Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

dghgit · dghgit · commit e91cab0715c0 · 2024-03-30T04:09:41.000+11:00
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/Ed25519Test.java b/core/src/test/java/org/bouncycastle/crypto/test/Ed25519Test.java
@@ -34,6 +34,8 @@ public static void main(String[] args)
 
     public void performTest() throws Exception
     {
+        basicSigTest();
+
         for (int i = 0; i < 10; ++i)
         {
             testConsistency(Ed25519.Algorithm.Ed25519, null);
@@ -43,7 +45,6 @@ public void performTest() throws Exception
             testConsistency(Ed25519.Algorithm.Ed25519ph, context);
         }
 
-        basicSigTest();
         testRegressionInfiniteLoop();
     }
 
@@ -837,9 +838,9 @@ private void testRegressionInfiniteLoop() throws Exception
 
             signer.init(false, pub);
             signer.update(msg, 0, msg.length);
-            if (!signer.verifySignature(sig)) {
-                fail("signature verification failed for test vector: " + error);
-            }
+            boolean shouldVerify = signer.verifySignature(sig);
+
+            isTrue("signature verification failed for test vector: " + error, shouldVerify);
         }
     }
 }
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/Ed448Test.java b/core/src/test/java/org/bouncycastle/crypto/test/Ed448Test.java
diff --git a/pkix/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java b/pkix/src/main/java/org/bouncycastle/mozilla/SignedPublicKeyAndChallenge.java
@@ -121,7 +121,7 @@ public boolean verify(String provider)
         {
             sig.update(spkacSeq.getPublicKeyAndChallenge().getEncoded());
 
-            return sig.verify(spkacSeq.getSignature().getBytes());
+            return sig.verify(spkacSeq.getSignature().getOctets());
         }
         catch (Exception e)
         {
diff --git a/pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/pkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java
@@ -434,7 +434,7 @@ public boolean verify(byte[] expected)
                 {
                     if (sigs[i] != null)
                     {
-                        if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes()))
+                        if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets()))
                         {
                             failed = true;
                         }
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java
@@ -259,7 +259,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1
         
         sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());
         
-        if (!sig.verify(req.toASN1Structure().getSignature().getBytes()))
+        if (!sig.verify(req.toASN1Structure().getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java
@@ -14,6 +14,7 @@
 import java.util.Collections;
 import java.util.List;
 
+import org.bouncycastle.asn1.ASN1BitString;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -250,7 +251,7 @@ protected boolean engineVerify(byte[] signature)
         {
             this.componentSignatures.get(i).update(this.OIDBytes);
             this.componentSignatures.get(i).update(digestResult); //in total, "OID || digest(message)" is the message fed into each component signature
-            if (!this.componentSignatures.get(i).verify(DERBitString.getInstance(signatureSequence.getObjectAt(i)).getBytes()))
+            if (!this.componentSignatures.get(i).verify(ASN1BitString.getInstance(signatureSequence.getObjectAt(i)).getOctets()))
             {
                 fail = true;
             }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
@@ -134,6 +134,11 @@ else if (key instanceof RSAPublicKey)
     protected int engineGetOutputSize(
         int     inputLen) 
     {
+        if (tlsRsaSpec != null)
+        {
+            return TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;
+        }
+
         try
         {
             return cipher.getOutputBlockSize();
@@ -334,6 +339,7 @@ else if (key instanceof RSAPrivateKey)
             }
             else if (params instanceof TLSRSAPremasterSecretParameterSpec)
             {
+                // TODO Restrict mode to DECRYPT_MODE (and/or UNWRAP_MODE)
                 if (!(param instanceof RSAKeyParameters) || !((RSAKeyParameters)param).isPrivate())
                 {
                     throw new InvalidKeyException("RSA private key required for TLS decryption");
@@ -353,6 +359,7 @@ else if (params instanceof TLSRSAPremasterSecretParameterSpec)
         }
         else
         {
+            // TODO Remove after checking all AsymmetricBlockCipher init methods?
             param = new ParametersWithRandom(param, CryptoServicesRegistrar.getSecureRandom());
         }
 
@@ -446,6 +453,7 @@ protected byte[] engineDoFinal(
         int     inputLen) 
         throws IllegalBlockSizeException, BadPaddingException
     {
+        // TODO Can input actually be null?
         if (input != null)
         {
             engineUpdate(input, inputOffset, inputLen);
@@ -462,16 +470,8 @@ protected int engineDoFinal(
         int     outputOffset) 
         throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
-        int outputSize;
-        if (tlsRsaSpec != null)
-        {
-            outputSize = TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;
-        }
-        else
-        {
-            outputSize = engineGetOutputSize(input == null ? 0 : inputLen);
-        }
-
+        // TODO Can input actually be null?
+        int outputSize = engineGetOutputSize(input == null ? 0 : inputLen);
         if (outputOffset > output.length - outputSize)
         {
             throw new ShortBufferException("output buffer too short for input.");
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLImpl.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLImpl.java
@@ -242,7 +242,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
         {
             List<PublicKey> pubKeys = ((CompositePublicKey)key).getPublicKeys();
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != pubKeys.size(); i++)
@@ -264,7 +264,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
                     checkSignature(
                         (PublicKey)pubKeys.get(i), signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
                     success = true;
                 }
                 catch (SignatureException e)
@@ -286,7 +286,7 @@ private void doVerify(PublicKey key, SignatureCreator sigCreator)
         else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
         {
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != sigSeq.size(); i++)
@@ -303,7 +303,7 @@ else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
                     checkSignature(
                         key, signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
 
                     success = true;
                 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateImpl.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateImpl.java
@@ -624,7 +624,7 @@ private void doVerify(
         {
             List<PublicKey> pubKeys = ((CompositePublicKey)key).getPublicKeys();
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != pubKeys.size(); i++)
@@ -645,7 +645,7 @@ private void doVerify(
                     checkSignature(
                         (PublicKey)pubKeys.get(i), signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
                     success = true;
                 }
                 catch (SignatureException e)
@@ -667,7 +667,7 @@ private void doVerify(
         else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
         {
             ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
-            ASN1Sequence sigSeq = ASN1Sequence.getInstance(ASN1BitString.getInstance(c.getSignature()).getBytes());
+            ASN1Sequence sigSeq = ASN1Sequence.getInstance(c.getSignature().getOctets());
 
             boolean success = false;
             for (int i = 0; i != sigSeq.size(); i++)
@@ -684,7 +684,7 @@ else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm()))
                     checkSignature(
                         key, signature,
                         sigAlg.getParameters(),
-                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
+                        ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets());
 
                     success = true;
                 }
diff --git a/prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
@@ -112,8 +112,7 @@ public NetscapeCertRequest (ASN1Sequence spkac)
 
             SubjectPublicKeyInfo pubkeyinfo = SubjectPublicKeyInfo.getInstance(pkac.getObjectAt(0));
 
-            X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(
-                    pubkeyinfo).getBytes());
+            X509EncodedKeySpec xspec = new X509EncodedKeySpec(pubkeyinfo.getEncoded(ASN1Encoding.DER));
 
             keyAlg = pubkeyinfo.getAlgorithm();
             pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC")
@@ -207,7 +206,7 @@ public boolean verify(String challenge) throws NoSuchAlgorithmException,
         Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
                 "BC");
         sig.initVerify(pubkey);
-        sig.update(content.getBytes());
+        sig.update(content.getOctets());
 
         return sig.verify(sigBits);
     }
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/ProvOcspRevocationChecker.java b/prov/src/main/java/org/bouncycastle/jce/provider/ProvOcspRevocationChecker.java
@@ -431,7 +431,7 @@ static boolean validatedOcspResponse(BasicOCSPResponse basicResp, PKIXCertRevoca
 
             sig.update(basicResp.getTbsResponseData().getEncoded(ASN1Encoding.DER));
 
-            if (sig.verify(basicResp.getSignature().getBytes()))
+            if (sig.verify(basicResp.getSignature().getOctets()))
             {
                 if (nonce != null)
                 {
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/EdECTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/EdECTest.java
@@ -158,7 +158,7 @@ public void performTest()
         // yes, the demo certificate is invalid...
         sig.update(x25519Seq.getObjectAt(0).toASN1Primitive().getEncoded(ASN1Encoding.DL));
 
-        isTrue(sig.verify(x25519Cert.getSignature().getBytes()));
+        isTrue(sig.verify(x25519Cert.getSignature().getOctets()));
 
         CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
 
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java
@@ -41,7 +41,6 @@
 import org.bouncycastle.jce.spec.ECParameterSpec;
 import org.bouncycastle.jce.spec.ECPrivateKeySpec;
 import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
@@ -215,7 +214,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1
         
         sig.update(req.getCertificationRequestInfo().getEncoded());
         
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -294,7 +293,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid)
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -344,7 +343,7 @@ private void createECGOSTRequest()
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }
@@ -401,7 +400,7 @@ private void createPSSTest(String algorithm)
 
         sig.update(req.getCertificationRequestInfo().getEncoded());
 
-        if (!sig.verify(req.getSignature().getBytes()))
+        if (!sig.verify(req.getSignature().getOctets()))
         {
             fail("signature not mapped correctly.");
         }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,8 @@ public static void main(String[] args)`
`34`	`34`
`35`	`35`	`public void performTest() throws Exception`
`36`	`36`	`{`
	`37`	`+ basicSigTest();`
	`38`	`+`
`37`	`39`	`for (int i = 0; i < 10; ++i)`
`38`	`40`	`{`
`39`	`41`	`testConsistency(Ed25519.Algorithm.Ed25519, null);`
`@@ -43,7 +45,6 @@ public void performTest() throws Exception`
`43`	`45`	`testConsistency(Ed25519.Algorithm.Ed25519ph, context);`
`44`	`46`	`}`
`45`	`47`
`46`		`- basicSigTest();`
`47`	`48`	`testRegressionInfiniteLoop();`
`48`	`49`	`}`
`49`	`50`
`@@ -837,9 +838,9 @@ private void testRegressionInfiniteLoop() throws Exception`
`837`	`838`
`838`	`839`	`signer.init(false, pub);`
`839`	`840`	`signer.update(msg, 0, msg.length);`
`840`		`- if (!signer.verifySignature(sig)) {`
`841`		`- fail("signature verification failed for test vector: " + error);`
`842`		`- }`
	`841`	`+ boolean shouldVerify = signer.verifySignature(sig);`
	`842`	`+`
	`843`	`+ isTrue("signature verification failed for test vector: " + error, shouldVerify);`
`843`	`844`	`}`
`844`	`845`	`}`
`845`	`846`	`}`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ public boolean verify(String provider)`
`121`	`121`	`{`
`122`	`122`	`sig.update(spkacSeq.getPublicKeyAndChallenge().getEncoded());`
`123`	`123`
`124`		`- return sig.verify(spkacSeq.getSignature().getBytes());`
	`124`	`+ return sig.verify(spkacSeq.getSignature().getOctets());`
`125`	`125`	`}`
`126`	`126`	`catch (Exception e)`
`127`	`127`	`{`
Original file line number	Diff line number	Diff line change
`@@ -434,7 +434,7 @@ public boolean verify(byte[] expected)`
`434`	`434`	`{`
`435`	`435`	`if (sigs[i] != null)`
`436`	`436`	`{`
`437`		`- if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getBytes()))`
	`437`	`+ if (!sigs[i].verify(ASN1BitString.getInstance(sigSeq.getObjectAt(i)).getOctets()))`
`438`	`438`	`{`
`439`	`439`	`failed = true;`
`440`	`440`	`}`
Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1`
`259`	`259`
`260`	`260`	`sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());`
`261`	`261`
`262`		`- if (!sig.verify(req.toASN1Structure().getSignature().getBytes()))`
	`262`	`+ if (!sig.verify(req.toASN1Structure().getSignature().getOctets()))`
`263`	`263`	`{`
`264`	`264`	`fail("signature not mapped correctly.");`
`265`	`265`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`	`import java.util.Collections;`
`15`	`15`	`import java.util.List;`
`16`	`16`
	`17`	`+import org.bouncycastle.asn1.ASN1BitString;`
`17`	`18`	`import org.bouncycastle.asn1.ASN1EncodableVector;`
`18`	`19`	`import org.bouncycastle.asn1.ASN1Encoding;`
`19`	`20`	`import org.bouncycastle.asn1.ASN1ObjectIdentifier;`
`@@ -250,7 +251,7 @@ protected boolean engineVerify(byte[] signature)`
`250`	`251`	`{`
`251`	`252`	`this.componentSignatures.get(i).update(this.OIDBytes);`
`252`	`253`	`this.componentSignatures.get(i).update(digestResult); //in total, "OID \|\| digest(message)" is the message fed into each component signature`
`253`		`- if (!this.componentSignatures.get(i).verify(DERBitString.getInstance(signatureSequence.getObjectAt(i)).getBytes()))`
	`254`	`+ if (!this.componentSignatures.get(i).verify(ASN1BitString.getInstance(signatureSequence.getObjectAt(i)).getOctets()))`
`254`	`255`	`{`
`255`	`256`	`fail = true;`
`256`	`257`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,11 @@ else if (key instanceof RSAPublicKey)`
`134`	`134`	`protected int engineGetOutputSize(`
`135`	`135`	`int inputLen)`
`136`	`136`	`{`
	`137`	`+ if (tlsRsaSpec != null)`
	`138`	`+ {`
	`139`	`+ return TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;`
	`140`	`+ }`
	`141`	`+`
`137`	`142`	`try`
`138`	`143`	`{`
`139`	`144`	`return cipher.getOutputBlockSize();`
`@@ -334,6 +339,7 @@ else if (key instanceof RSAPrivateKey)`
`334`	`339`	`}`
`335`	`340`	`else if (params instanceof TLSRSAPremasterSecretParameterSpec)`
`336`	`341`	`{`
	`342`	`+ // TODO Restrict mode to DECRYPT_MODE (and/or UNWRAP_MODE)`
`337`	`343`	`if (!(param instanceof RSAKeyParameters) \|\| !((RSAKeyParameters)param).isPrivate())`
`338`	`344`	`{`
`339`	`345`	`throw new InvalidKeyException("RSA private key required for TLS decryption");`
`@@ -353,6 +359,7 @@ else if (params instanceof TLSRSAPremasterSecretParameterSpec)`
`353`	`359`	`}`
`354`	`360`	`else`
`355`	`361`	`{`
	`362`	`+ // TODO Remove after checking all AsymmetricBlockCipher init methods?`
`356`	`363`	`param = new ParametersWithRandom(param, CryptoServicesRegistrar.getSecureRandom());`
`357`	`364`	`}`
`358`	`365`
`@@ -446,6 +453,7 @@ protected byte[] engineDoFinal(`
`446`	`453`	`int inputLen)`
`447`	`454`	`throws IllegalBlockSizeException, BadPaddingException`
`448`	`455`	`{`
	`456`	`+ // TODO Can input actually be null?`
`449`	`457`	`if (input != null)`
`450`	`458`	`{`
`451`	`459`	`engineUpdate(input, inputOffset, inputLen);`
`@@ -462,16 +470,8 @@ protected int engineDoFinal(`
`462`	`470`	`int outputOffset)`
`463`	`471`	`throws IllegalBlockSizeException, BadPaddingException, ShortBufferException`
`464`	`472`	`{`
`465`		`- int outputSize;`
`466`		`- if (tlsRsaSpec != null)`
`467`		`- {`
`468`		`- outputSize = TlsRsaKeyExchange.PRE_MASTER_SECRET_LENGTH;`
`469`		`- }`
`470`		`- else`
`471`		`- {`
`472`		`- outputSize = engineGetOutputSize(input == null ? 0 : inputLen);`
`473`		`- }`
`474`		`-`
	`473`	`+ // TODO Can input actually be null?`
	`474`	`+ int outputSize = engineGetOutputSize(input == null ? 0 : inputLen);`
`475`	`475`	`if (outputOffset > output.length - outputSize)`
`476`	`476`	`{`
`477`	`477`	`throw new ShortBufferException("output buffer too short for input.");`
Original file line number	Diff line number	Diff line change
`@@ -431,7 +431,7 @@ static boolean validatedOcspResponse(BasicOCSPResponse basicResp, PKIXCertRevoca`
`431`	`431`
`432`	`432`	`sig.update(basicResp.getTbsResponseData().getEncoded(ASN1Encoding.DER));`
`433`	`433`
`434`		`- if (sig.verify(basicResp.getSignature().getBytes()))`
	`434`	`+ if (sig.verify(basicResp.getSignature().getOctets()))`
`435`	`435`	`{`
`436`	`436`	`if (nonce != null)`
`437`	`437`	`{`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,6 @@`
`41`	`41`	`import org.bouncycastle.jce.spec.ECParameterSpec;`
`42`	`42`	`import org.bouncycastle.jce.spec.ECPrivateKeySpec;`
`43`	`43`	`import org.bouncycastle.jce.spec.ECPublicKeySpec;`
`44`		`-import org.bouncycastle.math.ec.ECConstants;`
`45`	`44`	`import org.bouncycastle.math.ec.ECCurve;`
`46`	`45`	`import org.bouncycastle.util.encoders.Base64;`
`47`	`46`	`import org.bouncycastle.util.encoders.Hex;`
`@@ -215,7 +214,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1`
`215`	`214`
`216`	`215`	`sig.update(req.getCertificationRequestInfo().getEncoded());`
`217`	`216`
`218`		`- if (!sig.verify(req.getSignature().getBytes()))`
	`217`	`+ if (!sig.verify(req.getSignature().getOctets()))`
`219`	`218`	`{`
`220`	`219`	`fail("signature not mapped correctly.");`
`221`	`220`	`}`
`@@ -294,7 +293,7 @@ private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid)`
`294`	`293`
`295`	`294`	`sig.update(req.getCertificationRequestInfo().getEncoded());`
`296`	`295`
`297`		`- if (!sig.verify(req.getSignature().getBytes()))`
	`296`	`+ if (!sig.verify(req.getSignature().getOctets()))`
`298`	`297`	`{`
`299`	`298`	`fail("signature not mapped correctly.");`
`300`	`299`	`}`
`@@ -344,7 +343,7 @@ private void createECGOSTRequest()`
`344`	`343`
`345`	`344`	`sig.update(req.getCertificationRequestInfo().getEncoded());`
`346`	`345`
`347`		`- if (!sig.verify(req.getSignature().getBytes()))`
	`346`	`+ if (!sig.verify(req.getSignature().getOctets()))`
`348`	`347`	`{`
`349`	`348`	`fail("signature not mapped correctly.");`
`350`	`349`	`}`
`@@ -401,7 +400,7 @@ private void createPSSTest(String algorithm)`
`401`	`400`
`402`	`401`	`sig.update(req.getCertificationRequestInfo().getEncoded());`
`403`	`402`
`404`		`- if (!sig.verify(req.getSignature().getBytes()))`
	`403`	`+ if (!sig.verify(req.getSignature().getOctets()))`
`405`	`404`	`{`
`406`	`405`	`fail("signature not mapped correctly.");`
`407`	`406`	`}`