huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make SHA256 algorithm creation FIPS compliant. 

#144
This commit is contained in:
N. Taylor Mullen 2017-06-06 17:01:50 -07:00
parent a242c4b0f0
commit bdf115a5ff
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgeryOptionsSetup.cs
View File

@ -2,7 +2,6 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Linq; using System.Linq;
using System.Security.Cryptography;
using System.Text; using System.Text;
using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.WebUtilities; using Microsoft.AspNetCore.WebUtilities;
@ -28,7 +27,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
private static string ComputeCookieName(string applicationId) private static string ComputeCookieName(string applicationId)
{ {
using (var sha256 = SHA256.Create()) using (var sha256 = CryptographyAlgorithms.CreateSHA256())
{ {
var hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(applicationId)); var hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(applicationId));
var subHash = hash.Take(8).ToArray(); var subHash = hash.Take(8).ToArray();

2
src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgerySerializationContext.cs
View File

@ -88,7 +88,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
{ {
if (_sha256 == null) if (_sha256 == null)
{ {
_sha256 = SHA256.Create(); _sha256 = CryptographyAlgorithms.CreateSHA256();
} }
return _sha256; return _sha256;

25
src/Microsoft.AspNetCore.Antiforgery/Internal/CryptographyAlgorithms.cs Normal file
View File

@ -0,0 +1,25 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Cryptography;
namespace Microsoft.AspNetCore.Antiforgery.Internal
{
public static class CryptographyAlgorithms
{
public static SHA256 CreateSHA256()
{
try
{
return SHA256.Create();
}
// SHA256.Create is documented to throw this exception on FIPS compliant machines.
// See: https://msdn.microsoft.com/en-us/library/z08hz7ad%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
catch (System.Reflection.TargetInvocationException)
{
// Fallback to a FIPS compliant SHA256 algorithm.
return new SHA256CryptoServiceProvider();
}
}
}
}