From cdf84eb87ea61722ef4ba3d6ecd62e30c4891031 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Tue, 2 Aug 2016 10:50:12 -0700
Subject: [PATCH] Change SHA256 algorithm to work on FIPS-compliant machines.

#95
---
 .../Internal/AntiforgeryOptionsSetup.cs       |  2 +-
 .../AntiforgerySerializationContext.cs        |  2 +-
 .../Internal/CryptographyAlgorithms.cs        | 38 +++++++++++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Antiforgery/Internal/CryptographyAlgorithms.cs

diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgeryOptionsSetup.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgeryOptionsSetup.cs
index 1c5a3fa..29c3780 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgeryOptionsSetup.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgeryOptionsSetup.cs
@@ -28,7 +28,7 @@ public static void ConfigureOptions(AntiforgeryOptions options, DataProtectionOp
 
         private static string ComputeCookieName(string applicationId)
         {
-            using (var sha256 = SHA256.Create())
+            using (var sha256 = CryptographyAlgorithms.CreateSHA256())
             {
                 var hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(applicationId));
                 var subHash = hash.Take(8).ToArray();
diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgerySerializationContext.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgerySerializationContext.cs
index 5347f66..6d697fa 100644
--- a/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgerySerializationContext.cs
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/AntiforgerySerializationContext.cs
@@ -88,7 +88,7 @@ public SHA256 Sha256
             {
                 if (_sha256 == null)
                 {
-                    _sha256 = SHA256.Create();
+                    _sha256 = CryptographyAlgorithms.CreateSHA256();
                 }
 
                 return _sha256;
diff --git a/src/Microsoft.AspNetCore.Antiforgery/Internal/CryptographyAlgorithms.cs b/src/Microsoft.AspNetCore.Antiforgery/Internal/CryptographyAlgorithms.cs
new file mode 100644
index 0000000..95df639
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Antiforgery/Internal/CryptographyAlgorithms.cs
@@ -0,0 +1,38 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Cryptography;
+
+namespace Microsoft.AspNetCore.Antiforgery.Internal
+{
+    public static class CryptographyAlgorithms
+    {
+#if NETSTANDARD1_3
+        public static SHA256 CreateSHA256()
+        {
+            var sha256 = SHA256.Create();
+
+            return sha256;
+        }
+#else
+        public static SHA256 CreateSHA256()
+        {
+            SHA256 sha256;
+
+            try
+            {
+                sha256 = SHA256.Create();
+            }
+            // SHA256.Create is documented to throw this exception on FIPS compliant machines.
+            // See: https://msdn.microsoft.com/en-us/library/z08hz7ad%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
+            catch (System.Reflection.TargetInvocationException)
+            {
+                // Fallback to a FIPS compliant SHA256 algorithm.
+                sha256 = new SHA256CryptoServiceProvider();
+            }
+
+            return sha256;
+        }
+#endif
+    }
+}