Skip to content

FIPS Compliance Error #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CodyRWhite wants to merge 1 commit into
base: master
Choose a base branch
from
Open

FIPS Compliance Error #49

CodyRWhite wants to merge 1 commit into from

Conversation

@CodyRWhite
Copy link

@CodyRWhite CodyRWhite commented May 10, 2022

Updated SHA256 object creation to be FIPS compliant.

When running this script on a FIPS enforced machine the following error occurs

New-Object : Exception calling ".ctor" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
At C:\ProgramData\CloudLAPS Client\CLAPS_Client.ps1:212 char:50
+ ... 56Managed = New-Object -TypeName "System.Security.Cryptography.SHA256 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.
At C:\ProgramData\CloudLAPS Client\CLAPS_Client.ps1:221 char:33
+ ...             [byte[]]$ComputedHash = $SHA256Managed.ComputeHash($Encod ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Exception calling "SignHash" with "3" argument(s): "Value cannot be null.
Parameter name: hash"
At C:\ProgramData\CloudLAPS Client\CLAPS_Client.ps1:224 char:33
+ ...             [byte[]]$SignatureSigned = $RSAPrivateKey.SignHash($Compu ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException

Exception calling "ToBase64String" with "1" argument(s): "Value cannot be null.
Parameter name: inArray"
At C:\ProgramData\CloudLAPS Client\CLAPS_Client.ps1:227 char:33
+ ...             $SignatureString = [System.Convert]::ToBase64String($Sign ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException

@CodyRWhite
FIPS Compliant
0983e02 
Updated SHA256 object creation to be FIPS compliant.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CodyRWhite