FIPS compliant cryptography #69
Comments
|
This is an interesting question. I've not worked with FIPS. A brief search indicates that .NET should automatically manage SHA256 FIPS compliance but maybe I've not called it in a way .NET handles it correctly. Give me some time to look into this. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
markdomansky
added
bug
|
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.sha256managed.-ctor?view=net-6.0 What about SHA256Create()? |
I deployed WebJea only changing site specific info (node,cert). Everything completed with no errors at that point. Opened up browser to https://fqdn/webjea and received: "There was an error."
*note - I had to sanitize hostname and account names
FIPS does not support SHA256Managed. Can you support FIPS compliant cryptography other than System.Security.Cryptography.SHA256Managed..ctor() ? Or is there a workaround other than disabling FIPS?
The logs from the web event:
`Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 9/28/2021 11:57:39 AM
Event time (UTC): 9/28/2021 3:57:39 PM
Event ID: a5d420a67a8f4db2aebd9b624d4dbea9
Event sequence: 8
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/WebJEA-1-132773182583222319
Trust level: Full
Application Virtual Path: /WebJEA
Application Path: S:\inetpub\wwwroot\webjea\
Machine name: hostname
Process information:
Process ID: 4244
Process name: w3wp.exe
Account name: service account
Exception information:
Exception type: InvalidOperationException
Exception message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at WebJEA.Helpers.StringHash256(String strin) in C:\prj\WebJEA\WebJEA\Helpers.vb:line 42
at WebJEA._default.Page_Load(Object sender, EventArgs e) in C:\prj\WebJEA\WebJEA\default.aspx.vb:line 19
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Request information:
Request URL: https://fqdn:443/webjea/default.aspx
Request path: /webjea/default.aspx
User host address: xxxxxxxxx
User: user
Is authenticated: True
Authentication Type: Negotiate
Thread account name: service account
Thread information:
Thread ID: 12
Thread account name: service account
Is impersonating: False
Stack trace: at System.Security.Cryptography.SHA256Managed..ctor()
at WebJEA.Helpers.StringHash256(String strin) in C:\prj\WebJEA\WebJEA\Helpers.vb:line 42
at WebJEA._default.Page_Load(Object sender, EventArgs e) in C:\prj\WebJEA\WebJEA\default.aspx.vb:line 19
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)`
The text was updated successfully, but these errors were encountered: