diff --git a/src/OrchardCore.Build/Dependencies.props b/src/OrchardCore.Build/Dependencies.props
index 6feeadb0930..9bf4271ddf2 100644
--- a/src/OrchardCore.Build/Dependencies.props
+++ b/src/OrchardCore.Build/Dependencies.props
@@ -66,6 +66,7 @@
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Media/OrchardCore.Media.csproj b/src/OrchardCore.Modules/OrchardCore.Media/OrchardCore.Media.csproj
index f8f748e573f..50f707aa709 100644
--- a/src/OrchardCore.Modules/OrchardCore.Media/OrchardCore.Media.csproj
+++ b/src/OrchardCore.Modules/OrchardCore.Media/OrchardCore.Media.csproj
@@ -44,6 +44,7 @@
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenService.cs b/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenService.cs
index 0d37c51b804..8e1726a799a 100644
--- a/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenService.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenService.cs
@@ -165,8 +165,6 @@ private string GetHash(string queryStringTokenKey)
entry.SlidingExpiration = TimeSpan.FromHours(5);
- using var hmac = new HMACSHA256(_hashKey);
-
// 'queryStringTokenKey' also contains prefix.
var chars = queryStringTokenKey.AsSpan(TokenCacheKeyPrefix.Length);
@@ -177,11 +175,11 @@ private string GetHash(string queryStringTokenKey)
: new byte[requiredLength];
// 256 for SHA-256, fits in stack nicely.
- Span hashBytes = stackalloc byte[hmac.HashSize];
+ Span hashBytes = stackalloc byte[HMACSHA256.HashSizeInBytes];
var stringBytesLength = Encoding.UTF8.GetBytes(chars, stringBytes);
- hmac.TryComputeHash(stringBytes[..stringBytesLength], hashBytes, out var hashBytesLength);
+ HMACSHA256.TryHashData(_hashKey, stringBytes[..stringBytesLength], hashBytes, out var hashBytesLength);
entry.Value = result = Convert.ToBase64String(hashBytes[..hashBytesLength]);
}
diff --git a/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenSettingsUpdater.cs b/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenSettingsUpdater.cs
index 22dfe2ea6b2..a42e4693d63 100644
--- a/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenSettingsUpdater.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Media/Processing/MediaTokenSettingsUpdater.cs
@@ -15,6 +15,8 @@ namespace OrchardCore.Media.Processing
///
public class MediaTokenSettingsUpdater : FeatureEventHandler, IModularTenantEvents
{
+ private const int DefaultMediaTokenKeySize = 64;
+
private readonly ISiteService _siteService;
private readonly ShellSettings _shellSettings;
@@ -38,10 +40,7 @@ public async Task ActivatedAsync()
{
var siteSettings = await _siteService.LoadSiteSettingsAsync();
- var rng = RandomNumberGenerator.Create();
-
- mediaTokenSettings.HashKey = new byte[64];
- rng.GetBytes(mediaTokenSettings.HashKey);
+ mediaTokenSettings.HashKey = RandomNumberGenerator.GetBytes(DefaultMediaTokenKeySize);
siteSettings.Put(mediaTokenSettings);
await _siteService.UpdateSiteSettingsAsync(siteSettings);
@@ -65,10 +64,7 @@ private async Task SetMediaTokenSettingsAsync(IFeatureInfo feature)
var siteSettings = await _siteService.LoadSiteSettingsAsync();
var mediaTokenSettings = siteSettings.As();
- var rng = RandomNumberGenerator.Create();
-
- mediaTokenSettings.HashKey = new byte[64];
- rng.GetBytes(mediaTokenSettings.HashKey);
+ mediaTokenSettings.HashKey = RandomNumberGenerator.GetBytes(DefaultMediaTokenKeySize);
siteSettings.Put(mediaTokenSettings);
await _siteService.UpdateSiteSettingsAsync(siteSettings);
diff --git a/src/OrchardCore.Modules/OrchardCore.Media/Services/AttachedMediaFieldFileService.cs b/src/OrchardCore.Modules/OrchardCore.Media/Services/AttachedMediaFieldFileService.cs
index 9ba785eb228..7fc4981d69e 100644
--- a/src/OrchardCore.Modules/OrchardCore.Media/Services/AttachedMediaFieldFileService.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Media/Services/AttachedMediaFieldFileService.cs
@@ -1,8 +1,7 @@
using System;
using System.Collections.Generic;
+using System.IO.Hashing;
using System.Linq;
-using System.Security.Cryptography;
-using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
@@ -126,20 +125,9 @@ private string GetContentItemFolder(ContentItem contentItem)
private async Task GetFileHashAsync(string filePath)
{
using var fs = await _fileStore.GetFileStreamAsync(filePath);
- using HashAlgorithm hashAlgorithm = MD5.Create();
- var hash = hashAlgorithm.ComputeHash(fs);
- return ByteArrayToHexString(hash);
- }
-
- public static string ByteArrayToHexString(byte[] bytes)
- {
- var sb = new StringBuilder();
- foreach (var b in bytes)
- {
- sb.Append(b.ToString("x2").ToLower());
- }
-
- return sb.ToString();
+ var hash = new XxHash32();
+ await hash.AppendAsync(fs);
+ return Convert.ToHexString(hash.GetCurrentHash()).ToLowerInvariant();
}
private static string GetFileExtension(string path)
diff --git a/src/OrchardCore.Modules/OrchardCore.Media/Services/ChunkFileUploadService.cs b/src/OrchardCore.Modules/OrchardCore.Media/Services/ChunkFileUploadService.cs
index 2a92961dabb..874455415ba 100644
--- a/src/OrchardCore.Modules/OrchardCore.Media/Services/ChunkFileUploadService.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Media/Services/ChunkFileUploadService.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Generic;
using System.IO;
+using System.IO.Hashing;
using System.Linq;
using System.Net.Http.Headers;
-using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
@@ -200,9 +200,14 @@ private static FileStream CreateTemporaryFile(string tempPath, long size)
private static string CalculateHash(params string[] parts)
{
- var hash = SHA256.HashData(Encoding.UTF8.GetBytes(string.Join(string.Empty, parts)));
+ var hash = new XxHash64();
- return Convert.ToHexString(hash);
+ foreach (var part in parts)
+ {
+ hash.Append(Encoding.UTF8.GetBytes(part));
+ }
+
+ return Convert.ToHexString(hash.GetCurrentHash());
}
private sealed class ChunkedFormFile : IFormFile, IDisposable
diff --git a/src/OrchardCore.Modules/OrchardCore.Twitter/Services/TwitterClientMessageHandler.cs b/src/OrchardCore.Modules/OrchardCore.Twitter/Services/TwitterClientMessageHandler.cs
index ff7af14ca8f..000a11f210c 100644
--- a/src/OrchardCore.Modules/OrchardCore.Twitter/Services/TwitterClientMessageHandler.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Twitter/Services/TwitterClientMessageHandler.cs
@@ -38,7 +38,7 @@ protected override async Task SendAsync(HttpRequestMessage
public virtual string GetNonce()
{
- return Convert.ToBase64String(new ASCIIEncoding().GetBytes(_clock.UtcNow.Ticks.ToString()));
+ return Convert.ToBase64String(Encoding.ASCII.GetBytes(_clock.UtcNow.Ticks.ToString()));
}
public async Task ConfigureOAuthAsync(HttpRequestMessage request)
@@ -100,11 +100,7 @@ public async Task ConfigureOAuthAsync(HttpRequestMessage request)
var secret = string.Concat(_twitterSettings.ConsumerSecret, "&", _twitterSettings.AccessTokenSecret);
- string signature;
- using (var hasher = new HMACSHA1(Encoding.ASCII.GetBytes(secret)))
- {
- signature = Convert.ToBase64String(hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString)));
- }
+ var signature = Convert.ToBase64String(HMACSHA1.HashData(key: Encoding.UTF8.GetBytes(secret), source: Encoding.UTF8.GetBytes(baseString)));
var sb = new StringBuilder();
sb.Append("oauth_consumer_key=\"").Append(Uri.EscapeDataString(_twitterSettings.ConsumerKey)).Append("\", ");