From 150546e3b0479166ab44c1f134934206b708e4f5 Mon Sep 17 00:00:00 2001
From: aws-sdk-dotnet-automation <github-aws-sdk-dotnet-automation@amazon.com>
Date: Thu, 14 Oct 2021 01:25:19 +0000
Subject: [PATCH 1/2] build: version bump to 0.26

---
 version.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.json b/version.json
index bc8aec0c6..f6013a207 100644
--- a/version.json
+++ b/version.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "0.25",
+  "version": "0.26",
   "publicReleaseRefSpec": [
     ".*"
   ],

From d06fed1b6e1ff3659b35321f56a0f353bce40652 Mon Sep 17 00:00:00 2001
From: Norm Johanson <normj@amazon.com>
Date: Thu, 14 Oct 2021 16:31:30 -0700
Subject: [PATCH 2/2] fix: Lock access around the AES object for creating the
 IV and encryption.

---
 .../ServerModeHttpClient.cs                        | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs b/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs
index c86fc10f8..56cd1e7be 100644
--- a/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs
+++ b/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs
@@ -36,6 +36,8 @@ public class ServerModeHttpClientAuthorizationHandler : HttpClientHandler
         private readonly Func<Task<AWSCredentials>> _credentialsGenerator;
         private readonly Aes? _aes;
 
+        private static readonly object AES_LOCK = new object();
+
         internal ServerModeHttpClientAuthorizationHandler(Func<Task<AWSCredentials>> credentialsGenerator, Aes? aes = null)
         {
             _credentialsGenerator = credentialsGenerator;
@@ -73,8 +75,14 @@ public static void AddAuthorizationHeader(HttpRequestMessage request, ImmutableC
             string base64;
             if(aes != null)
             {
-                aes.GenerateIV();
-                var encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
+                byte[] iv;
+                lock (AES_LOCK)
+                {
+                    aes.GenerateIV();
+                    iv = aes.IV;
+                }
+
+                var encryptor = aes.CreateEncryptor(aes.Key, iv);
 
                 using var inputStream = new MemoryStream(Encoding.UTF8.GetBytes(json));
                 using var outputStream = new MemoryStream();
@@ -83,7 +91,7 @@ public static void AddAuthorizationHeader(HttpRequestMessage request, ImmutableC
                     inputStream.CopyTo(encryptStream);
                 }
 
-                base64 = $"{Convert.ToBase64String(aes.IV)} {Convert.ToBase64String(outputStream.ToArray())}";
+                base64 = $"{Convert.ToBase64String(iv)} {Convert.ToBase64String(outputStream.ToArray())}";
             }
             else
             {