From 6c69cb8f36b63eeac7679710dec268d093886492 Mon Sep 17 00:00:00 2001 From: "N. Taylor Mullen" Date: Tue, 6 Jun 2017 16:07:49 -0700 Subject: [PATCH] Make SHA256 algorithm creation FIPS compliant. #6354 --- .../Cache/CacheTagKey.cs | 3 +-- .../Internal/CryptographyAlgorithms.cs | 25 +++++++++++++++++++ .../Internal/FileVersionProvider.cs | 3 +-- 3 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/CryptographyAlgorithms.cs diff --git a/src/Microsoft.AspNetCore.Mvc.TagHelpers/Cache/CacheTagKey.cs b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Cache/CacheTagKey.cs index e34ea32a33..67a5d8d761 100644 --- a/src/Microsoft.AspNetCore.Mvc.TagHelpers/Cache/CacheTagKey.cs +++ b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Cache/CacheTagKey.cs @@ -3,7 +3,6 @@ using System; using System.Collections.Generic; -using System.Security.Cryptography; using System.Text; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.TagHelpers.Internal; @@ -152,7 +151,7 @@ public string GenerateHashedKey() // The key is typically too long to be useful, so we use a cryptographic hash // as the actual key (better randomization and key distribution, so small vary // values will generate dramatically different keys). - using (var sha256 = SHA256.Create()) + using (var sha256 = CryptographyAlgorithms.CreateSHA256()) { var contentBytes = Encoding.UTF8.GetBytes(key); var hashedBytes = sha256.ComputeHash(contentBytes); diff --git a/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/CryptographyAlgorithms.cs b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/CryptographyAlgorithms.cs new file mode 100644 index 0000000000..02c28552e1 --- /dev/null +++ b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/CryptographyAlgorithms.cs @@ -0,0 +1,25 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System.Security.Cryptography; + +namespace Microsoft.AspNetCore.Mvc.TagHelpers.Internal +{ + public static class CryptographyAlgorithms + { + public static SHA256 CreateSHA256() + { + try + { + return SHA256.Create(); + } + // SHA256.Create is documented to throw this exception on FIPS compliant machines. + // See: https://msdn.microsoft.com/en-us/library/z08hz7ad%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396 + catch (System.Reflection.TargetInvocationException) + { + // Fallback to a FIPS compliant SHA256 algorithm. + return new SHA256CryptoServiceProvider(); + } + } + } +} diff --git a/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/FileVersionProvider.cs b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/FileVersionProvider.cs index c20d81145b..63476dffc9 100644 --- a/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/FileVersionProvider.cs +++ b/src/Microsoft.AspNetCore.Mvc.TagHelpers/Internal/FileVersionProvider.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; -using System.Security.Cryptography; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Caching.Memory; @@ -111,7 +110,7 @@ public string AddFileVersionToPath(string path) private static string GetHashForFile(IFileInfo fileInfo) { - using (var sha256 = SHA256.Create()) + using (var sha256 = CryptographyAlgorithms.CreateSHA256()) { using (var readStream = fileInfo.CreateReadStream()) {