From b9c0074fb1b1b210182bba31d236664ea9ca37a8 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Fri, 21 Apr 2023 18:54:36 +0700
Subject: Patch #1 for 2.2

- enable optimized code in 'Publish' configuration
- fixed blocksRemaining tracking in GcmBlockCipher (not net60)
- complete connection ID for block ciphers with encrypt_then_mac (not net60)
- added some missing entries for the contributors file
---
 crypto/Contributors.html                     |  8 +++++++-
 crypto/Readme.html                           | 20 ++++++++++++++++++++
 crypto/src/BouncyCastle.Crypto.csproj        |  2 ++
 crypto/src/crypto/modes/GCMBlockCipher.cs    |  5 -----
 crypto/src/tls/crypto/impl/TlsBlockCipher.cs |  2 +-
 crypto/test/BouncyCastle.Crypto.Tests.csproj |  2 ++
 6 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/crypto/Contributors.html b/crypto/Contributors.html
index 921378c19..b297aa7b8 100644
--- a/crypto/Contributors.html
+++ b/crypto/Contributors.html
@@ -269,7 +269,7 @@ University of Wollongong, Institute of Cybersecurity and Cryptology, under the s
 		<p>Matthew Sitton (https://github.com/mdsitton) - Addition of missing ALPN Protocol names.</p>
 	    </li>
 	    <li>
-		<p>Jozef Gajdo&scaron; (https://github.com/harrison314) - Time constructor optimization, RevokedStatus fix.</p>
+		<p>Jozef Gajdo&scaron; (https://github.com/harrison314) - Time constructor optimization, RevokedStatus fix, improved thread-safe singleton code (e.g. X509Certificate/X509Crl cached encoding), SubjectPublicKeyInfo support in OpenSsl.PemWriter.</p>
 	    </li>
 		<li>
 			<p>Ben Adams (https://github.com/benaadams) - Performance optimization for AES-NI.</p>
@@ -277,6 +277,12 @@ University of Wollongong, Institute of Cybersecurity and Cryptology, under the s
 		<li>
 			<p>Daniel Bleichenbacher - Fixed rounding issue in FF1. Reported incompatible RFC 3394 wrapping of 64 bit keys.</p>
 		</li>
+		<li>
+			<p>Patrick (https://github.com/patagonaa) - Initial PR for DTLS Connection ID support (RFC 9146). PR to make DTLS initial resend timeout configurable.</p>
+		</li>
+		<li>
+			<p>Anh Vo (https://github.com/anhvoms) - Ported OpenSSH utilities from bc-java.</p>
+		</li>
 		</ul>
 	</body>
 </html>
diff --git a/crypto/Readme.html b/crypto/Readme.html
index 363a85636..d71cf63da 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -31,6 +31,8 @@
                             <li>
                                 <a href="#mozTocId3413">Notes:</a>
                                 <ol>
+                                    <li>
+                                        <a href="#mozTocId85330">Release 2.2.1</a>
                                     <li>
                                         <a href="#mozTocId85329">Release 2.2.0</a>
                                     <li>
@@ -325,6 +327,24 @@
         <hr style="WIDTH: 100%; HEIGHT: 2px">
         <h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
 
+        <h4><a class="mozTocH4" name="mozTocId85330"></a>Release 2.2.1, Friday April 21, 2023</h4>
+        <h5>Defects Fixed</h5>
+        <ul>
+            <li>Due to a defect in the build process, the 2.2.0 release assembly was not optimized. This has been rectified.</li>
+            <li>Fixed a regression in GcmBlockCipher that reduced the output limit to ~2^31 blocks instead of ~2^32 (net60 unaffected).</li>
+            <li>Fixed incomplete DTLS 1.2 Connection ID support for the case of a block cipher being negotiated with the encrypt_then_mac extension (net60 unaffected).</li>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See the (cumulative) list of GitHub pull requests that we have accepted at
+                <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
+            </li>
+        </ul>
+
         <h4><a class="mozTocH4" name="mozTocId85329"></a>Release 2.2.0, Monday April 17, 2023</h4>
         <h5>Defects Fixed</h5>
         <ul>
diff --git a/crypto/src/BouncyCastle.Crypto.csproj b/crypto/src/BouncyCastle.Crypto.csproj
index b7fc0cf30..b4b5f8f4e 100644
--- a/crypto/src/BouncyCastle.Crypto.csproj
+++ b/crypto/src/BouncyCastle.Crypto.csproj
@@ -71,6 +71,7 @@
   <PropertyGroup Condition="'$(Configuration)'=='Release'">
     <DefineConstants />
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <Optimize>True</Optimize>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)'=='Publish'">
@@ -78,6 +79,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <!-- Deterministic build. -->
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
+    <Optimize>True</Optimize>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/crypto/src/crypto/modes/GCMBlockCipher.cs b/crypto/src/crypto/modes/GCMBlockCipher.cs
index 16d9f3654..ad4c044d4 100644
--- a/crypto/src/crypto/modes/GCMBlockCipher.cs
+++ b/crypto/src/crypto/modes/GCMBlockCipher.cs
@@ -1716,11 +1716,6 @@ namespace Org.BouncyCastle.Crypto.Modes
 
         private void GetNextCtrBlock(byte[] block)
         {
-            if (blocksRemaining == 0)
-                throw new InvalidOperationException("Attempt to process too many blocks");
-
-            blocksRemaining--;
-
             Pack.UInt32_To_BE(++counter32, counter, 12);
 
             cipher.ProcessBlock(counter, 0, block, 0);
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index 479f00fc9..b9b8b2a76 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -277,7 +277,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 
             if (m_encryptThenMac)
             {
-                byte[] mac = m_writeMac.CalculateMac(seqNo, recordType, outBuf, headerAllocation,
+                byte[] mac = m_writeMac.CalculateMac(seqNo, recordType, m_encryptConnectionID, outBuf, headerAllocation,
                     outOff - headerAllocation);
                 Array.Copy(mac, 0, outBuf, outOff, mac.Length);
                 outOff += mac.Length;
diff --git a/crypto/test/BouncyCastle.Crypto.Tests.csproj b/crypto/test/BouncyCastle.Crypto.Tests.csproj
index 94d2eff7b..bc7e8cd9f 100644
--- a/crypto/test/BouncyCastle.Crypto.Tests.csproj
+++ b/crypto/test/BouncyCastle.Crypto.Tests.csproj
@@ -17,10 +17,12 @@
 
   <PropertyGroup Condition="'$(Configuration)'=='Release'">
     <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <Optimize>True</Optimize>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)'=='Publish'">
     <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <Optimize>True</Optimize>
   </PropertyGroup>
 
   <ItemGroup>
-- 
cgit 1.4.1