dotnet · stephentoub · Jul 14, 2021 · Jul 13, 2021
@@ -85,6 +85,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
 |  __`SYSLIB0028`__ | X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key. |
 |  __`SYSLIB0029`__ | ProduceLegacyHmacValues is obsolete. Producing legacy HMAC values is no longer supported. |
 |  __`SYSLIB0030`__ | HMACSHA1 always uses the algorithm implementation provided by the platform. Use a constructor without the useManagedSha1 parameter. |
+|  __`SYSLIB0031`__ | EncodeOID is obsolete. Use the ASN.1 functionality provided in System.Formats.Asn1. |
 
 ## Analyzer Warnings
 

@@ -101,5 +101,8 @@ internal static class Obsoletions
 
         internal const string UseManagedSha1Message = "HMACSHA1 always uses the algorithm implementation provided by the platform. Use a constructor without the useManagedSha1 parameter.";
         internal const string UseManagedSha1DiagId = "SYSLIB0030";
+
+        internal const string CryptoConfigEncodeOIDMessage = "EncodeOID is obsolete. Use the ASN.1 functionality provided in System.Formats.Asn1.";
+        internal const string CryptoConfigEncodeOIDDiagId = "SYSLIB0031";
     }
 }
diff --git a/...es/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs b/...es/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs
@@ -133,6 +133,7 @@ public static void AddOID(string oid, params string[] names) { }
         public static object? CreateFromName(string name) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The default algorithm implementations might be removed, use strong type references like 'RSA.Create()' instead.")]
         public static object? CreateFromName(string name, params object?[]? args) { throw null; }
+        [System.ObsoleteAttribute("EncodeOID is obsolete. Use the ASN.1 functionality provided in System.Formats.Asn1.", DiagnosticId = "SYSLIB0031", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
         public static byte[] EncodeOID(string str) { throw null; }
         [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]

diff --git a/...Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.Browser.cs b/...Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.Browser.cs
@@ -23,6 +23,7 @@ public partial class CryptoConfig
         public static string? MapNameToOID(string name) => throw new PlatformNotSupportedException(SR.SystemSecurityCryptographyAlgorithms_PlatformNotSupported);
 
         [UnsupportedOSPlatform("browser")]
+        [Obsolete(Obsoletions.CryptoConfigEncodeOIDMessage, DiagnosticId = Obsoletions.CryptoConfigEncodeOIDDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public static byte[] EncodeOID(string str) => throw new PlatformNotSupportedException(SR.SystemSecurityCryptographyAlgorithms_PlatformNotSupported);
 
         [RequiresUnreferencedCode("The default algorithm implementations might be removed, use strong type references like 'RSA.Create()' instead.")]

diff --git a/.../System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs b/.../System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs
@@ -508,6 +508,7 @@ public static void AddOID(string oid, params string[] names)
         }
 
         [UnsupportedOSPlatform("browser")]
+        [Obsolete(Obsoletions.CryptoConfigEncodeOIDMessage, DiagnosticId = Obsoletions.CryptoConfigEncodeOIDDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public static byte[] EncodeOID(string str)
         {
             if (str == null)

diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
@@ -348,25 +348,30 @@ public static void CreateFromName_CtorArguments()
         [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
         public static void EncodeOID_Validation()
         {
+#pragma warning disable SYSLIB0031 // EncodeOID is obsolete
             Assert.Throws<ArgumentNullException>(() => CryptoConfig.EncodeOID(null));
             Assert.Throws<FormatException>(() => CryptoConfig.EncodeOID(string.Empty));
             Assert.Throws<FormatException>(() => CryptoConfig.EncodeOID("BAD.OID"));
             Assert.Throws<FormatException>(() => CryptoConfig.EncodeOID("1.2.BAD.OID"));
             Assert.Throws<OverflowException>(() => CryptoConfig.EncodeOID("1." + uint.MaxValue));
+#pragma warning restore SYSLIB0031
         }
 
         [Fact]
         [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
         public static void EncodeOID_Compat()
         {
+#pragma warning disable SYSLIB0031 // EncodeOID is obsolete
             string actual = CryptoConfig.EncodeOID("-1.2.-3").ByteArrayToHex();
             Assert.Equal("0602DAFD", actual); // Negative values not checked
+#pragma warning restore SYSLIB0031
         }
 
         [Fact]
         [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
         public static void EncodeOID_Length_Boundary()
         {
+#pragma warning disable SYSLIB0031 // EncodeOID is obsolete
             string valueToRepeat = "1.1";
 
             // Build a string like 1.11.11.11. ... .11.1, which has 0x80 separators.
@@ -379,6 +384,7 @@ public static void EncodeOID_Length_Boundary()
             // and would just clutter up this test, so only verify it doesn't throw.
             s = new StringBuilder(valueToRepeat.Length * 0x7f).Insert(0, valueToRepeat, 0x7f).ToString();
             CryptoConfig.EncodeOID(s);
+#pragma warning restore SYSLIB0031
         }
 
         [Theory]
@@ -392,9 +398,11 @@ public static void EncodeOID_Value_Boundary_And_Compat(uint elementValue, string
         {
             // Boundary cases in EncodeOID; output may produce the wrong value mathematically due to encoding
             // algorithm semantics but included here for compat reasons.
+#pragma warning disable SYSLIB0031 // EncodeOID is obsolete
             byte[] actual = CryptoConfig.EncodeOID("1." + elementValue.ToString());
             byte[] expected = expectedEncoding.HexToByteArray();
             Assert.Equal(expected, actual);
+#pragma warning restore SYSLIB0031
         }
 
         [Theory]
@@ -404,12 +412,14 @@ public static void EncodeOID_Value_Boundary_And_Compat(uint elementValue, string
         [InlineData("MD5", "1.2.840.113549.2.5", "06082A864886F70D0205")]
         public static void MapAndEncodeOID(string alg, string expectedOid, string expectedEncoding)
         {
+#pragma warning disable SYSLIB0031 // EncodeOID is obsolete
             string oid = CryptoConfig.MapNameToOID(alg);
             Assert.Equal(expectedOid, oid);
 
             byte[] actual = CryptoConfig.EncodeOID(oid);
             byte[] expected = expectedEncoding.HexToByteArray();
             Assert.Equal(expected, actual);
+#pragma warning restore SYSLIB0031
         }
 
         private static void VerifyCreateFromName<TExpected>(string name)