + byte lead = (byte)(1 << (7 - xBits)); for (;;) { @@ -690,7 +691,7 @@ namespace Org.BouncyCastle.Math b[0] &= mask; // ensure the leading bit is 1 (to meet the strength requirement) - b[0] |= (byte)(1 << (7 - xBits)); + b[0] |= lead; // ensure the trailing bit is 1 (i.e. must be odd) b[nBytes - 1] |= 1; @@ -705,18 +706,13 @@ namespace Org.BouncyCastle.Math if (CheckProbablePrime(certainty, random, true)) break; - if (bitLength > 32) + for (int j = 1; j < magnitude.Length; ++j) { - for (int rep = 0; rep < 10000; ++rep) - { - int n = 33 + random.Next(bitLength - 2); - this.magnitude[this.magnitude.Length - (n >> 5)] ^= (1 << (n & 31)); - this.magnitude[this.magnitude.Length - 1] ^= ((random.Next() + 1) << 1); - this.mQuote = 0; + this.magnitude[j] ^= (random.Next() << 1); + this.mQuote = 0; - if (CheckProbablePrime(certainty, random, true)) - return; - } + if (CheckProbablePrime(certainty, random, true)) + return; } } } -- cgit 1.5.1 From 077d073d23766583391b8241e8db262bc8619b5d Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 10 Nov 2015 13:09:14 +0700 Subject: Add more PkiFailureInfo constants --- crypto/src/asn1/cmp/PKIFailureInfo.cs | 114 ++++++++++++++---------- crypto/test/src/asn1/test/PKIFailureInfoTest.cs | 53 ++++++----- 2 files changed, 102 insertions(+), 65 deletions(-) diff --git a/crypto/src/asn1/cmp/PKIFailureInfo.cs b/crypto/src/asn1/cmp/PKIFailureInfo.cs index 1df0e0693..896bf0992 100644 --- a/crypto/src/asn1/cmp/PKIFailureInfo.cs +++ b/crypto/src/asn1/cmp/PKIFailureInfo.cs @@ -2,55 +2,79 @@ using System; namespace Org.BouncyCastle.Asn1.Cmp { - /** - * 
    -	 * PKIFailureInfo ::= BIT STRING {
-	 * badAlg               (0),
-	 *   -- unrecognized or unsupported Algorithm Identifier
-	 * badMessageCheck      (1), -- integrity check failed (e.g., signature did not verify)
-	 * badRequest           (2),
-	 *   -- transaction not permitted or supported
-	 * badTime              (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
-	 * badCertId            (4), -- no certificate could be found matching the provided criteria
-	 * badDataFormat        (5),
-	 *   -- the data submitted has the wrong format
-	 * wrongAuthority       (6), -- the authority indicated in the request is different from the one creating the response token
-	 * incorrectData        (7), -- the requester's data is incorrect (for notary services)
-	 * missingTimeStamp     (8), -- when the timestamp is missing but should be there (by policy)
-	 * badPOP               (9)  -- the proof-of-possession failed
-	 * timeNotAvailable    (14),
-	 *   -- the TSA's time source is not available
-	 * unacceptedPolicy    (15),
-	 *   -- the requested TSA policy is not supported by the TSA
-	 * unacceptedExtension (16),
-	 *   -- the requested extension is not supported by the TSA
-	 *  addInfoNotAvailable (17)
-	 *    -- the additional information requested could not be understood
-	 *    -- or is not available
-	 *  systemFailure       (25)
-	 *    -- the request cannot be handled due to system failure
-	 *
    - */ + /** + * 
    +     * PKIFailureInfo ::= BIT STRING {
+     * badAlg               (0),
+     *   -- unrecognized or unsupported Algorithm Identifier
+     * badMessageCheck      (1), -- integrity check failed (e.g., signature did not verify)
+     * badRequest           (2),
+     *   -- transaction not permitted or supported
+     * badTime              (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
+     * badCertId            (4), -- no certificate could be found matching the provided criteria
+     * badDataFormat        (5),
+     *   -- the data submitted has the wrong format
+     * wrongAuthority       (6), -- the authority indicated in the request is different from the one creating the response token
+     * incorrectData        (7), -- the requester's data is incorrect (for notary services)
+     * missingTimeStamp     (8), -- when the timestamp is missing but should be there (by policy)
+     * badPOP               (9)  -- the proof-of-possession failed
+     * certRevoked         (10),
+     * certConfirmed       (11),
+     * wrongIntegrity      (12),
+     * badRecipientNonce   (13), 
+     * timeNotAvailable    (14),
+     *   -- the TSA's time source is not available
+     * unacceptedPolicy    (15),
+     *   -- the requested TSA policy is not supported by the TSA
+     * unacceptedExtension (16),
+     *   -- the requested extension is not supported by the TSA
+     * addInfoNotAvailable (17)
+     *   -- the additional information requested could not be understood
+     *   -- or is not available
+     * badSenderNonce      (18),
+     * badCertTemplate     (19),
+     * signerNotTrusted    (20),
+     * transactionIdInUse  (21),
+     * unsupportedVersion  (22),
+     * notAuthorized       (23),
+     * systemUnavail       (24),    
+     * systemFailure       (25),
+     *   -- the request cannot be handled due to system failure
+     * duplicateCertReq    (26) 
+     *
    + */ public class PkiFailureInfo : DerBitString { - public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier - public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) - public const int BadRequest = (1 << 5); - public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy - public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria - public const int BadDataFormat = (1 << 2); - public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token - public const int IncorrectData = 1; // the requester's data is incorrect (for notary services) - public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) - public const int BadPop = (1 << 14); // the proof-of-possession failed - public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available - public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA - public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA - public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available - public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure + public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier + public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) + public const int BadRequest = (1 << 5); + public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy + public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria + public const int BadDataFormat = (1 << 2); + public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token + public const int IncorrectData = 1; // the requester's data is incorrect (for notary services) + public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) + public const int BadPop = (1 << 14); // the proof-of-possession failed + public const int CertRevoked = (1 << 13); + public const int CertConfirmed = (1 << 12); + public const int WrongIntegrity = (1 << 11); + public const int BadRecipientNonce = (1 << 10); + public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available + public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA + public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA + public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available + public const int BadSenderNonce = (1 << 21); + public const int BadCertTemplate = (1 << 20); + public const int SignerNotTrusted = (1 << 19); + public const int TransactionIdInUse = (1 << 18); + public const int UnsupportedVersion = (1 << 17); + public const int NotAuthorized = (1 << 16); + public const int SystemUnavail = (1 << 31); + public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure + public const int DuplicateCertReq = (1 << 29); - /** + /** * Basic constructor. */ public PkiFailureInfo( diff --git a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs index 734dbbc14..7d51dbb5f 100644 --- a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs +++ b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs @@ -11,7 +11,7 @@ using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Asn1.Tests { /** - * PKIFailureInfoTest + * PkiFailureInfoTest */ [TestFixture] public class PkiFailureInfoTest @@ -25,12 +25,13 @@ namespace Org.BouncyCastle.Asn1.Tests get { return "PkiFailureInfo"; } } - private void doTestEncoding() + private void DoTestEncoding() { - DerBitString bitString = (DerBitString) Asn1Object.FromByteArray(CORRECT_FAILURE_INFO); + DerBitString bitString = (DerBitString)Asn1Object.FromByteArray(CORRECT_FAILURE_INFO); PkiFailureInfo correct = new PkiFailureInfo(bitString); - PkiFailureInfo bug = new PkiFailureInfo(PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData); + PkiFailureInfo bug = new PkiFailureInfo( + PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData); if (!Arrays.AreEqual(correct.GetDerEncoded(), bug.GetDerEncoded())) { @@ -40,23 +41,35 @@ namespace Org.BouncyCastle.Asn1.Tests public override void PerformTest() { - BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg); - BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck); - BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest); - BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime); - BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId); - BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat); - BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority); - BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData); - BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp); - BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop); - BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable); - BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy); - BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension); - BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable); - BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure); + BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg); + BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck); + BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest); + BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime); + BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId); + BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat); + BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority); + BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData); + BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp); + BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop); + BitStringConstantTester.testFlagValueCorrect(10, PkiFailureInfo.CertRevoked); + BitStringConstantTester.testFlagValueCorrect(11, PkiFailureInfo.CertConfirmed); + BitStringConstantTester.testFlagValueCorrect(12, PkiFailureInfo.WrongIntegrity); + BitStringConstantTester.testFlagValueCorrect(13, PkiFailureInfo.BadRecipientNonce); + BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable); + BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy); + BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension); + BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable); + BitStringConstantTester.testFlagValueCorrect(18, PkiFailureInfo.BadSenderNonce); + BitStringConstantTester.testFlagValueCorrect(19, PkiFailureInfo.BadCertTemplate); + BitStringConstantTester.testFlagValueCorrect(20, PkiFailureInfo.SignerNotTrusted); + BitStringConstantTester.testFlagValueCorrect(21, PkiFailureInfo.TransactionIdInUse); + BitStringConstantTester.testFlagValueCorrect(22, PkiFailureInfo.UnsupportedVersion); + BitStringConstantTester.testFlagValueCorrect(23, PkiFailureInfo.NotAuthorized); + BitStringConstantTester.testFlagValueCorrect(24, PkiFailureInfo.SystemUnavail); + BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure); + BitStringConstantTester.testFlagValueCorrect(26, PkiFailureInfo.DuplicateCertReq); - doTestEncoding(); + DoTestEncoding(); } public static void Main( -- cgit 1.5.1 From c4f02c22b53e19a2445ee13865dc5e0e04c84359 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 10 Nov 2015 19:13:38 +0700 Subject: Add BerBitString and improve "unused bit" handling --- crypto/crypto.csproj | 5 + crypto/src/asn1/BERBitString.cs | 43 ++++ crypto/src/asn1/DerBitString.cs | 263 +++++++++++---------- crypto/src/asn1/DerOutputStream.cs | 19 +- crypto/src/asn1/cmp/PKIFailureInfo.cs | 7 +- crypto/src/asn1/misc/NetscapeCertType.cs | 2 +- crypto/src/asn1/ocsp/BasicOCSPResponse.cs | 7 +- crypto/src/asn1/ocsp/Signature.cs | 7 +- crypto/src/asn1/pkcs/CertificationRequest.cs | 7 +- crypto/src/asn1/x509/AttributeCertificate.cs | 7 +- crypto/src/asn1/x509/CertificateList.cs | 7 +- crypto/src/asn1/x509/KeyUsage.cs | 5 +- crypto/src/asn1/x509/ReasonFlags.cs | 7 +- crypto/src/asn1/x509/SubjectPublicKeyInfo.cs | 2 +- crypto/src/asn1/x509/X509CertificateStructure.cs | 5 + crypto/src/math/BigInteger.cs | 2 +- crypto/src/ocsp/BasicOCSPResp.cs | 2 +- crypto/src/ocsp/OCSPReq.cs | 4 +- crypto/src/pkcs/Pkcs10CertificationRequest.cs | 2 +- crypto/src/tsp/TimeStampResponseGenerator.cs | 5 +- crypto/src/x509/X509Certificate.cs | 4 +- crypto/src/x509/X509Crl.cs | 2 +- crypto/src/x509/X509V2AttributeCertificate.cs | 7 +- crypto/test/src/asn1/test/BitStringTest.cs | 118 +++++++-- .../test/src/crypto/tls/test/TlsTestClientImpl.cs | 6 +- crypto/test/src/test/PKCS10CertRequestTest.cs | 6 +- 26 files changed, 373 insertions(+), 178 deletions(-) create mode 100644 crypto/src/asn1/BERBitString.cs diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index a1e217aca..3f942800c 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -248,6 +248,11 @@ SubType = "Code" BuildAction = "Compile" /> + = 0; i--) - { - // - // this may look a little odd, but if it isn't done like this pre jdk1.2 - // JVM's break! - // - if (i != 0) - { - if ((bitString >> (i * 8)) != 0) - { - val = (bitString >> (i * 8)) & 0xFF; - break; - } - } - else - { - if (bitString != 0) - { - val = bitString & 0xFF; - break; - } - } - } - - if (val == 0) - { - return 7; - } - - int bits = 1; - - while (((val <<= 1) & 0xFF) != 0) - { - bits++; - } - - return 8 - bits; - } - - /** - * return the correct number of bytes for a bit string defined in - * a 32 bit constant - */ - static internal byte[] GetBytes( - int bitString) - { - int bytes = 4; - for (int i = 3; i >= 1; i--) - { - if ((bitString & (0xFF << (i * 8))) != 0) - { - break; - } - bytes--; - } - - byte[] result = new byte[bytes]; - for (int i = 0; i < bytes; i++) - { - result[i] = (byte) ((bitString >> (i * 8)) & 0xFF); - } - - return result; - } - - /** + /** * return a Bit string from the passed in object * * @exception ArgumentException if the object cannot be converted. @@ -126,15 +55,7 @@ namespace Org.BouncyCastle.Asn1 return FromAsn1Octets(((Asn1OctetString)o).GetOctets()); } - internal DerBitString( - byte data, - int padBits) - { - this.data = new byte[]{ data }; - this.padBits = padBits; - } - - /** + /** * @param data the octets making up the bit string. * @param padBits the number of extra bits at the end of the string. */ @@ -142,67 +63,154 @@ namespace Org.BouncyCastle.Asn1 byte[] data, int padBits) { - // TODO Deep copy? - this.data = data; - this.padBits = padBits; + if (data == null) + throw new ArgumentNullException("data"); + if (padBits < 0 || padBits > 7) + throw new ArgumentException("must be in the range 0 to 7", "padBits"); + if (data.Length == 0 && padBits != 0) + throw new ArgumentException("if 'data' is empty, 'padBits' must be 0"); + + this.mData = Arrays.Clone(data); + this.mPadBits = padBits; } public DerBitString( byte[] data) + : this(data, 0) { - // TODO Deep copy? - this.data = data; } - public DerBitString( + public DerBitString( + int namedBits) + { + if (namedBits == 0) + { + this.mData = new byte[0]; + this.mPadBits = 0; + return; + } + + int bits = BigInteger.BitLen(namedBits); + int bytes = (bits + 7) / 8; + + Debug.Assert(0 < bytes && bytes <= 4); + + byte[] result = new byte[bytes]; + --bytes; + + for (int i = 0; i < bytes; i++) + { + result[i] = (byte)namedBits; + namedBits >>= 8; + } + + Debug.Assert((namedBits & 0xFF) != 0); + + result[bytes] = (byte)namedBits; + + int pad = 0; + while ((namedBits & (1 << pad)) == 0) + { + ++pad; + } + + Debug.Assert(pad < 8); + + this.mData = result; + this.mPadBits = pad; + } + + public DerBitString( Asn1Encodable obj) + : this(obj.GetDerEncoded()) { - this.data = obj.GetDerEncoded(); - //this.padBits = 0; } - public byte[] GetBytes() + /** + * Return the octets contained in this BIT STRING, checking that this BIT STRING really + * does represent an octet aligned string. Only use this method when the standard you are + * following dictates that the BIT STRING will be octet aligned. + * + * @return a copy of the octet aligned data. + */ + public virtual byte[] GetOctets() + { + if (mPadBits != 0) + throw new InvalidOperationException("attempt to get non-octet aligned data from BIT STRING"); + + return Arrays.Clone(mData); + } + + public virtual byte[] GetBytes() { - return data; + byte[] data = Arrays.Clone(mData); + + // DER requires pad bits be zero + if (mPadBits > 0) + { + data[data.Length - 1] &= (byte)(0xFF << mPadBits); + } + + return data; } - public int PadBits + public virtual int PadBits { - get { return padBits; } + get { return mPadBits; } } /** * @return the value of the bit string as an int (truncating if necessary) */ - public int IntValue + public virtual int IntValue { get { - int value = 0; - - for (int i = 0; i != data.Length && i != 4; i++) - { - value |= (data[i] & 0xff) << (8 * i); - } - - return value; + int value = 0, length = System.Math.Min(4, mData.Length); + for (int i = 0; i < length; ++i) + { + value |= (int)mData[i] << (8 * i); + } + if (mPadBits > 0 && length == mData.Length) + { + int mask = (1 << mPadBits) - 1; + value &= ~(mask << (8 * (length - 1))); + } + return value; } } - internal override void Encode( + internal override void Encode( DerOutputStream derOut) { - byte[] bytes = new byte[GetBytes().Length + 1]; - - bytes[0] = (byte) PadBits; - Array.Copy(GetBytes(), 0, bytes, 1, bytes.Length - 1); - - derOut.WriteEncoded(Asn1Tags.BitString, bytes); + if (mPadBits > 0) + { + int last = mData[mData.Length - 1]; + int mask = (1 << mPadBits) - 1; + + if ((last & mask) != 0) + { + byte[] result = Arrays.Prepend(mData, (byte)mPadBits); + + /* + * X.690-0207 11.2.1: Each unused bit in the final octet of the encoding of a bit string value shall be set to zero. + * + * NOTE: 'pad' is constrained to be 0 if 'bytes' are empty, in which case this is a no-op. + */ + last ^= (last & mask); + result[result.Length - 1] &= (byte)last; + + derOut.WriteEncoded(Asn1Tags.BitString, result); + return; + } + } + + derOut.WriteEncoded(Asn1Tags.BitString, (byte)mPadBits, mData); } - protected override int Asn1GetHashCode() + protected override int Asn1GetHashCode() { - return padBits.GetHashCode() ^ Arrays.GetHashCode(data); + return mPadBits.GetHashCode() ^ Arrays.GetHashCode(mData); } protected override bool Asn1Equals( @@ -213,8 +221,8 @@ namespace Org.BouncyCastle.Asn1 if (other == null) return false; - return this.padBits == other.padBits - && Arrays.AreEqual(this.data, other.data); + return this.mPadBits == other.mPadBits + && Arrays.AreEqual(this.mData, other.mData); } public override string GetString() @@ -236,12 +244,23 @@ namespace Org.BouncyCastle.Asn1 internal static DerBitString FromAsn1Octets(byte[] octets) { if (octets.Length < 1) - throw new ArgumentException("truncated BIT STRING detected"); + throw new ArgumentException("truncated BIT STRING detected", "octets"); + + int padBits = octets[0]; + byte[] data = Arrays.CopyOfRange(octets, 1, octets.Length); + + if (padBits > 0 && padBits < 8 && data.Length > 0) + { + int last = data[data.Length - 1]; + int mask = (1 << padBits) - 1; + + if ((last & mask) != 0) + { + return new BerBitString(data, padBits); + } + } - int padBits = octets[0]; - byte[] data = new byte[octets.Length - 1]; - Array.Copy(octets, 1, data, 0, data.Length); - return new DerBitString(data, padBits); + return new DerBitString(data, padBits); } } } diff --git a/crypto/src/asn1/DerOutputStream.cs b/crypto/src/asn1/DerOutputStream.cs index c03d9dc11..69d5d5f28 100644 --- a/crypto/src/asn1/DerOutputStream.cs +++ b/crypto/src/asn1/DerOutputStream.cs @@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Asn1 if (length > 127) { int size = 1; - uint val = (uint) length; + uint val = (uint)length; while ((val >>= 8) != 0) { @@ -43,18 +43,29 @@ namespace Org.BouncyCastle.Asn1 int tag, byte[] bytes) { - WriteByte((byte) tag); + WriteByte((byte)tag); WriteLength(bytes.Length); Write(bytes, 0, bytes.Length); } - internal void WriteEncoded( + internal void WriteEncoded( + int tag, + byte first, + byte[] bytes) + { + WriteByte((byte)tag); + WriteLength(bytes.Length + 1); + WriteByte(first); + Write(bytes, 0, bytes.Length); + } + + internal void WriteEncoded( int tag, byte[] bytes, int offset, int length) { - WriteByte((byte) tag); + WriteByte((byte)tag); WriteLength(length); Write(bytes, offset, length); } diff --git a/crypto/src/asn1/cmp/PKIFailureInfo.cs b/crypto/src/asn1/cmp/PKIFailureInfo.cs index 896bf0992..75a3ff0d7 100644 --- a/crypto/src/asn1/cmp/PKIFailureInfo.cs +++ b/crypto/src/asn1/cmp/PKIFailureInfo.cs @@ -77,15 +77,14 @@ namespace Org.BouncyCastle.Asn1.Cmp /** * Basic constructor. */ - public PkiFailureInfo( - int info) - : base(GetBytes(info), GetPadBits(info)) + public PkiFailureInfo(int info) + : base(info) { } public PkiFailureInfo( DerBitString info) - : base(info.GetBytes(), info.PadBits) + : base(info.GetBytes(), info.PadBits) { } diff --git a/crypto/src/asn1/misc/NetscapeCertType.cs b/crypto/src/asn1/misc/NetscapeCertType.cs index d5db6523d..d809eae66 100644 --- a/crypto/src/asn1/misc/NetscapeCertType.cs +++ b/crypto/src/asn1/misc/NetscapeCertType.cs @@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Asn1.Misc * e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) */ public NetscapeCertType(int usage) - : base(GetBytes(usage), GetPadBits(usage)) + : base(usage) { } diff --git a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs index dd666addf..064335ae8 100644 --- a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs +++ b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs @@ -94,7 +94,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp get { return signature; } } - [Obsolete("Use Certs property instead")] + public byte[] GetSignatureOctets() + { + return signature.GetOctets(); + } + + [Obsolete("Use Certs property instead")] public Asn1Sequence GetCerts() { return certs; diff --git a/crypto/src/asn1/ocsp/Signature.cs b/crypto/src/asn1/ocsp/Signature.cs index a07e7a709..df6f43332 100644 --- a/crypto/src/asn1/ocsp/Signature.cs +++ b/crypto/src/asn1/ocsp/Signature.cs @@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp get { return signatureValue; } } - public Asn1Sequence Certs + public byte[] GetSignatureOctets() + { + return signatureValue.GetOctets(); + } + + public Asn1Sequence Certs { get { return certs; } } diff --git a/crypto/src/asn1/pkcs/CertificationRequest.cs b/crypto/src/asn1/pkcs/CertificationRequest.cs index 32b1612d2..35bdd56eb 100644 --- a/crypto/src/asn1/pkcs/CertificationRequest.cs +++ b/crypto/src/asn1/pkcs/CertificationRequest.cs @@ -73,7 +73,12 @@ namespace Org.BouncyCastle.Asn1.Pkcs get { return sigBits; } } - public override Asn1Object ToAsn1Object() + public byte[] GetSignatureOctets() + { + return sigBits.GetOctets(); + } + + public override Asn1Object ToAsn1Object() { return new DerSequence(reqInfo, sigAlgId, sigBits); } diff --git a/crypto/src/asn1/x509/AttributeCertificate.cs b/crypto/src/asn1/x509/AttributeCertificate.cs index 5f85910da..41893b6b4 100644 --- a/crypto/src/asn1/x509/AttributeCertificate.cs +++ b/crypto/src/asn1/x509/AttributeCertificate.cs @@ -63,7 +63,12 @@ namespace Org.BouncyCastle.Asn1.X509 get { return signatureValue; } } - /** + public byte[] GetSignatureOctets() + { + return signatureValue.GetOctets(); + } + + /** * Produce an object suitable for an Asn1OutputStream. * 
              *  AttributeCertificate ::= Sequence {
diff --git a/crypto/src/asn1/x509/CertificateList.cs b/crypto/src/asn1/x509/CertificateList.cs
index 0412e0816..567cf132a 100644
--- a/crypto/src/asn1/x509/CertificateList.cs
+++ b/crypto/src/asn1/x509/CertificateList.cs
@@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.X509
 			get { return sig; }
 		}
 
-		public int Version
+        public byte[] GetSignatureOctets()
+        {
+            return sig.GetOctets();
+        }
+
+        public int Version
 		{
 			get { return tbsCertList.Version; }
 		}
diff --git a/crypto/src/asn1/x509/KeyUsage.cs b/crypto/src/asn1/x509/KeyUsage.cs
index fef04e8b9..aeaffb708 100644
--- a/crypto/src/asn1/x509/KeyUsage.cs
+++ b/crypto/src/asn1/x509/KeyUsage.cs
@@ -53,9 +53,8 @@ namespace Org.BouncyCastle.Asn1.X509
          * allowed uses for the key.
          * e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)
          */
-        public KeyUsage(
-			int usage)
-			: base(GetBytes(usage), GetPadBits(usage))
+        public KeyUsage(int usage)
+			: base(usage)
         {
         }
 
diff --git a/crypto/src/asn1/x509/ReasonFlags.cs b/crypto/src/asn1/x509/ReasonFlags.cs
index f204c36aa..ad45e84ae 100644
--- a/crypto/src/asn1/x509/ReasonFlags.cs
+++ b/crypto/src/asn1/x509/ReasonFlags.cs
@@ -31,13 +31,12 @@ namespace Org.BouncyCastle.Asn1.X509
          * @param reasons - the bitwise OR of the Key Reason flags giving the
          * allowed uses for the key.
          */
-        public ReasonFlags(
-            int reasons)
-             : base(GetBytes(reasons), GetPadBits(reasons))
+        public ReasonFlags(int reasons)
+             : base(reasons)
         {
         }
 
-		public ReasonFlags(
+        public ReasonFlags(
             DerBitString reasons)
              : base(reasons.GetBytes(), reasons.PadBits)
         {
diff --git a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
index 8ce4b2762..477329b7e 100644
--- a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
+++ b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
@@ -75,7 +75,7 @@ namespace Org.BouncyCastle.Asn1.X509
          */
         public Asn1Object GetPublicKey()
         {
-			return Asn1Object.FromByteArray(keyData.GetBytes());
+			return Asn1Object.FromByteArray(keyData.GetOctets());
         }
 
 		/**
diff --git a/crypto/src/asn1/x509/X509CertificateStructure.cs b/crypto/src/asn1/x509/X509CertificateStructure.cs
index c8558ae61..6e7c85de6 100644
--- a/crypto/src/asn1/x509/X509CertificateStructure.cs
+++ b/crypto/src/asn1/x509/X509CertificateStructure.cs
@@ -119,6 +119,11 @@ namespace Org.BouncyCastle.Asn1.X509
             get { return sig; }
         }
 
+        public byte[] GetSignatureOctets()
+        {
+            return sig.GetOctets();
+        }
+
         public override Asn1Object ToAsn1Object()
         {
             return new DerSequence(tbsCert, sigAlgID, sig);
diff --git a/crypto/src/math/BigInteger.cs b/crypto/src/math/BigInteger.cs
index 2ca3da978..794f252e8 100644
--- a/crypto/src/math/BigInteger.cs
+++ b/crypto/src/math/BigInteger.cs
@@ -964,7 +964,7 @@ namespace Org.BouncyCastle.Math
         //
         // BitLen(value) is the number of bits in value.
         //
-        private static int BitLen(int w)
+        internal static int BitLen(int w)
         {
             uint v = (uint)w;
             uint t = v >> 24;
diff --git a/crypto/src/ocsp/BasicOCSPResp.cs b/crypto/src/ocsp/BasicOCSPResp.cs
index 4253726bb..dec3b0bc5 100644
--- a/crypto/src/ocsp/BasicOCSPResp.cs
+++ b/crypto/src/ocsp/BasicOCSPResp.cs
@@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Ocsp
 
 		public byte[] GetSignature()
 		{
-			return resp.Signature.GetBytes();
+			return resp.GetSignatureOctets();
 		}
 
 		private IList GetCertList()
diff --git a/crypto/src/ocsp/OCSPReq.cs b/crypto/src/ocsp/OCSPReq.cs
index 84808e50a..29e8cc015 100644
--- a/crypto/src/ocsp/OCSPReq.cs
+++ b/crypto/src/ocsp/OCSPReq.cs
@@ -153,10 +153,10 @@ namespace Org.BouncyCastle.Ocsp
 			if (!this.IsSigned)
 				return null;
 
-			return req.OptionalSignature.SignatureValue.GetBytes();
+			return req.OptionalSignature.GetSignatureOctets();
 		}
 
-		private IList GetCertList()
+        private IList GetCertList()
 		{
 			// load the certificates if we have any
 
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index 1789f2a70..633a57ebe 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -344,7 +344,7 @@ namespace Org.BouncyCastle.Pkcs
 
                 Platform.Dispose(streamCalculator.Stream);
 
-                return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetBytes());
+                return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets());
             }
             catch (Exception e)
             {
diff --git a/crypto/src/tsp/TimeStampResponseGenerator.cs b/crypto/src/tsp/TimeStampResponseGenerator.cs
index 8d798de67..b596f8d97 100644
--- a/crypto/src/tsp/TimeStampResponseGenerator.cs
+++ b/crypto/src/tsp/TimeStampResponseGenerator.cs
@@ -166,9 +166,8 @@ namespace Org.BouncyCastle.Tsp
         class FailInfo
             : DerBitString
         {
-            internal FailInfo(
-                int failInfoValue)
-                : base(GetBytes(failInfoValue), GetPadBits(failInfoValue))
+            internal FailInfo(int failInfoValue)
+                : base(failInfoValue)
             {
             }
         }
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index fc7f96aa9..472ef7308 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -237,10 +237,10 @@ namespace Org.BouncyCastle.X509
 		/// A byte array containg the signature of the certificate.
 		public virtual byte[] GetSignature()
 		{
-			return c.Signature.GetBytes();
+			return c.GetSignatureOctets();
 		}
 
-		/// 
+        /// 
 		/// A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA)
 		/// 
 		/// A sting representing the signature algorithm.
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index 53de3e91f..ee564dacb 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -211,7 +211,7 @@ namespace Org.BouncyCastle.X509
 
 		public virtual byte[] GetSignature()
 		{
-			return c.Signature.GetBytes();
+			return c.GetSignatureOctets();
 		}
 
 		public virtual string SigAlgName
diff --git a/crypto/src/x509/X509V2AttributeCertificate.cs b/crypto/src/x509/X509V2AttributeCertificate.cs
index 9376538a1..c41b31239 100644
--- a/crypto/src/x509/X509V2AttributeCertificate.cs
+++ b/crypto/src/x509/X509V2AttributeCertificate.cs
@@ -147,9 +147,14 @@ namespace Org.BouncyCastle.X509
 				throw new CertificateNotYetValidException("certificate not valid until " + NotBefore);
 		}
 
+        public virtual AlgorithmIdentifier SignatureAlgorithm
+        {
+            get { return cert.SignatureAlgorithm; }
+        }
+
 		public virtual byte[] GetSignature()
 		{
-			return cert.SignatureValue.GetBytes();
+            return cert.GetSignatureOctets();
 		}
 
         public virtual void Verify(
diff --git a/crypto/test/src/asn1/test/BitStringTest.cs b/crypto/test/src/asn1/test/BitStringTest.cs
index 3a2dc3156..fccaf8fa0 100644
--- a/crypto/test/src/asn1/test/BitStringTest.cs
+++ b/crypto/test/src/asn1/test/BitStringTest.cs
@@ -4,44 +4,132 @@ using System.IO;
 using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
 
 namespace Org.BouncyCastle.Asn1.Tests
 {
     [TestFixture]
     public class BitStringTest
-        : ITest
+        : SimpleTest
     {
-        public ITestResult Perform()
+        private void DoTestZeroLengthStrings()
+        {
+            // basic construction
+            DerBitString s1 = new DerBitString(new byte[0], 0);
+
+            s1.GetBytes();
+
+            if (!Arrays.AreEqual(s1.GetEncoded(), Hex.Decode("030100")))
+            {
+                Fail("zero encoding wrong");
+            }
+
+            try
+            {
+                new DerBitString(null, 1);
+                Fail("exception not thrown");
+            }
+            catch (ArgumentNullException e)
+            {
+                //if (!"data cannot be null".Equals(e.Message))
+                //{
+                //    Fail("Unexpected exception");
+                //}
+            }
+
+            try
+            {
+                new DerBitString(new byte[0], 1);
+                Fail("exception not thrown");
+            }
+            catch (ArgumentException e)
+            {
+                //if (!"zero length data with non-zero pad bits".Equals(e.Message))
+                //{
+                //    Fail("Unexpected exception");
+                //}
+            }
+
+            try
+            {
+                new DerBitString(new byte[1], 8);
+                Fail("exception not thrown");
+            }
+            catch (ArgumentException e)
+            {
+                //if (!"pad bits cannot be greater than 7 or less than 0".Equals(e.Message))
+                //{
+                //    Fail("Unexpected exception");
+                //}
+            }
+
+            DerBitString s2 = new DerBitString(0);
+            if (!Arrays.AreEqual(s1.GetEncoded(), s2.GetEncoded()))
+            {
+                Fail("zero encoding wrong");
+            }
+        }
+
+        private void DoTestRandomPadBits()
+        {
+            byte[] test = Hex.Decode("030206c0");
+
+            byte[] test1 = Hex.Decode("030206f0");
+            byte[] test2 = Hex.Decode("030206c1");
+            byte[] test3 = Hex.Decode("030206c7");
+            byte[] test4 = Hex.Decode("030206d1");
+
+            EncodingCheck(test, test1);
+            EncodingCheck(test, test2);
+            EncodingCheck(test, test3);
+            EncodingCheck(test, test4);
+        }
+
+        private void EncodingCheck(byte[] derData, byte[] dlData)
+        {
+            if (Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetEncoded()))
+            {
+                //Fail("failed DL check");
+                Fail("failed BER check");
+            }
+            if (!Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetDerEncoded()))
+            {
+                Fail("failed DER check");
+            }
+        }
+
+        public override void PerformTest()
         {
             KeyUsage k = new KeyUsage(KeyUsage.DigitalSignature);
             if ((k.GetBytes()[0] != (byte)KeyUsage.DigitalSignature) || (k.PadBits != 7))
             {
-                return new SimpleTestResult(false, Name + ": failed digitalSignature");
+                Fail("failed digitalSignature");
             }
 
             k = new KeyUsage(KeyUsage.NonRepudiation);
             if ((k.GetBytes()[0] != (byte)KeyUsage.NonRepudiation) || (k.PadBits != 6))
             {
-                return new SimpleTestResult(false, Name + ": failed nonRepudiation");
+                Fail("failed nonRepudiation");
             }
 
             k = new KeyUsage(KeyUsage.KeyEncipherment);
             if ((k.GetBytes()[0] != (byte)KeyUsage.KeyEncipherment) || (k.PadBits != 5))
             {
-                return new SimpleTestResult(false, Name + ": failed keyEncipherment");
+                Fail("failed keyEncipherment");
             }
 
             k = new KeyUsage(KeyUsage.CrlSign);
             if ((k.GetBytes()[0] != (byte)KeyUsage.CrlSign)  || (k.PadBits != 1))
             {
-                return new SimpleTestResult(false, Name + ": failed cRLSign");
+                Fail("failed cRLSign");
             }
 
             k = new KeyUsage(KeyUsage.DecipherOnly);
             if ((k.GetBytes()[1] != (byte)(KeyUsage.DecipherOnly >> 8))  || (k.PadBits != 7))
             {
-                return new SimpleTestResult(false, Name + ": failed decipherOnly");
+                Fail("failed decipherOnly");
             }
 
 			// test for zero length bit string
@@ -51,27 +139,25 @@ namespace Org.BouncyCastle.Asn1.Tests
 			}
 			catch (IOException e)
 			{
-				return new SimpleTestResult(false, Name + ": " + e);
+				Fail(e.ToString());
 			}
 
-            return new SimpleTestResult(true, Name + ": Okay");
+            DoTestRandomPadBits();
+            DoTestZeroLengthStrings();
         }
 
-        public string Name
+        public override string Name
         {
 			get { return "BitString"; }
         }
 
-		public static void Main(
+        public static void Main(
             string[] args)
         {
-            ITest test = new BitStringTest();
-            ITestResult result = test.Perform();
-
-			Console.WriteLine(result);
+            RunTest(new BitStringTest());
         }
 
-		[Test]
+        [Test]
         public void TestFunction()
         {
             string resultText = Perform().ToString();
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
index 48af9e0f8..0cc1883ba 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
@@ -128,14 +128,14 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
             Asn1EncodableVector v = new Asn1EncodableVector();
             v.Add(cert.TbsCertificate);
             v.Add(cert.SignatureAlgorithm);
-            v.Add(CorruptBitString(cert.Signature));
+            v.Add(CorruptSignature(cert.Signature));
 
             return X509CertificateStructure.GetInstance(new DerSequence(v));
         }
 
-        protected virtual DerBitString CorruptBitString(DerBitString bs)
+        protected virtual DerBitString CorruptSignature(DerBitString bs)
         {
-            return new DerBitString(CorruptBit(bs.GetBytes()));
+            return new DerBitString(CorruptBit(bs.GetOctets()));
         }
 
         protected virtual byte[] CorruptBit(byte[] bs)
diff --git a/crypto/test/src/test/PKCS10CertRequestTest.cs b/crypto/test/src/test/PKCS10CertRequestTest.cs
index 819439cd8..ba62db32f 100644
--- a/crypto/test/src/test/PKCS10CertRequestTest.cs
+++ b/crypto/test/src/test/PKCS10CertRequestTest.cs
@@ -210,7 +210,7 @@ namespace Org.BouncyCastle.Tests
             byte[] b = req.GetCertificationRequestInfo().GetEncoded();
             sig.BlockUpdate(b, 0, b.Length);
 
-            if (!sig.VerifySignature(req.Signature.GetBytes()))
+            if (!sig.VerifySignature(req.GetSignatureOctets()))
             {
                 Fail("signature not mapped correctly.");
             }
@@ -264,7 +264,7 @@ namespace Org.BouncyCastle.Tests
             byte[] b = req.GetCertificationRequestInfo().GetEncoded();
             sig.BlockUpdate(b, 0, b.Length);
 
-            if (!sig.VerifySignature(req.Signature.GetBytes()))
+            if (!sig.VerifySignature(req.GetSignatureOctets()))
             {
                 Fail("signature not mapped correctly.");
             }
@@ -325,7 +325,7 @@ namespace Org.BouncyCastle.Tests
             byte[] encoded = req.GetCertificationRequestInfo().GetEncoded();
             sig.BlockUpdate(encoded, 0, encoded.Length);
 
-            if (!sig.VerifySignature(req.Signature.GetBytes()))
+            if (!sig.VerifySignature(req.GetSignatureOctets()))
             {
                 Fail("signature not mapped correctly.");
             }
-- 
cgit 1.5.1


From 1f899c3ca6c0a3497dd7a51bb25294ea44675691 Mon Sep 17 00:00:00 2001
From: Peter Dettman 
Date: Tue, 10 Nov 2015 19:15:32 +0700
Subject: Fix IV check for 64-bit blockSize

---
 crypto/src/crypto/modes/SicBlockCipher.cs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/src/crypto/modes/SicBlockCipher.cs b/crypto/src/crypto/modes/SicBlockCipher.cs
index 239f99478..0bea4a455 100644
--- a/crypto/src/crypto/modes/SicBlockCipher.cs
+++ b/crypto/src/crypto/modes/SicBlockCipher.cs
@@ -56,16 +56,18 @@ namespace Org.BouncyCastle.Crypto.Modes
 
             if (blockSize < IV.Length)
                 throw new ArgumentException("CTR/SIC mode requires IV no greater than: " + blockSize + " bytes.");
-            if (blockSize - IV.Length > 8)
-                throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - 8) + " bytes.");
 
-            Reset();
+            int maxCounterSize = System.Math.Min(8, blockSize / 2);
+            if (blockSize - IV.Length > maxCounterSize)
+                throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - maxCounterSize) + " bytes.");
 
             // if null it's an IV changed only.
             if (ivParam.Parameters != null)
             {
                 cipher.Init(true, ivParam.Parameters);
             }
+
+            Reset();
         }
 
         public virtual string AlgorithmName
-- 
cgit 1.5.1


From 218a170ece285fd49f82326c752a3d0fb31881dd Mon Sep 17 00:00:00 2001
From: Peter Dettman 
Date: Tue, 10 Nov 2015 19:42:21 +0700
Subject: Address various compiler warnings

---
 crypto/src/asn1/ess/OtherCertID.cs                     |  3 ++-
 crypto/src/asn1/pkcs/EncryptionScheme.cs               |  2 +-
 crypto/src/cms/CMSAuthenticatedData.cs                 |  2 +-
 crypto/src/cms/CMSAuthenticatedDataParser.cs           |  2 +-
 crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs  |  2 +-
 crypto/src/cms/CMSEnvelopedData.cs                     |  2 +-
 crypto/src/cms/CMSEnvelopedDataParser.cs               |  2 +-
 crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs      |  2 +-
 crypto/src/cms/CMSEnvelopedHelper.cs                   | 12 ++++++------
 crypto/src/cms/CMSPBEKey.cs                            |  4 ++--
 crypto/src/cms/CMSSignedData.cs                        |  2 +-
 crypto/src/cms/CMSSignedDataParser.cs                  |  4 ++--
 crypto/src/cms/CMSSignedDataStreamGenerator.cs         |  2 +-
 crypto/src/cms/CMSSignedHelper.cs                      |  2 +-
 crypto/src/cms/KEKRecipientInfoGenerator.cs            |  2 +-
 crypto/src/cms/KEKRecipientInformation.cs              |  2 +-
 crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs       |  2 +-
 crypto/src/cms/KeyAgreeRecipientInformation.cs         |  2 +-
 crypto/src/cms/KeyTransRecipientInfoGenerator.cs       |  2 +-
 crypto/src/cms/KeyTransRecipientInformation.cs         |  2 +-
 crypto/src/cms/RecipientInformation.cs                 |  6 +++---
 crypto/src/cms/SignerInformation.cs                    | 16 ++++++++--------
 crypto/src/crypto/operators/Asn1Signature.cs           |  8 ++++----
 crypto/src/ocsp/BasicOCSPResp.cs                       |  4 ++--
 crypto/src/ocsp/CertificateID.cs                       |  4 ++--
 crypto/src/ocsp/OCSPReq.cs                             |  2 +-
 crypto/src/openssl/MiscPemGenerator.cs                 |  2 +-
 crypto/src/pkcs/Pkcs10CertificationRequest.cs          |  6 +++---
 crypto/src/pkcs/Pkcs12Store.cs                         | 10 +++++-----
 crypto/src/pkcs/Pkcs12Utilities.cs                     |  4 ++--
 crypto/src/pkcs/PrivateKeyInfoFactory.cs               |  2 +-
 crypto/src/pkix/PkixCertPathValidator.cs               |  4 ++--
 crypto/src/security/PbeUtilities.cs                    | 12 ++++++------
 crypto/src/security/PrivateKeyFactory.cs               |  2 +-
 crypto/src/security/PublicKeyFactory.cs                |  2 +-
 crypto/src/tsp/TimeStampRequest.cs                     |  2 +-
 crypto/src/tsp/TimeStampToken.cs                       |  4 ++--
 crypto/src/tsp/TimeStampTokenInfo.cs                   |  2 +-
 crypto/src/x509/AttributeCertificateHolder.cs          |  4 ++--
 crypto/src/x509/X509Certificate.cs                     |  6 +++---
 crypto/src/x509/X509Crl.cs                             |  2 +-
 crypto/src/x509/X509SignatureUtil.cs                   |  8 ++++----
 crypto/test/src/asn1/test/BitStringTest.cs             | 18 +++---------------
 crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs |  3 ++-
 crypto/test/src/crypto/test/Pkcs5Test.cs               |  2 +-
 crypto/test/src/pkcs/test/PKCS12StoreTest.cs           |  4 ++--
 crypto/test/src/test/CertTest.cs                       |  2 +-
 crypto/test/src/test/PKCS10CertRequestTest.cs          |  6 +++---
 48 files changed, 96 insertions(+), 106 deletions(-)

diff --git a/crypto/src/asn1/ess/OtherCertID.cs b/crypto/src/asn1/ess/OtherCertID.cs
index 972ef8c6b..3d221b0ec 100644
--- a/crypto/src/asn1/ess/OtherCertID.cs
+++ b/crypto/src/asn1/ess/OtherCertID.cs
@@ -1,5 +1,6 @@
 using System;
 
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.X509;
 
 namespace Org.BouncyCastle.Asn1.Ess
@@ -78,7 +79,7 @@ namespace Org.BouncyCastle.Asn1.Ess
 				if (otherCertHash.ToAsn1Object() is Asn1OctetString)
 				{
 					// SHA-1
-					return new AlgorithmIdentifier("1.3.14.3.2.26");
+					return new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1);
 				}
 
 				return DigestInfo.GetInstance(otherCertHash).AlgorithmID;
diff --git a/crypto/src/asn1/pkcs/EncryptionScheme.cs b/crypto/src/asn1/pkcs/EncryptionScheme.cs
index 5b64d6f67..ff9103d12 100644
--- a/crypto/src/asn1/pkcs/EncryptionScheme.cs
+++ b/crypto/src/asn1/pkcs/EncryptionScheme.cs
@@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs
 
 		public override Asn1Object ToAsn1Object()
         {
-			return new DerSequence(ObjectID, Parameters);
+            return new DerSequence(Algorithm, Parameters);
         }
     }
 }
diff --git a/crypto/src/cms/CMSAuthenticatedData.cs b/crypto/src/cms/CMSAuthenticatedData.cs
index 5e234da2b..33b4cc22c 100644
--- a/crypto/src/cms/CMSAuthenticatedData.cs
+++ b/crypto/src/cms/CMSAuthenticatedData.cs
@@ -83,7 +83,7 @@ namespace Org.BouncyCastle.Cms
 		*/
 		public string MacAlgOid
 		{
-			get { return macAlg.ObjectID.Id; }
+            get { return macAlg.Algorithm.Id; }
 		}
 
 		/**
diff --git a/crypto/src/cms/CMSAuthenticatedDataParser.cs b/crypto/src/cms/CMSAuthenticatedDataParser.cs
index c99aac61c..7defafc07 100644
--- a/crypto/src/cms/CMSAuthenticatedDataParser.cs
+++ b/crypto/src/cms/CMSAuthenticatedDataParser.cs
@@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Cms
 		*/
 		public string MacAlgOid
 		{
-			get { return macAlg.ObjectID.Id; }
+            get { return macAlg.Algorithm.Id; }
 		}
 
 
diff --git a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
index a135cdd11..4d18d10d4 100644
--- a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
@@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Cms
 				Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream(
 					eiGen.GetRawOutputStream(), 0, false, _bufferSize);
 
-				IMac mac = MacUtilities.GetMac(macAlgId.ObjectID);
+                IMac mac = MacUtilities.GetMac(macAlgId.Algorithm);
 				// TODO Confirm no ParametersWithRandom needed
 	            mac.Init(cipherParameters);
 				Stream mOut = new TeeOutputStream(octetOutputStream, new MacOutputStream(mac));
diff --git a/crypto/src/cms/CMSEnvelopedData.cs b/crypto/src/cms/CMSEnvelopedData.cs
index 0731c307e..223d0ca73 100644
--- a/crypto/src/cms/CMSEnvelopedData.cs
+++ b/crypto/src/cms/CMSEnvelopedData.cs
@@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Cms
         */
         public string EncryptionAlgOid
         {
-			get { return encAlg.ObjectID.Id; }
+            get { return encAlg.Algorithm.Id; }
         }
 
 		/**
diff --git a/crypto/src/cms/CMSEnvelopedDataParser.cs b/crypto/src/cms/CMSEnvelopedDataParser.cs
index 01a949d47..d5dfaf53d 100644
--- a/crypto/src/cms/CMSEnvelopedDataParser.cs
+++ b/crypto/src/cms/CMSEnvelopedDataParser.cs
@@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Cms
 		 */
 		public string EncryptionAlgOid
 		{
-			get { return _encAlg.ObjectID.Id; }
+            get { return _encAlg.Algorithm.Id; }
 		}
 
 		/**
diff --git a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
index bde8d9926..8e6d2729b 100644
--- a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
@@ -166,7 +166,7 @@ namespace Org.BouncyCastle.Cms
 				Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream(
 					eiGen.GetRawOutputStream(), 0, false, _bufferSize);
 
-				IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.ObjectID);
+                IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.Algorithm);
 				cipher.Init(true, new ParametersWithRandom(cipherParameters, rand));
 				CipherStream cOut = new CipherStream(octetOutputStream, null, cipher);
 
diff --git a/crypto/src/cms/CMSEnvelopedHelper.cs b/crypto/src/cms/CMSEnvelopedHelper.cs
index fe2b14cd9..77d2da47a 100644
--- a/crypto/src/cms/CMSEnvelopedHelper.cs
+++ b/crypto/src/cms/CMSEnvelopedHelper.cs
@@ -160,7 +160,7 @@ namespace Org.BouncyCastle.Cms
 
 			public CmsReadable GetReadable(KeyParameter sKey)
 			{
-				string macAlg = this.algorithm.ObjectID.Id;
+                string macAlg = this.algorithm.Algorithm.Id;
 //				Asn1Object sParams = this.algorithm.Parameters.ToAsn1Object();
 
 				try
@@ -190,11 +190,11 @@ namespace Org.BouncyCastle.Cms
 //						if (asn1Params != null && !(asn1Params is Asn1Null))
 //						{
 //							cipherParameters = ParameterUtilities.GetCipherParameters(
-//							macAlg.ObjectID, cipherParameters, asn1Params);
+//							macAlg.Algorithm, cipherParameters, asn1Params);
 //						}
 //						else
 //						{
-//							string alg = macAlg.ObjectID.Id;
+//							string alg = macAlg.Algorithm.Id;
 //							if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc)
 //								|| alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc)
 //								|| alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc))
@@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Cms
 			{
 				try
 				{
-					this.cipher =  CipherUtilities.GetCipher(this.algorithm.ObjectID);
+                    this.cipher = CipherUtilities.GetCipher(this.algorithm.Algorithm);
 
 					Asn1Encodable asn1Enc = this.algorithm.Parameters;
 					Asn1Object asn1Params = asn1Enc == null ? null : asn1Enc.ToAsn1Object();
@@ -268,11 +268,11 @@ namespace Org.BouncyCastle.Cms
 					if (asn1Params != null && !(asn1Params is Asn1Null))
 					{
 						cipherParameters = ParameterUtilities.GetCipherParameters(
-							this.algorithm.ObjectID, cipherParameters, asn1Params);
+                            this.algorithm.Algorithm, cipherParameters, asn1Params);
 					}
 					else
 					{
-						string alg = this.algorithm.ObjectID.Id;
+                        string alg = this.algorithm.Algorithm.Id;
 						if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc)
 							|| alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc)
 							|| alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc))
diff --git a/crypto/src/cms/CMSPBEKey.cs b/crypto/src/cms/CMSPBEKey.cs
index cb1e54c36..e03307e57 100644
--- a/crypto/src/cms/CMSPBEKey.cs
+++ b/crypto/src/cms/CMSPBEKey.cs
@@ -50,9 +50,9 @@ namespace Org.BouncyCastle.Cms
 			char[]				password,
 			AlgorithmIdentifier keyDerivationAlgorithm)
 		{
-			if (!keyDerivationAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdPbkdf2))
+            if (!keyDerivationAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2))
 				throw new ArgumentException("Unsupported key derivation algorithm: "
-					+ keyDerivationAlgorithm.ObjectID);
+                    + keyDerivationAlgorithm.Algorithm);
 
 			Pbkdf2Params kdfParams = Pbkdf2Params.GetInstance(
 				keyDerivationAlgorithm.Parameters.ToAsn1Object());
diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs
index 81c87a426..237c1528e 100644
--- a/crypto/src/cms/CMSSignedData.cs
+++ b/crypto/src/cms/CMSSignedData.cs
@@ -172,7 +172,7 @@ namespace Org.BouncyCastle.Cms
 					}
 					else
 					{
-						byte[] hash = (byte[]) hashes[info.DigestAlgorithm.ObjectID.Id];
+                        byte[] hash = (byte[])hashes[info.DigestAlgorithm.Algorithm.Id];
 
 						signerInfos.Add(new SignerInformation(info, contentType, null, new BaseDigestCalculator(hash)));
 					}
diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs
index e5e6edc58..fb51ab119 100644
--- a/crypto/src/cms/CMSSignedDataParser.cs
+++ b/crypto/src/cms/CMSSignedDataParser.cs
@@ -122,7 +122,7 @@ namespace Org.BouncyCastle.Cms
 
 					try
 					{
-						string digestOid = id.ObjectID.Id;
+                        string digestOid = id.Algorithm.Id;
 						string digestName = Helper.GetDigestAlgName(digestOid);
 
 						if (!this._digests.Contains(digestName))
@@ -216,7 +216,7 @@ namespace Org.BouncyCastle.Cms
 					{
 						SignerInfo info = SignerInfo.GetInstance(o.ToAsn1Object());
 						string digestName = Helper.GetDigestAlgName(
-							info.DigestAlgorithm.ObjectID.Id);
+                            info.DigestAlgorithm.Algorithm.Id);
 
 						byte[] hash = (byte[]) hashes[digestName];
 
diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
index 1477d884f..d0ab7428a 100644
--- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
@@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Cms
 			// NB: Would need to call FixAlgID on the DigestAlgorithmID
 
 			// For precalculated signers, just need to register the algorithm, not configure a digest
-			RegisterDigestOid(si.DigestAlgorithmID.ObjectID.Id);
+            RegisterDigestOid(si.DigestAlgorithmID.Algorithm.Id);
 		}
 
 		/**
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 23657ef86..5b6c93b6a 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -348,7 +348,7 @@ namespace Org.BouncyCastle.Cms
 			AlgorithmIdentifier algId)
 		{
 			if (algId.Parameters == null)
-				return new AlgorithmIdentifier(algId.ObjectID, DerNull.Instance);
+                return new AlgorithmIdentifier(algId.Algorithm, DerNull.Instance);
 
 			return algId;
 		}
diff --git a/crypto/src/cms/KEKRecipientInfoGenerator.cs b/crypto/src/cms/KEKRecipientInfoGenerator.cs
index a9bedade6..c66f27547 100644
--- a/crypto/src/cms/KEKRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KEKRecipientInfoGenerator.cs
@@ -52,7 +52,7 @@ namespace Org.BouncyCastle.Cms
 		{
 			byte[] keyBytes = contentEncryptionKey.GetKey();
 
-			IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
+            IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
 			keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random));
         	Asn1OctetString encryptedKey = new DerOctetString(
 				keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
diff --git a/crypto/src/cms/KEKRecipientInformation.cs b/crypto/src/cms/KEKRecipientInformation.cs
index f960197d6..871dc76d4 100644
--- a/crypto/src/cms/KEKRecipientInformation.cs
+++ b/crypto/src/cms/KEKRecipientInformation.cs
@@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Cms
 			try
 			{
 				byte[] encryptedKey = info.EncryptedKey.GetOctets();
-				IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.ObjectID.Id);
+                IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.Algorithm.Id);
 
 				keyWrapper.Init(false, key);
 
diff --git a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
index 4fafb7c6e..6bd2cea91 100644
--- a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
@@ -164,7 +164,7 @@ namespace Org.BouncyCastle.Cms
 		{
 			SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
 			return new OriginatorPublicKey(
-				new AlgorithmIdentifier(spki.AlgorithmID.ObjectID, DerNull.Instance),
+                new AlgorithmIdentifier(spki.AlgorithmID.Algorithm, DerNull.Instance),
 				spki.PublicKeyData.GetBytes());
 		}
 	}
diff --git a/crypto/src/cms/KeyAgreeRecipientInformation.cs b/crypto/src/cms/KeyAgreeRecipientInformation.cs
index 8e006e545..73e57a76a 100644
--- a/crypto/src/cms/KeyAgreeRecipientInformation.cs
+++ b/crypto/src/cms/KeyAgreeRecipientInformation.cs
@@ -130,7 +130,7 @@ namespace Org.BouncyCastle.Cms
             AsymmetricKeyParameter	senderPublicKey,
             AsymmetricKeyParameter	receiverPrivateKey)
         {
-            DerObjectIdentifier agreeAlgID = keyEncAlg.ObjectID;
+            DerObjectIdentifier agreeAlgID = keyEncAlg.Algorithm;
 
             ICipherParameters senderPublicParams = senderPublicKey;
             ICipherParameters receiverPrivateParams = receiverPrivateKey;
diff --git a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
index 0992e6da6..a1d8fbfa8 100644
--- a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
@@ -64,7 +64,7 @@ namespace Org.BouncyCastle.Cms
 			byte[] keyBytes = contentEncryptionKey.GetKey();
 			AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;
 
-			IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
+            IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
 			keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
 			byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
 
diff --git a/crypto/src/cms/KeyTransRecipientInformation.cs b/crypto/src/cms/KeyTransRecipientInformation.cs
index 24121cb2c..3b1ea7b5e 100644
--- a/crypto/src/cms/KeyTransRecipientInformation.cs
+++ b/crypto/src/cms/KeyTransRecipientInformation.cs
@@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Cms
 		internal KeyParameter UnwrapKey(ICipherParameters key)
 		{
 			byte[] encryptedKey = info.EncryptedKey.GetOctets();
-			string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.ObjectID);
+            string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.Algorithm);
 
 			try
 			{
diff --git a/crypto/src/cms/RecipientInformation.cs b/crypto/src/cms/RecipientInformation.cs
index 8b0316be4..272b841f2 100644
--- a/crypto/src/cms/RecipientInformation.cs
+++ b/crypto/src/cms/RecipientInformation.cs
@@ -33,8 +33,8 @@ namespace Org.BouncyCastle.Cms
 		internal string GetContentAlgorithmName()
 		{
 			AlgorithmIdentifier algorithm = secureReadable.Algorithm;
-//			return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.ObjectID.Id);
-			return algorithm.ObjectID.Id;
+//			return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.Algorithm.Id);
+			return algorithm.Algorithm.Id;
 		}
 
 		public RecipientID RecipientID
@@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Cms
         */
         public string KeyEncryptionAlgOid
         {
-			get { return keyEncAlg.ObjectID.Id; }
+            get { return keyEncAlg.Algorithm.Id; }
         }
 
 		/**
diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs
index 581286a3f..dad128263 100644
--- a/crypto/src/cms/SignerInformation.cs
+++ b/crypto/src/cms/SignerInformation.cs
@@ -117,7 +117,7 @@ namespace Org.BouncyCastle.Cms
 		*/
 		public string DigestAlgOid
 		{
-			get { return digestAlgorithm.ObjectID.Id; }
+            get { return digestAlgorithm.Algorithm.Id; }
 		}
 
 		/**
@@ -156,7 +156,7 @@ namespace Org.BouncyCastle.Cms
 		*/
 		public string EncryptionAlgOid
 		{
-			get { return encryptionAlgorithm.ObjectID.Id; }
+            get { return encryptionAlgorithm.Algorithm.Id; }
 		}
 
 		/**
@@ -272,7 +272,7 @@ namespace Org.BouncyCastle.Cms
 					*/
 					SignerInfo si = SignerInfo.GetInstance(asn1Obj.ToAsn1Object());
 
-					string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.ObjectID.Id);
+                    string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.Algorithm.Id);
 
 					counterSignatures.Add(new SignerInformation(si, null, null, new CounterSignatureDigestCalculator(digestName, GetSignature())));
 				}
@@ -298,7 +298,7 @@ namespace Org.BouncyCastle.Cms
 			string digestName = Helper.GetDigestAlgName(this.DigestAlgOid);
 			IDigest digest = Helper.GetDigestInstance(digestName);
 
-			DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.ObjectID;
+            DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.Algorithm;
 			Asn1Encodable sigParams = this.encryptionAlgorithm.Parameters;
 			ISigner sig;
 
@@ -318,12 +318,12 @@ namespace Org.BouncyCastle.Cms
 					Asn1.Pkcs.RsassaPssParameters pss = Asn1.Pkcs.RsassaPssParameters.GetInstance(
 						sigParams.ToAsn1Object());
 
-					if (!pss.HashAlgorithm.ObjectID.Equals(this.digestAlgorithm.ObjectID))
+                    if (!pss.HashAlgorithm.Algorithm.Equals(this.digestAlgorithm.Algorithm))
 						throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm");
-					if (!pss.MaskGenAlgorithm.ObjectID.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1))
+                    if (!pss.MaskGenAlgorithm.Algorithm.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1))
 						throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF");
 
-					IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.ObjectID);
+                    IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.Algorithm);
 					int saltLength = pss.SaltLength.Value.IntValue;
 					byte trailerField = (byte) pss.TrailerField.Value.IntValue;
 
@@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Cms
 
 					DigestInfo digInfo = DerDecode(decrypt);
 
-					if (!digInfo.AlgorithmID.ObjectID.Equals(digestAlgorithm.ObjectID))
+                    if (!digInfo.AlgorithmID.Algorithm.Equals(digestAlgorithm.Algorithm))
 					{
 						return false;
 					}
diff --git a/crypto/src/crypto/operators/Asn1Signature.cs b/crypto/src/crypto/operators/Asn1Signature.cs
index 3a20e4bff..e023c1d18 100644
--- a/crypto/src/crypto/operators/Asn1Signature.cs
+++ b/crypto/src/crypto/operators/Asn1Signature.cs
@@ -170,13 +170,13 @@ namespace Org.BouncyCastle.Crypto.Operators
 
             if (parameters != null && !derNull.Equals(parameters))
             {
-                if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+                if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
                 {
                     RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters);
 
-                    return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+                    return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
                 }
-                if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
+                if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
                 {
                     Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters);
 
@@ -184,7 +184,7 @@ namespace Org.BouncyCastle.Crypto.Operators
                 }
             }
 
-            return sigAlgId.ObjectID.Id;
+            return sigAlgId.Algorithm.Id;
         }
 
         private static RsassaPssParameters CreatePssParams(
diff --git a/crypto/src/ocsp/BasicOCSPResp.cs b/crypto/src/ocsp/BasicOCSPResp.cs
index dec3b0bc5..63ab8921e 100644
--- a/crypto/src/ocsp/BasicOCSPResp.cs
+++ b/crypto/src/ocsp/BasicOCSPResp.cs
@@ -95,12 +95,12 @@ namespace Org.BouncyCastle.Ocsp
 
 		public string SignatureAlgName
 		{
-			get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.ObjectID); }
+            get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.Algorithm); }
 		}
 
 		public string SignatureAlgOid
 		{
-			get { return resp.SignatureAlgorithm.ObjectID.Id; }
+            get { return resp.SignatureAlgorithm.Algorithm.Id; }
 		}
 
 		[Obsolete("RespData class is no longer required as all functionality is available on this class")]
diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs
index a8f035759..ec902d5c3 100644
--- a/crypto/src/ocsp/CertificateID.cs
+++ b/crypto/src/ocsp/CertificateID.cs
@@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Ocsp
 
 		public string HashAlgOid
 		{
-			get { return id.HashAlgorithm.ObjectID.Id; }
+            get { return id.HashAlgorithm.Algorithm.Id; }
 		}
 
 		public byte[] GetIssuerNameHash()
@@ -118,7 +118,7 @@ namespace Org.BouncyCastle.Ocsp
 		{
 			try
 			{
-				String hashAlgorithm = hashAlg.ObjectID.Id;
+                String hashAlgorithm = hashAlg.Algorithm.Id;
 
 				X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
 				byte[] issuerNameHash = DigestUtilities.CalculateDigest(
diff --git a/crypto/src/ocsp/OCSPReq.cs b/crypto/src/ocsp/OCSPReq.cs
index 29e8cc015..0cd95c6d6 100644
--- a/crypto/src/ocsp/OCSPReq.cs
+++ b/crypto/src/ocsp/OCSPReq.cs
@@ -144,7 +144,7 @@ namespace Org.BouncyCastle.Ocsp
 				if (!this.IsSigned)
 					return null;
 
-				return req.OptionalSignature.SignatureAlgorithm.ObjectID.Id;
+                return req.OptionalSignature.SignatureAlgorithm.Algorithm.Id;
 			}
 		}
 
diff --git a/crypto/src/openssl/MiscPemGenerator.cs b/crypto/src/openssl/MiscPemGenerator.cs
index 6b91e8b1c..568465fe4 100644
--- a/crypto/src/openssl/MiscPemGenerator.cs
+++ b/crypto/src/openssl/MiscPemGenerator.cs
@@ -218,7 +218,7 @@ namespace Org.BouncyCastle.OpenSsl
         {
             PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
             AlgorithmIdentifier algID = info.PrivateKeyAlgorithm;
-            DerObjectIdentifier oid = algID.ObjectID;
+            DerObjectIdentifier oid = algID.Algorithm;
 
             if (oid.Equals(X9ObjectIdentifiers.IdDsa))
             {
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index 633a57ebe..0411d9190 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -402,14 +402,14 @@ namespace Org.BouncyCastle.Pkcs
 
 			if (asn1Params != null && !(asn1Params is Asn1Null))
 			{
-				if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+                if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
 				{
 					RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(asn1Params);
-					return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+                    return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
 				}
 			}
 
-			return sigAlgId.ObjectID.Id;
+            return sigAlgId.Algorithm.Id;
 		}
 
 		private static string GetDigestAlgName(
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs
index e4fe29401..b649a726e 100644
--- a/crypto/src/pkcs/Pkcs12Store.cs
+++ b/crypto/src/pkcs/Pkcs12Store.cs
@@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pkcs
 
                 byte[] data = ((Asn1OctetString) info.Content).GetOctets();
 
-                byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data);
+                byte[] mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, false, data);
                 byte[] dig = dInfo.GetDigest();
 
                 if (!Arrays.ConstantTimeAreEqual(mac, dig))
@@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Pkcs
                         throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
 
                     // Try with incorrect zero length password
-                    mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data);
+                    mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, true, data);
 
                     if (!Arrays.ConstantTimeAreEqual(mac, dig))
                         throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
@@ -1015,14 +1015,14 @@ namespace Org.BouncyCastle.Pkcs
             bool				wrongPkcs12Zero,
             byte[]				data)
         {
-            IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.ObjectID) as IBufferedCipher;
+            IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.Algorithm) as IBufferedCipher;
 
             if (cipher == null)
-                throw new Exception("Unknown encryption algorithm: " + algId.ObjectID);
+                throw new Exception("Unknown encryption algorithm: " + algId.Algorithm);
 
             Pkcs12PbeParams pbeParameters = Pkcs12PbeParams.GetInstance(algId.Parameters);
             ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters(
-                algId.ObjectID, password, wrongPkcs12Zero, pbeParameters);
+                algId.Algorithm, password, wrongPkcs12Zero, pbeParameters);
             cipher.Init(forEncryption, cipherParams);
             return cipher.DoFinal(data);
         }
diff --git a/crypto/src/pkcs/Pkcs12Utilities.cs b/crypto/src/pkcs/Pkcs12Utilities.cs
index d35c8b6a2..923eca5a5 100644
--- a/crypto/src/pkcs/Pkcs12Utilities.cs
+++ b/crypto/src/pkcs/Pkcs12Utilities.cs
@@ -56,10 +56,10 @@ namespace Org.BouncyCastle.Pkcs
 				int itCount = mData.IterationCount.IntValue;
 				byte[] data = Asn1OctetString.GetInstance(info.Content).GetOctets();
 				byte[] res = Pkcs12Store.CalculatePbeMac(
-					mData.Mac.AlgorithmID.ObjectID, mData.GetSalt(), itCount, passwd, false, data);
+                    mData.Mac.AlgorithmID.Algorithm, mData.GetSalt(), itCount, passwd, false, data);
 
 				AlgorithmIdentifier algId = new AlgorithmIdentifier(
-					mData.Mac.AlgorithmID.ObjectID, DerNull.Instance);
+                    mData.Mac.AlgorithmID.Algorithm, DerNull.Instance);
 				DigestInfo dInfo = new DigestInfo(algId, res);
 
 				mData = new MacData(dInfo, mData.GetSalt(), itCount);
diff --git a/crypto/src/pkcs/PrivateKeyInfoFactory.cs b/crypto/src/pkcs/PrivateKeyInfoFactory.cs
index 723d50f08..c6aab4884 100644
--- a/crypto/src/pkcs/PrivateKeyInfoFactory.cs
+++ b/crypto/src/pkcs/PrivateKeyInfoFactory.cs
@@ -195,7 +195,7 @@ namespace Org.BouncyCastle.Pkcs
 
             IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
             if (cipher == null)
-                throw new Exception("Unknown encryption algorithm: " + algID.ObjectID);
+                throw new Exception("Unknown encryption algorithm: " + algID.Algorithm);
 
             ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
                 algID, passPhrase, wrongPkcs12Zero);
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 7eb838886..fcfa63837 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pkix
                         "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
             }
 
-//			DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID;
+//			DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.Algorithm;
 //			Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters;
 
             //
@@ -358,7 +358,7 @@ namespace Org.BouncyCastle.Pkix
 
                     workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
                     // (f)
-//                    workingPublicKeyAlgorithm = workingAlgId.ObjectID;
+//                    workingPublicKeyAlgorithm = workingAlgId.Algorithm;
                     // (e)
 //                    workingPublicKeyParameters = workingAlgId.Parameters;
                 }
diff --git a/crypto/src/security/PbeUtilities.cs b/crypto/src/security/PbeUtilities.cs
index 56d68ba0a..0cb235ae6 100644
--- a/crypto/src/security/PbeUtilities.cs
+++ b/crypto/src/security/PbeUtilities.cs
@@ -345,7 +345,7 @@ namespace Org.BouncyCastle.Security
             AlgorithmIdentifier algID,
             char[]              password)
         {
-            return GenerateCipherParameters(algID.ObjectID.Id, password, false, algID.Parameters);
+            return GenerateCipherParameters(algID.Algorithm.Id, password, false, algID.Parameters);
         }
 
         public static ICipherParameters GenerateCipherParameters(
@@ -353,7 +353,7 @@ namespace Org.BouncyCastle.Security
             char[]              password,
             bool				wrongPkcs12Zero)
         {
-            return GenerateCipherParameters(algID.ObjectID.Id, password, wrongPkcs12Zero, algID.Parameters);
+            return GenerateCipherParameters(algID.Algorithm.Id, password, wrongPkcs12Zero, algID.Parameters);
         }
 
         public static ICipherParameters GenerateCipherParameters(
@@ -401,10 +401,10 @@ namespace Org.BouncyCastle.Security
             {
                 PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
                 AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
-                DerObjectIdentifier encOid = encScheme.ObjectID;
+                DerObjectIdentifier encOid = encScheme.Algorithm;
                 Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
 
-                // TODO What about s2p.KeyDerivationFunc.ObjectID?
+                // TODO What about s2p.KeyDerivationFunc.Algorithm?
                 Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
 
                 byte[] iv;
@@ -577,13 +577,13 @@ namespace Org.BouncyCastle.Security
         public static object CreateEngine(
             AlgorithmIdentifier algID)
         {
-            string algorithm = algID.ObjectID.Id;
+            string algorithm = algID.Algorithm.Id;
 
             if (IsPkcs5Scheme2(algorithm))
             {
                 PbeS2Parameters s2p = PbeS2Parameters.GetInstance(algID.Parameters.ToAsn1Object());
                 AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
-                return CipherUtilities.GetCipher(encScheme.ObjectID);
+                return CipherUtilities.GetCipher(encScheme.Algorithm);
             }
 
             return CreateEngine(algorithm);
diff --git a/crypto/src/security/PrivateKeyFactory.cs b/crypto/src/security/PrivateKeyFactory.cs
index edc5ef85a..b9538b33d 100644
--- a/crypto/src/security/PrivateKeyFactory.cs
+++ b/crypto/src/security/PrivateKeyFactory.cs
@@ -45,7 +45,7 @@ namespace Org.BouncyCastle.Security
             PrivateKeyInfo keyInfo)
         {
             AlgorithmIdentifier algID = keyInfo.PrivateKeyAlgorithm;
-            DerObjectIdentifier algOid = algID.ObjectID;
+            DerObjectIdentifier algOid = algID.Algorithm;
 
             // TODO See RSAUtil.isRsaOid in Java build
             if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
diff --git a/crypto/src/security/PublicKeyFactory.cs b/crypto/src/security/PublicKeyFactory.cs
index 8c0be4f70..f1b28b774 100644
--- a/crypto/src/security/PublicKeyFactory.cs
+++ b/crypto/src/security/PublicKeyFactory.cs
@@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Security
             SubjectPublicKeyInfo keyInfo)
         {
             AlgorithmIdentifier algID = keyInfo.AlgorithmID;
-            DerObjectIdentifier algOid = algID.ObjectID;
+            DerObjectIdentifier algOid = algID.Algorithm;
 
             // TODO See RSAUtil.isRsaOid in Java build
             if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
diff --git a/crypto/src/tsp/TimeStampRequest.cs b/crypto/src/tsp/TimeStampRequest.cs
index 6b9699379..f54d33e04 100644
--- a/crypto/src/tsp/TimeStampRequest.cs
+++ b/crypto/src/tsp/TimeStampRequest.cs
@@ -77,7 +77,7 @@ namespace Org.BouncyCastle.Tsp
 
 		public string MessageImprintAlgOid
 		{
-			get { return req.MessageImprint.HashAlgorithm.ObjectID.Id; }
+            get { return req.MessageImprint.HashAlgorithm.Algorithm.Id; }
 		}
 
 		public byte[] GetMessageImprintDigest()
diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs
index 51a9592dc..105208a7d 100644
--- a/crypto/src/tsp/TimeStampToken.cs
+++ b/crypto/src/tsp/TimeStampToken.cs
@@ -271,10 +271,10 @@ namespace Org.BouncyCastle.Tsp
 				if (certID != null)
 					return "SHA-1";
 
-				if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.ObjectID))
+                if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.Algorithm))
 					return "SHA-256";
 
-				return certIDv2.HashAlgorithm.ObjectID.Id;
+                return certIDv2.HashAlgorithm.Algorithm.Id;
 			}
 
 			public AlgorithmIdentifier GetHashAlgorithm()
diff --git a/crypto/src/tsp/TimeStampTokenInfo.cs b/crypto/src/tsp/TimeStampTokenInfo.cs
index 5027a87c4..cdef826bc 100644
--- a/crypto/src/tsp/TimeStampTokenInfo.cs
+++ b/crypto/src/tsp/TimeStampTokenInfo.cs
@@ -86,7 +86,7 @@ namespace Org.BouncyCastle.Tsp
 
 		public string MessageImprintAlgOid
 		{
-			get { return tstInfo.MessageImprint.HashAlgorithm.ObjectID.Id; }
+            get { return tstInfo.MessageImprint.HashAlgorithm.Algorithm.Id; }
 		}
 
 		public byte[] GetMessageImprintDigest()
diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs
index 3a6af4c20..04460cd59 100644
--- a/crypto/src/x509/AttributeCertificateHolder.cs
+++ b/crypto/src/x509/AttributeCertificateHolder.cs
@@ -103,7 +103,7 @@ namespace Org.BouncyCastle.X509
 			// TODO Allow 'objectDigest' to be null?
 
 			holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID,
-				new AlgorithmIdentifier(digestAlgorithm), Arrays.Clone(objectDigest)));
+				new AlgorithmIdentifier(new DerObjectIdentifier(digestAlgorithm)), Arrays.Clone(objectDigest)));
 		}
 
 		/**
@@ -147,7 +147,7 @@ namespace Org.BouncyCastle.X509
 
 				return odi == null
 					?	null
-					:	odi.DigestAlgorithm.ObjectID.Id;
+					:	odi.DigestAlgorithm.Algorithm.Id;
 			}
 		}
 
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 472ef7308..6d7bd7a61 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -246,7 +246,7 @@ namespace Org.BouncyCastle.X509
 		/// A sting representing the signature algorithm.
 		public virtual string SigAlgName
 		{
-			get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.ObjectID); }
+            get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.Algorithm); }
 		}
 
 		/// 
@@ -255,7 +255,7 @@ namespace Org.BouncyCastle.X509
 		/// A string containg a '.' separated object id.
 		public virtual string SigAlgOid
 		{
-			get { return c.SignatureAlgorithm.ObjectID.Id; }
+            get { return c.SignatureAlgorithm.Algorithm.Id; }
 		}
 
 		/// 
@@ -586,7 +586,7 @@ namespace Org.BouncyCastle.X509
 
 		private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
 		{
-			if (!id1.ObjectID.Equals(id2.ObjectID))
+            if (!id1.Algorithm.Equals(id2.Algorithm))
 				return false;
 
 			Asn1Encodable p1 = id1.Parameters;
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index ee564dacb..ecfb14132 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -221,7 +221,7 @@ namespace Org.BouncyCastle.X509
 
 		public virtual string SigAlgOid
 		{
-			get { return c.SignatureAlgorithm.ObjectID.Id; }
+            get { return c.SignatureAlgorithm.Algorithm.Id; }
 		}
 
 		public virtual byte[] GetSigAlgParams()
diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs
index 7a4ab1448..858b8f446 100644
--- a/crypto/src/x509/X509SignatureUtil.cs
+++ b/crypto/src/x509/X509SignatureUtil.cs
@@ -55,13 +55,13 @@ namespace Org.BouncyCastle.X509
 
 			if (parameters != null && !derNull.Equals(parameters))
 			{
-				if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+                if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
 				{
 					RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters);
 
-					return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+                    return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
 				}
-				if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
+                if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
 				{
 					Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters);
 
@@ -69,7 +69,7 @@ namespace Org.BouncyCastle.X509
 				}
 			}
 
-			return sigAlgId.ObjectID.Id;
+            return sigAlgId.Algorithm.Id;
 		}
 
 		/**
diff --git a/crypto/test/src/asn1/test/BitStringTest.cs b/crypto/test/src/asn1/test/BitStringTest.cs
index fccaf8fa0..05be45941 100644
--- a/crypto/test/src/asn1/test/BitStringTest.cs
+++ b/crypto/test/src/asn1/test/BitStringTest.cs
@@ -31,12 +31,8 @@ namespace Org.BouncyCastle.Asn1.Tests
                 new DerBitString(null, 1);
                 Fail("exception not thrown");
             }
-            catch (ArgumentNullException e)
+            catch (ArgumentNullException)
             {
-                //if (!"data cannot be null".Equals(e.Message))
-                //{
-                //    Fail("Unexpected exception");
-                //}
             }
 
             try
@@ -44,12 +40,8 @@ namespace Org.BouncyCastle.Asn1.Tests
                 new DerBitString(new byte[0], 1);
                 Fail("exception not thrown");
             }
-            catch (ArgumentException e)
+            catch (ArgumentException)
             {
-                //if (!"zero length data with non-zero pad bits".Equals(e.Message))
-                //{
-                //    Fail("Unexpected exception");
-                //}
             }
 
             try
@@ -57,12 +49,8 @@ namespace Org.BouncyCastle.Asn1.Tests
                 new DerBitString(new byte[1], 8);
                 Fail("exception not thrown");
             }
-            catch (ArgumentException e)
+            catch (ArgumentException)
             {
-                //if (!"pad bits cannot be greater than 7 or less than 0".Equals(e.Message))
-                //{
-                //    Fail("Unexpected exception");
-                //}
             }
 
             DerBitString s2 = new DerBitString(0);
diff --git a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
index 042781632..914eda0b8 100644
--- a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
+++ b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
@@ -4,6 +4,7 @@ using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Icao;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Test;
@@ -29,7 +30,7 @@ namespace Org.BouncyCastle.Asn1.Tests
 
         public override void PerformTest()
         {
-            AlgorithmIdentifier  algoId = new AlgorithmIdentifier("1.3.14.3.2.26");
+            AlgorithmIdentifier  algoId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1);
             DataGroupHash[] datas = new DataGroupHash[2];
 
             datas[0] = new DataGroupHash(1, new DerOctetString(GenerateHash()));
diff --git a/crypto/test/src/crypto/test/Pkcs5Test.cs b/crypto/test/src/crypto/test/Pkcs5Test.cs
index 8066e8e41..fdf1e7a66 100644
--- a/crypto/test/src/crypto/test/Pkcs5Test.cs
+++ b/crypto/test/src/crypto/test/Pkcs5Test.cs
@@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Crypto.Tests
 
                 generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount);
 
-                DerObjectIdentifier algOid = scheme.ObjectID;
+                DerObjectIdentifier algOid = scheme.Algorithm;
 
                 byte[] iv;
                 if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc))
diff --git a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
index c6b39135e..cd9dfcfad 100644
--- a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
+++ b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
@@ -837,7 +837,7 @@ namespace Org.BouncyCastle.Pkcs.Tests
 			EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(sb.BagValue);
 
 			// check the key encryption
-			if (!encInfo.EncryptionAlgorithm.ObjectID.Equals(keyAlgorithm))
+            if (!encInfo.EncryptionAlgorithm.Algorithm.Equals(keyAlgorithm))
 			{
 				Fail("key encryption algorithm wrong");
 			}
@@ -845,7 +845,7 @@ namespace Org.BouncyCastle.Pkcs.Tests
 			// check the certificate encryption
 			EncryptedData cb = EncryptedData.GetInstance(c2.Content);
 
-			if (!cb.EncryptionAlgorithm.ObjectID.Equals(certAlgorithm))
+            if (!cb.EncryptionAlgorithm.Algorithm.Equals(certAlgorithm))
 			{
 				Fail("cert encryption algorithm wrong");
 			}
diff --git a/crypto/test/src/test/CertTest.cs b/crypto/test/src/test/CertTest.cs
index 9bb4df7d1..72e17e458 100644
--- a/crypto/test/src/test/CertTest.cs
+++ b/crypto/test/src/test/CertTest.cs
@@ -2452,7 +2452,7 @@ namespace Org.BouncyCastle.Tests
 
             DerSequence seq = new DerSequence(
                 tbsCertificate,
-                new AlgorithmIdentifier(sig.ObjectID),
+                new AlgorithmIdentifier(sig.Algorithm),
                 certStruct.Signature);
 
             try
diff --git a/crypto/test/src/test/PKCS10CertRequestTest.cs b/crypto/test/src/test/PKCS10CertRequestTest.cs
index ba62db32f..9bad0a678 100644
--- a/crypto/test/src/test/PKCS10CertRequestTest.cs
+++ b/crypto/test/src/test/PKCS10CertRequestTest.cs
@@ -193,7 +193,7 @@ namespace Org.BouncyCastle.Tests
                 Fail("Failed Verify check EC uncompressed encoded.");
             }
 
-            if (!req.SignatureAlgorithm.ObjectID.Equals(algOid))
+            if (!req.SignatureAlgorithm.Algorithm.Equals(algOid))
             {
                 Fail("ECDSA oid incorrect.");
             }
@@ -247,7 +247,7 @@ namespace Org.BouncyCastle.Tests
                 Fail("Failed Verify check EC encoded.");
             }
 
-            if (!req.SignatureAlgorithm.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001))
+            if (!req.SignatureAlgorithm.Algorithm.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001))
             {
                 Fail("ECGOST oid incorrect.");
             }
@@ -308,7 +308,7 @@ namespace Org.BouncyCastle.Tests
                 Fail("Failed verify check PSS encoded.");
             }
 
-            if (!req.SignatureAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+            if (!req.SignatureAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
             {
                 Fail("PSS oid incorrect.");
             }
-- 
cgit 1.5.1