Enable SHA256.Create() calls to work for desktop applications on FIPS compliant machines.

Question

Enable SHA256.Create() calls to work for desktop applications on FIPS compliant machines.

NTaylorMullen opened this issue 8 years ago · 4 comments

When unnetcoreappifying our libraries we didn't also enable our SHA256.Create() implementations to work under the desktop framework. To do this you need to change SHA256.Create() the to the following:

public static SHA256 CreateSHA256()
{
	SHA256 sha256;

	try
	{
		sha256 = SHA256.Create();
	}
	// SHA256.Create is documented to throw this exception on FIPS compliant machines.
	// See: https://msdn.microsoft.com/en-us/library/z08hz7ad%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
	catch (System.Reflection.TargetInvocationException)
	{
		// Fallback to a FIPS compliant SHA256 algorithm.
		sha256 = new SHA256CryptoServiceProvider();
	}

	return sha256;
}

Answer 1 · 2017-06-08T18:52:34.000Z

Talked with @Eilon offline. Self-assigning.

Answer 2 · 2017-06-08T21:38:49.000Z

We should find out if the FIPS issue issue affects IncrementalHash.Create. It's a new type so it might do the right thing all the time.

Answer 3 · 2017-06-08T21:45:09.000Z

Yup, logged this issue with the intent of poking that 😄

Answer 4 · 2017-06-09T00:09:42.000Z

Yup, not a problem with the incremental hash implementation.