From a977fd3ee6ef0be3afe5356b9046bdd94d40b9a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damian=20B=C3=BCchel?= Date: Thu, 13 Jun 2024 16:34:04 +0200 Subject: [PATCH] SEBWIN-898, SEBWIN-893, #883: Patch of version 3.6.0 which fixes concurrency issue with CK and BEK hash calculation. --- .../Cryptography/KeyGenerator.cs | 9 +++++---- appveyor-release.yml | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs b/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs index 36a65d02..9c337d9a 100644 --- a/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs +++ b/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs @@ -9,6 +9,7 @@ using System; using System.Security.Cryptography; using System.Text; +using System.Threading; using SafeExamBrowser.Configuration.Contracts; using SafeExamBrowser.Configuration.Contracts.Cryptography; using SafeExamBrowser.Configuration.Contracts.Integrity; @@ -20,7 +21,7 @@ namespace SafeExamBrowser.Configuration.Cryptography { private readonly object @lock = new object(); - private readonly SHA256Managed algorithm; + private readonly ThreadLocal algorithm; private readonly AppConfig appConfig; private readonly IIntegrityModule integrityModule; private readonly ILogger logger; @@ -29,7 +30,7 @@ namespace SafeExamBrowser.Configuration.Cryptography public KeyGenerator(AppConfig appConfig, IIntegrityModule integrityModule, ILogger logger) { - this.algorithm = new SHA256Managed(); + this.algorithm = new ThreadLocal(() => new SHA256Managed()); this.appConfig = appConfig; this.integrityModule = integrityModule; this.logger = logger; @@ -52,7 +53,7 @@ namespace SafeExamBrowser.Configuration.Cryptography public string CalculateBrowserExamKeyHash(string configurationKey, byte[] salt, string url) { var urlWithoutFragment = url.Split('#')[0]; - var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt)))); + var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt)))); var key = ToString(hash); return key; @@ -61,7 +62,7 @@ namespace SafeExamBrowser.Configuration.Cryptography public string CalculateConfigurationKeyHash(string configurationKey, string url) { var urlWithoutFragment = url.Split('#')[0]; - var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey)); + var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey)); var key = ToString(hash); return key; diff --git a/appveyor-release.yml b/appveyor-release.yml index e509bc9b..a7a71c68 100644 --- a/appveyor-release.yml +++ b/appveyor-release.yml @@ -1,4 +1,4 @@ -version: '3.6.0.{build}' +version: '3.6.1.{build}' image: Windows configuration: Release platform: @@ -12,7 +12,7 @@ assembly_info: file: AssemblyInfo.* assembly_version: '{version}' assembly_file_version: '{version}' - assembly_informational_version: '3.6.0 ($(platform))' + assembly_informational_version: '3.6.1 ($(platform))' install: - appveyor DownloadFile "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" build_script: