From b239f3cf22d5accb1b6d5477318661782a4a8bdb Mon Sep 17 00:00:00 2001
From: Scott Xu <scott-xu@msn.com>
Date: Sat, 22 Mar 2025 16:47:23 +0800
Subject: [PATCH 1/2] Use native AesGcm for .NET Framework from nuget

---
 Directory.Packages.props                           |  1 +
 src/Renci.SshNet/Renci.SshNet.csproj               |  6 +++++-
 .../Cryptography/Ciphers/AesGcmCipher.BclImpl.cs   |  2 +-
 .../Security/Cryptography/Ciphers/AesGcmCipher.cs  | 14 +++++++++++---
 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 8138199d5..cb2caaa34 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -11,6 +11,7 @@
     <PackageVersion Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageVersion Include="Meziantou.Analyzer" Version="2.0.220" />
     <!-- Should stay on LTS .NET releases. -->
+    <PackageVersion Include="Microsoft.Bcl.Cryptography" Version="10.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.3" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="9.0.9" />
     <PackageVersion Include="MSTest" Version="3.9.3" />
diff --git a/src/Renci.SshNet/Renci.SshNet.csproj b/src/Renci.SshNet/Renci.SshNet.csproj
index 446865229..6ec714ac3 100644
--- a/src/Renci.SshNet/Renci.SshNet.csproj
+++ b/src/Renci.SshNet/Renci.SshNet.csproj
@@ -49,7 +49,11 @@
     </PackageReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" !$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0')) ">
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net462' ">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' ">
     <PackageReference Include="System.Formats.Asn1" />
   </ItemGroup>
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
index de174d673..69af81e38 100644
--- a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
+++ b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
@@ -1,4 +1,4 @@
-#if NET
+#if !NETSTANDARD
 using System;
 using System.Security.Cryptography;
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
index ded36fc0d..81b7b278c 100644
--- a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
+++ b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
@@ -15,7 +15,7 @@ internal sealed partial class AesGcmCipher : SymmetricCipher, IDisposable
         private const int TagSizeInBytes = 16;
         private readonly byte[] _iv;
         private readonly int _aadLength;
-#if NET
+#if !NETSTANDARD
         private readonly Impl _impl;
 #else
         private readonly BouncyCastleImpl _impl;
@@ -62,10 +62,18 @@ public AesGcmCipher(byte[] key, byte[] iv, int aadLength)
             // SSH AES-GCM requires a 12-octet Initial IV
             _iv = iv.Take(12);
             _aadLength = aadLength;
-#if NET
+#if !NETSTANDARD
             if (System.Security.Cryptography.AesGcm.IsSupported)
             {
-                _impl = new BclImpl(key, _iv);
+                try
+                {
+                    _impl = new BclImpl(key, _iv);
+                }
+                catch (DllNotFoundException)
+                {
+                    // Mono doesn't have BCrypt.dll
+                    _impl = new BouncyCastleImpl(key, _iv);
+                }
             }
             else
 #endif

From 94992779267d2681fc2e2b1dfbd7c825682f6ee0 Mon Sep 17 00:00:00 2001
From: Rob Hague <rob.hague00@gmail.com>
Date: Fri, 14 Nov 2025 21:24:17 +0100
Subject: [PATCH 2/2] drop mono exception

---
 .../Security/Cryptography/Ciphers/AesGcmCipher.cs      | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
index 81b7b278c..c49bd3c6d 100644
--- a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
+++ b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
@@ -65,15 +65,7 @@ public AesGcmCipher(byte[] key, byte[] iv, int aadLength)
 #if !NETSTANDARD
             if (System.Security.Cryptography.AesGcm.IsSupported)
             {
-                try
-                {
-                    _impl = new BclImpl(key, _iv);
-                }
-                catch (DllNotFoundException)
-                {
-                    // Mono doesn't have BCrypt.dll
-                    _impl = new BouncyCastleImpl(key, _iv);
-                }
+                _impl = new BclImpl(key, _iv);
             }
             else
 #endif