-
-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to install when FIPS enabled. #171
Comments
Thanks for the report! Unfortunately I'm not sure when I personally be ready to fix something because of https://twitter.com/GitHub3F/status/1302228682870841345 Anyone can open PR. Here and/or for MvsSln project because this part is located there as you can see. But there is possible compatibility issue for GUID cmp in some places if we are talking about MvsSln fixes. I don't really remember an actual coverage for this feature, thus more like it can be approved only for planned 3.0 version. But we can also just try to fix this usage in DllExport project before MvsSln. I can try to coordinate some workflow if someone be ready for something. Let me know. Thanks. |
I've started review this task. So, what we will do... FIPS ... well, I would never agree* to do it voluntarily but if you work for any government agency, well, ok, I'll try to find some solution for the FIPS case.
I'll try to provide some solution anyway because MvsSln operates mainly only GUIDs and MD5 was just for a quick hashing of the any data from strings (but I don't actually remember where it was needed :)). I think I will at least temporarily distribute a special edition for this project in a separate branch. |
You can test the changes before release
|
* FIXED: Basic project integration stuck on adding property message. Issue #175. Modern VS/MSBuild 16.8+ * FIXED: Fixed integration with Conari and merging modules via ILMerge. Issue #170. * FIXED: double.NaN leads to errors for non exported methods. Issue #174. ``` syntax error at token '-' in: IL_0029: ldc.r8 -nan(ind) ``` * NEW: Manager. Implemented `-no-mgr` key: - Do not use manager for automatic restore the remote package. * CHANGED: FIPS compliant algorithms. Unable to install when FIPS enabled. Issue #171. * CHANGED: Improved the searching paths logic for RootPath and PkgPath, to be more loyal when no keys for some reason. Part of #175. * CHANGED: Updated MvsSln 2.5.3 https://github.com/3F/MvsSln/releases/tag/2.5.3 * CHANGED: Use special edition for DllExport project. Part of issue #171. https://github.com/3F/MvsSln branch: edition/DllExport
It has been changed to Huid implementation (Fnv-1a-128 (via LX4Cnh)) for future releases starting with 1d66cba Please note, Read more about here 3F/MvsSln#51 |
Steps to reproduce:
When installing nuget package, i'm getting below error and I think because net.r_eg.MvsSln.Extensions module is using an unsupported hashing algorithm by FIPS standard.
My laptop has FIPS enabled thus complaining about your code. Replacing MD5.Create() with any SHA in net.r_eg.MvsSln.Extensions would work for me and any FIPS enabled system out there.
Alternatives to MD5
Hoping to see a fix soon. Saves me time buil
. . .
DllExport -version
: 1.7.3Information from
Data
tab or log data:Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create()
at net.r_eg.MvsSln.Extensions.StringExtension.Guid(String str)
at net.r_eg.MvsSln.Core.XProject..ctor(ISlnResult data, ProjectItemCfg pItem, Project prj)
at net.r_eg.DllExport.Wizard.UI.Controls.ProjectItemsControl.<.ctor>b__24_0()
at System.Lazy
1.CreateValue() at System.Lazy
1.LazyInitValue()at net.r_eg.DllExport.Wizard.UI.Controls.ProjectItemsControl.Dispose(Boolean disposing)
at System.ComponentModel.Component.Finalize()
. . .
The text was updated successfully, but these errors were encountered: