upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix nesting of argon2 semaphore acquisition and release

Browse source 
Closes #45564

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
This commit is contained in:
Alexander Schwartz 2026-01-20 11:16:30 +01:00 committed by GitHub
parent dd0214bc78
commit df42e9140d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 23 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
crypto/default/src/main/java/org/keycloak/crypto/hash/Argon2PasswordHashProvider.java
View file

@ -110,32 +110,31 @@ public class Argon2PasswordHashProvider implements PasswordHashProvider {
private String encode(String rawPassword, byte[] salt, String version, String type, int hashLength, int parallelism, int memory, int iterations) { private String encode(String rawPassword, byte[] salt, String version, String type, int hashLength, int parallelism, int memory, int iterations) {
var tracing = TracingProviderUtil.getTracingProvider(); var tracing = TracingProviderUtil.getTracingProvider();
try { return tracing.trace(Argon2PasswordHashProvider.class, "encode", span -> {
return tracing.trace(Argon2PasswordHashProvider.class, "encode", span -> { try {
cpuCoreSemaphore.acquire();
try { try {
cpuCoreSemaphore.acquire(); org.bouncycastle.crypto.params.Argon2Parameters parameters = new org.bouncycastle.crypto.params.Argon2Parameters.Builder(Argon2Parameters.getTypeValue(type))
} catch (InterruptedException e) { .withVersion(Argon2Parameters.getVersionValue(version))
Thread.currentThread().interrupt(); .withSalt(salt)
throw new RuntimeException(e); .withParallelism(parallelism)
.withMemoryAsKB(memory)
.withIterations(iterations).build();
Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(parameters);
byte[] result = new byte[hashLength];
generator.generateBytes(rawPassword.toCharArray(), result);
return Base64.getEncoder().encodeToString(result);
} finally {
cpuCoreSemaphore.release();
} }
} catch (InterruptedException e) {
org.bouncycastle.crypto.params.Argon2Parameters parameters = new org.bouncycastle.crypto.params.Argon2Parameters.Builder(Argon2Parameters.getTypeValue(type)) Thread.currentThread().interrupt();
.withVersion(Argon2Parameters.getVersionValue(version)) throw new RuntimeException(e);
.withSalt(salt) }
.withParallelism(parallelism) });
.withMemoryAsKB(memory)
.withIterations(iterations).build();
Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(parameters);
byte[] result = new byte[hashLength];
generator.generateBytes(rawPassword.toCharArray(), result);
return Base64.getEncoder().encodeToString(result);
});
} finally {
cpuCoreSemaphore.release();
}
} }
private boolean checkCredData(String key, int expectedValue, PasswordCredentialData data) { private boolean checkCredData(String key, int expectedValue, PasswordCredentialData data) {