FIx binary compatibility issues

peterdettman · peterdettman · commit 3d0253fd6482 · 2023-04-16T22:16:32.000+07:00
diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs
@@ -240,9 +240,9 @@ public virtual int GetReceiveLimit()
             var cipher = m_readEpoch.Cipher;
 
             int plaintextDecodeLimit;
-            if (cipher is AbstractTlsCipher abstractTlsCipher)
+            if (cipher is TlsCipherExt tlsCipherExt)
             {
-                plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(ciphertextLimit);
+                plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(ciphertextLimit);
             }
             else
             {
@@ -259,9 +259,9 @@ public virtual int GetSendLimit()
             int ciphertextLimit = m_transport.GetSendLimit() - m_writeEpoch.RecordHeaderLengthWrite;
 
             int plaintextEncodeLimit;
-            if (cipher is AbstractTlsCipher abstractTlsCipher)
+            if (cipher is TlsCipherExt tlsCipherExt)
             {
-                plaintextEncodeLimit = abstractTlsCipher.GetPlaintextEncodeLimit(ciphertextLimit);
+                plaintextEncodeLimit = tlsCipherExt.GetPlaintextEncodeLimit(ciphertextLimit);
             }
             else
             {
diff --git a/crypto/src/tls/RecordStream.cs b/crypto/src/tls/RecordStream.cs
@@ -153,9 +153,9 @@ internal RecordPreview PreviewRecordHeader(byte[] recordHeader)
                 var cipher = m_readCipher;
 
                 int plaintextDecodeLimit;
-                if (cipher is AbstractTlsCipher abstractTlsCipher)
+                if (cipher is TlsCipherExt tlsCipherExt)
                 {
-                    plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(length);
+                    plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(length);
                 }
                 else
                 {
diff --git a/crypto/src/tls/crypto/TlsCipher.cs b/crypto/src/tls/crypto/TlsCipher.cs
@@ -23,6 +23,7 @@ public interface TlsCipher
         /// <summary>Return the maximum size for the plaintext given ciphertextlimit bytes of ciphertext.</summary>
         /// <param name="ciphertextLimit">the maximum number of bytes of ciphertext.</param>
         /// <returns>the maximum size of the plaintext for ciphertextlimit bytes of input.</returns>
+        // TODO[api] Remove
         int GetPlaintextLimit(int ciphertextLimit);
 
         /// <summary>Encode the passed in plaintext using the current bulk cipher.</summary>
diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs b/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>A generic TLS 1.2 AEAD cipher.</summary>
     public class TlsAeadCipher
-        : AbstractTlsCipher
+        : TlsCipher, TlsCipherExt
     {
         public const int AEAD_CCM = 1;
         public const int AEAD_CHACHA20_POLY1305 = 2;
@@ -145,14 +145,14 @@ public TlsAeadCipher(TlsCryptoParameters cryptoParams, TlsAeadCipherImpl encrypt
             decryptCipher.Init(dummyNonce, macSize, null);
         }
 
-        public override int GetCiphertextDecodeLimit(int plaintextLimit)
+        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);
 
             return innerPlaintextLimit + m_macSize + m_record_iv_length;
         }
 
-        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
 
@@ -161,21 +161,27 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL
             return innerPlaintextLimit + m_macSize + m_record_iv_length;
         }
 
-        public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+        // TODO[api] Remove
+        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        {
+            return GetPlaintextEncodeLimit(ciphertextLimit);
+        }
+
+        public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
         {
             int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;
 
             return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+        public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
         {
             int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;
 
             return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength)
         {
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -257,7 +263,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];
@@ -334,7 +340,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 #endif
 
-        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int ciphertextOffset, int ciphertextLength)
         {
             if (GetPlaintextDecodeLimit(ciphertextLength) < 0)
@@ -421,17 +427,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P
             return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType);
         }
 
-        public override void RekeyDecoder()
+        public virtual void RekeyDecoder()
         {
             RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer);
         }
 
-        public override void RekeyEncoder()
+        public virtual void RekeyEncoder()
         {
             RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer);
         }
 
-        public override bool UsesOpaqueRecordType
+        public virtual bool UsesOpaqueRecordType
         {
             get { return m_isTlsV13; }
         }
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary>
     public class TlsBlockCipher
-        : AbstractTlsCipher
+        : TlsCipher, TlsCipherExt
     {
         protected readonly TlsCryptoParameters m_cryptoParams;
         protected readonly byte[] m_randomData;
@@ -155,7 +155,7 @@ public TlsBlockCipher(TlsCryptoParameters cryptoParams, TlsBlockCipherImpl encry
             }
         }
 
-        public override int GetCiphertextDecodeLimit(int plaintextLimit)
+        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             int blockSize = m_decryptCipher.GetBlockSize();
             int macSize = m_readMac.Size;
@@ -165,7 +165,7 @@ public override int GetCiphertextDecodeLimit(int plaintextLimit)
             return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);
         }
 
-        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
 
@@ -177,7 +177,13 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL
             return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);
         }
 
-        public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+        // TODO[api] Remove
+        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        {
+            return GetPlaintextEncodeLimit(ciphertextLimit);
+        }
+
+        public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
         {
             int blockSize = m_decryptCipher.GetBlockSize();
             int macSize = m_readMac.Size;
@@ -187,7 +193,7 @@ public override int GetPlaintextDecodeLimit(int ciphertextLimit)
             return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+        public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
         {
             int blockSize = m_encryptCipher.GetBlockSize();
             int macSize = m_writeMac.Size;
@@ -197,7 +203,7 @@ public override int GetPlaintextEncodeLimit(int ciphertextLimit)
             return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int offset, int len)
         {
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -285,7 +291,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             int blockSize = m_encryptCipher.GetBlockSize();
@@ -369,7 +375,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 #endif
 
-        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int offset, int len)
         {
             int blockSize = m_decryptCipher.GetBlockSize();
@@ -475,7 +481,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P
             return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);
         }
 
-        public override bool UsesOpaqueRecordType
+        public virtual void RekeyDecoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public virtual void RekeyEncoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public virtual bool UsesOpaqueRecordType
         {
             get { return false; }
         }
diff --git a/crypto/src/tls/crypto/impl/TlsCipherExt.cs b/crypto/src/tls/crypto/impl/TlsCipherExt.cs
@@ -0,0 +1,10 @@
+﻿namespace Org.BouncyCastle.Tls.Crypto
+{
+    // TODO[api] Merge into TlsCipher
+    public interface TlsCipherExt
+    {
+        int GetPlaintextDecodeLimit(int ciphertextLimit);
+
+        int GetPlaintextEncodeLimit(int ciphertextLimit);
+    }
+}
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>The NULL cipher.</summary>
     public class TlsNullCipher
-        : AbstractTlsCipher
+        : TlsCipher, TlsCipherExt
     {
         protected readonly TlsCryptoParameters m_cryptoParams;
         protected readonly TlsSuiteHmac m_readMac, m_writeMac;
@@ -69,14 +69,14 @@ public TlsNullCipher(TlsCryptoParameters cryptoParams, TlsHmac clientMac, TlsHma
             }
         }
 
-        public override int GetCiphertextDecodeLimit(int plaintextLimit)
+        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);
 
             return innerPlaintextLimit + m_readMac.Size;
         }
 
-        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);
 
@@ -85,21 +85,27 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL
             return innerPlaintextLimit + m_writeMac.Size;
         }
 
-        public override int GetPlaintextDecodeLimit(int ciphertextLimit)
+        // TODO[api] Remove
+        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        {
+            return GetPlaintextEncodeLimit(ciphertextLimit);
+        }
+
+        public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
         {
             int innerPlaintextLimit = ciphertextLimit - m_readMac.Size;
 
             return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override int GetPlaintextEncodeLimit(int ciphertextLimit)
+        public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
         {
             int innerPlaintextLimit = ciphertextLimit - m_writeMac.Size;
 
             return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);
         }
 
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int offset, int len)
         {
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -129,7 +135,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             int macSize = m_writeMac.Size;
@@ -155,7 +161,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P
         }
 #endif
 
-        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int offset, int len)
         {
             int macSize = m_readMac.Size;
@@ -196,7 +202,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P
             return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);
         }
 
-        public override bool UsesOpaqueRecordType
+        public virtual void RekeyDecoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public virtual void RekeyEncoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public virtual bool UsesOpaqueRecordType
         {
             get { return false; }
         }

Original file line number	Diff line number	Diff line change
`@@ -240,9 +240,9 @@ public virtual int GetReceiveLimit()`
`240`	`240`	`var cipher = m_readEpoch.Cipher;`
`241`	`241`
`242`	`242`	`int plaintextDecodeLimit;`
`243`		`- if (cipher is AbstractTlsCipher abstractTlsCipher)`
	`243`	`+ if (cipher is TlsCipherExt tlsCipherExt)`
`244`	`244`	`{`
`245`		`- plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(ciphertextLimit);`
	`245`	`+ plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(ciphertextLimit);`
`246`	`246`	`}`
`247`	`247`	`else`
`248`	`248`	`{`
`@@ -259,9 +259,9 @@ public virtual int GetSendLimit()`
`259`	`259`	`int ciphertextLimit = m_transport.GetSendLimit() - m_writeEpoch.RecordHeaderLengthWrite;`
`260`	`260`
`261`	`261`	`int plaintextEncodeLimit;`
`262`		`- if (cipher is AbstractTlsCipher abstractTlsCipher)`
	`262`	`+ if (cipher is TlsCipherExt tlsCipherExt)`
`263`	`263`	`{`
`264`		`- plaintextEncodeLimit = abstractTlsCipher.GetPlaintextEncodeLimit(ciphertextLimit);`
	`264`	`+ plaintextEncodeLimit = tlsCipherExt.GetPlaintextEncodeLimit(ciphertextLimit);`
`265`	`265`	`}`
`266`	`266`	`else`
`267`	`267`	`{`
Original file line number	Diff line number	Diff line change
`@@ -153,9 +153,9 @@ internal RecordPreview PreviewRecordHeader(byte[] recordHeader)`
`153`	`153`	`var cipher = m_readCipher;`
`154`	`154`
`155`	`155`	`int plaintextDecodeLimit;`
`156`		`- if (cipher is AbstractTlsCipher abstractTlsCipher)`
	`156`	`+ if (cipher is TlsCipherExt tlsCipherExt)`
`157`	`157`	`{`
`158`		`- plaintextDecodeLimit = abstractTlsCipher.GetPlaintextDecodeLimit(length);`
	`158`	`+ plaintextDecodeLimit = tlsCipherExt.GetPlaintextDecodeLimit(length);`
`159`	`159`	`}`
`160`	`160`	`else`
`161`	`161`	`{`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl`
`7`	`7`	`{`
`8`	`8`	`/// <summary>A generic TLS 1.2 AEAD cipher.</summary>`
`9`	`9`	`public class TlsAeadCipher`
`10`		`- : AbstractTlsCipher`
	`10`	`+ : TlsCipher, TlsCipherExt`
`11`	`11`	`{`
`12`	`12`	`public const int AEAD_CCM = 1;`
`13`	`13`	`public const int AEAD_CHACHA20_POLY1305 = 2;`
`@@ -145,14 +145,14 @@ public TlsAeadCipher(TlsCryptoParameters cryptoParams, TlsAeadCipherImpl encrypt`
`145`	`145`	`decryptCipher.Init(dummyNonce, macSize, null);`
`146`	`146`	`}`
`147`	`147`
`148`		`- public override int GetCiphertextDecodeLimit(int plaintextLimit)`
	`148`	`+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)`
`149`	`149`	`{`
`150`	`150`	`int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);`
`151`	`151`
`152`	`152`	`return innerPlaintextLimit + m_macSize + m_record_iv_length;`
`153`	`153`	`}`
`154`	`154`
`155`		`- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
	`155`	`+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
`156`	`156`	`{`
`157`	`157`	`plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);`
`158`	`158`
`@@ -161,21 +161,27 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL`
`161`	`161`	`return innerPlaintextLimit + m_macSize + m_record_iv_length;`
`162`	`162`	`}`
`163`	`163`
`164`		`- public override int GetPlaintextDecodeLimit(int ciphertextLimit)`
	`164`	`+ // TODO[api] Remove`
	`165`	`+ public virtual int GetPlaintextLimit(int ciphertextLimit)`
	`166`	`+ {`
	`167`	`+ return GetPlaintextEncodeLimit(ciphertextLimit);`
	`168`	`+ }`
	`169`	`+`
	`170`	`+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)`
`165`	`171`	`{`
`166`	`172`	`int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;`
`167`	`173`
`168`	`174`	`return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);`
`169`	`175`	`}`
`170`	`176`
`171`		`- public override int GetPlaintextEncodeLimit(int ciphertextLimit)`
	`177`	`+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)`
`172`	`178`	`{`
`173`	`179`	`int innerPlaintextLimit = ciphertextLimit - m_macSize - m_record_iv_length;`
`174`	`180`
`175`	`181`	`return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);`
`176`	`182`	`}`
`177`	`183`
`178`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`184`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`179`	`185`	`int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength)`
`180`	`186`	`{`
`181`	`187`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`@@ -257,7 +263,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`257`	`263`	`}`
`258`	`264`
`259`	`265`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`260`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`266`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`261`	`267`	`int headerAllocation, ReadOnlySpan<byte> plaintext)`
`262`	`268`	`{`
`263`	`269`	`byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];`
`@@ -334,7 +340,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`334`	`340`	`}`
`335`	`341`	`#endif`
`336`	`342`
`337`		`- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
	`343`	`+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
`338`	`344`	`byte[] ciphertext, int ciphertextOffset, int ciphertextLength)`
`339`	`345`	`{`
`340`	`346`	`if (GetPlaintextDecodeLimit(ciphertextLength) < 0)`
`@@ -421,17 +427,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P`
`421`	`427`	`return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType);`
`422`	`428`	`}`
`423`	`429`
`424`		`- public override void RekeyDecoder()`
	`430`	`+ public virtual void RekeyDecoder()`
`425`	`431`	`{`
`426`	`432`	`RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer);`
`427`	`433`	`}`
`428`	`434`
`429`		`- public override void RekeyEncoder()`
	`435`	`+ public virtual void RekeyEncoder()`
`430`	`436`	`{`
`431`	`437`	`RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer);`
`432`	`438`	`}`
`433`	`439`
`434`		`- public override bool UsesOpaqueRecordType`
	`440`	`+ public virtual bool UsesOpaqueRecordType`
`435`	`441`	`{`
`436`	`442`	`get { return m_isTlsV13; }`
`437`	`443`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl`
`8`	`8`	`{`
`9`	`9`	`/// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary>`
`10`	`10`	`public class TlsBlockCipher`
`11`		`- : AbstractTlsCipher`
	`11`	`+ : TlsCipher, TlsCipherExt`
`12`	`12`	`{`
`13`	`13`	`protected readonly TlsCryptoParameters m_cryptoParams;`
`14`	`14`	`protected readonly byte[] m_randomData;`
`@@ -155,7 +155,7 @@ public TlsBlockCipher(TlsCryptoParameters cryptoParams, TlsBlockCipherImpl encry`
`155`	`155`	`}`
`156`	`156`	`}`
`157`	`157`
`158`		`- public override int GetCiphertextDecodeLimit(int plaintextLimit)`
	`158`	`+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)`
`159`	`159`	`{`
`160`	`160`	`int blockSize = m_decryptCipher.GetBlockSize();`
`161`	`161`	`int macSize = m_readMac.Size;`
`@@ -165,7 +165,7 @@ public override int GetCiphertextDecodeLimit(int plaintextLimit)`
`165`	`165`	`return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);`
`166`	`166`	`}`
`167`	`167`
`168`		`- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
	`168`	`+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
`169`	`169`	`{`
`170`	`170`	`plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);`
`171`	`171`
`@@ -177,7 +177,13 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL`
`177`	`177`	`return GetCiphertextLength(blockSize, macSize, maxPadding, innerPlaintextLimit);`
`178`	`178`	`}`
`179`	`179`
`180`		`- public override int GetPlaintextDecodeLimit(int ciphertextLimit)`
	`180`	`+ // TODO[api] Remove`
	`181`	`+ public virtual int GetPlaintextLimit(int ciphertextLimit)`
	`182`	`+ {`
	`183`	`+ return GetPlaintextEncodeLimit(ciphertextLimit);`
	`184`	`+ }`
	`185`	`+`
	`186`	`+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)`
`181`	`187`	`{`
`182`	`188`	`int blockSize = m_decryptCipher.GetBlockSize();`
`183`	`189`	`int macSize = m_readMac.Size;`
`@@ -187,7 +193,7 @@ public override int GetPlaintextDecodeLimit(int ciphertextLimit)`
`187`	`193`	`return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);`
`188`	`194`	`}`
`189`	`195`
`190`		`- public override int GetPlaintextEncodeLimit(int ciphertextLimit)`
	`196`	`+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)`
`191`	`197`	`{`
`192`	`198`	`int blockSize = m_encryptCipher.GetBlockSize();`
`193`	`199`	`int macSize = m_writeMac.Size;`
`@@ -197,7 +203,7 @@ public override int GetPlaintextEncodeLimit(int ciphertextLimit)`
`197`	`203`	`return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);`
`198`	`204`	`}`
`199`	`205`
`200`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`206`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`201`	`207`	`int headerAllocation, byte[] plaintext, int offset, int len)`
`202`	`208`	`{`
`203`	`209`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`@@ -285,7 +291,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`285`	`291`	`}`
`286`	`292`
`287`	`293`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`288`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`294`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`289`	`295`	`int headerAllocation, ReadOnlySpan<byte> plaintext)`
`290`	`296`	`{`
`291`	`297`	`int blockSize = m_encryptCipher.GetBlockSize();`
`@@ -369,7 +375,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`369`	`375`	`}`
`370`	`376`	`#endif`
`371`	`377`
`372`		`- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
	`378`	`+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
`373`	`379`	`byte[] ciphertext, int offset, int len)`
`374`	`380`	`{`
`375`	`381`	`int blockSize = m_decryptCipher.GetBlockSize();`
`@@ -475,7 +481,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P`
`475`	`481`	`return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);`
`476`	`482`	`}`
`477`	`483`
`478`		`- public override bool UsesOpaqueRecordType`
	`484`	`+ public virtual void RekeyDecoder()`
	`485`	`+ {`
	`486`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`487`	`+ }`
	`488`	`+`
	`489`	`+ public virtual void RekeyEncoder()`
	`490`	`+ {`
	`491`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`492`	`+ }`
	`493`	`+`
	`494`	`+ public virtual bool UsesOpaqueRecordType`
`479`	`495`	`{`
`480`	`496`	`get { return false; }`
`481`	`497`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl`
`7`	`7`	`{`
`8`	`8`	`/// <summary>The NULL cipher.</summary>`
`9`	`9`	`public class TlsNullCipher`
`10`		`- : AbstractTlsCipher`
	`10`	`+ : TlsCipher, TlsCipherExt`
`11`	`11`	`{`
`12`	`12`	`protected readonly TlsCryptoParameters m_cryptoParams;`
`13`	`13`	`protected readonly TlsSuiteHmac m_readMac, m_writeMac;`
`@@ -69,14 +69,14 @@ public TlsNullCipher(TlsCryptoParameters cryptoParams, TlsHmac clientMac, TlsHma`
`69`	`69`	`}`
`70`	`70`	`}`
`71`	`71`
`72`		`- public override int GetCiphertextDecodeLimit(int plaintextLimit)`
	`72`	`+ public virtual int GetCiphertextDecodeLimit(int plaintextLimit)`
`73`	`73`	`{`
`74`	`74`	`int innerPlaintextLimit = plaintextLimit + (m_decryptUseInnerPlaintext ? 1 : 0);`
`75`	`75`
`76`	`76`	`return innerPlaintextLimit + m_readMac.Size;`
`77`	`77`	`}`
`78`	`78`
`79`		`- public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
	`79`	`+ public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)`
`80`	`80`	`{`
`81`	`81`	`plaintextLimit = System.Math.Min(plaintextLength, plaintextLimit);`
`82`	`82`
`@@ -85,21 +85,27 @@ public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextL`
`85`	`85`	`return innerPlaintextLimit + m_writeMac.Size;`
`86`	`86`	`}`
`87`	`87`
`88`		`- public override int GetPlaintextDecodeLimit(int ciphertextLimit)`
	`88`	`+ // TODO[api] Remove`
	`89`	`+ public virtual int GetPlaintextLimit(int ciphertextLimit)`
	`90`	`+ {`
	`91`	`+ return GetPlaintextEncodeLimit(ciphertextLimit);`
	`92`	`+ }`
	`93`	`+`
	`94`	`+ public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)`
`89`	`95`	`{`
`90`	`96`	`int innerPlaintextLimit = ciphertextLimit - m_readMac.Size;`
`91`	`97`
`92`	`98`	`return innerPlaintextLimit - (m_decryptUseInnerPlaintext ? 1 : 0);`
`93`	`99`	`}`
`94`	`100`
`95`		`- public override int GetPlaintextEncodeLimit(int ciphertextLimit)`
	`101`	`+ public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)`
`96`	`102`	`{`
`97`	`103`	`int innerPlaintextLimit = ciphertextLimit - m_writeMac.Size;`
`98`	`104`
`99`	`105`	`return innerPlaintextLimit - (m_encryptUseInnerPlaintext ? 1 : 0);`
`100`	`106`	`}`
`101`	`107`
`102`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`108`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`103`	`109`	`int headerAllocation, byte[] plaintext, int offset, int len)`
`104`	`110`	`{`
`105`	`111`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`@@ -129,7 +135,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`129`	`135`	`}`
`130`	`136`
`131`	`137`	`#if NETCOREAPP2_1_OR_GREATER \|\| NETSTANDARD2_1_OR_GREATER`
`132`		`- public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
	`138`	`+ public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,`
`133`	`139`	`int headerAllocation, ReadOnlySpan<byte> plaintext)`
`134`	`140`	`{`
`135`	`141`	`int macSize = m_writeMac.Size;`
`@@ -155,7 +161,7 @@ public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, P`
`155`	`161`	`}`
`156`	`162`	`#endif`
`157`	`163`
`158`		`- public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
	`164`	`+ public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,`
`159`	`165`	`byte[] ciphertext, int offset, int len)`
`160`	`166`	`{`
`161`	`167`	`int macSize = m_readMac.Size;`
`@@ -196,7 +202,17 @@ public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, P`
`196`	`202`	`return new TlsDecodeResult(ciphertext, offset, plaintextLength, contentType);`
`197`	`203`	`}`
`198`	`204`
`199`		`- public override bool UsesOpaqueRecordType`
	`205`	`+ public virtual void RekeyDecoder()`
	`206`	`+ {`
	`207`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`208`	`+ }`
	`209`	`+`
	`210`	`+ public virtual void RekeyEncoder()`
	`211`	`+ {`
	`212`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`213`	`+ }`
	`214`	`+`
	`215`	`+ public virtual bool UsesOpaqueRecordType`
`200`	`216`	`{`
`201`	`217`	`get { return false; }`
`202`	`218`	`}`