Free Support Forum - aspose.com

Aspose.Slides not FIPS compliant


#1

Hi,

using the latest Aspose.Slides package from Aspose.Total.net on a FIPS enabled environment we get the error “InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.” while doing the following operations:

  1. saving a PPTX file with password protection (due to a call done by Aspose.Slides to System.Security.Cryptography.RijndaelManaged class constructor);
  2. saving a PowerPoint file to PDF filetype, also without password protection (due to a call done by Aspose.Slides to System.Security.Cryptography.MD5.Create() method).

Point 1 can be easily solved replacing RijndaelManaged instance object with AesCryptoServiceProvider instance object.
Point 2 can be solved using a FIPS compliant hashing algorithm implementation (SHA256CryptoServiceProvider or even SHA1CryptoServiceProvider, at least at the time of writing).

Would it be kindly possible to get a FIPS compliant version of Aspose please? According to your site it should be already FIPS compliant (see page Aspose.Total for .NET - FIPS Compliance).
A similar case is Exception thrown when converting PPTX to PDF with FIPS mode enabled (work should have started in week 43, mid October).

Pasting the obfuscated stack trace for Point 1 and Point 2.

Thanks
Andrea

Point 1 StackTrace (Save to PPTX with password protection):

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.RijndaelManaged…ctor()
at Aspose.Slides. …ctor( , Byte[] , CipherMode )
at Aspose.Slides. .(Byte[] )
at Aspose.Slides. .()
at Aspose.Slides. .(Stream , String , Stream , )
at Aspose.Slides.Presentation.(Stream , PresentationTypeEx , IPptxOptions )
at Aspose.Slides.Presentation.Save(Stream stream, SaveFormat format, ISaveOptions options)

Point 2 StackTrace (Save to PDF even without password protection):

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create()
at Aspose.Slides. .…ctor( , )
at Aspose.Slides. .( , )
at Aspose.Slides.​ .( , )
at Aspose.Slides. .( , Boolean )
at Aspose.Slides. .( )
at Aspose.Slides.​ .36gb8j2pxayk423lsm4qwj9yq55a7hwh ( )
at Aspose.Slides. .lhrksw4qmpxsb9gbrklg24zzqz43kn79 ( ​ , )
at Aspose.Slides. ​ .lhrksw4qmpxsb9gbrklg24zzqz43kn79 ( ​ , )
at Aspose.Slides. ​ .lhrksw4qmpxsb9gbrklg24zzqz43kn79 ( ​ , )
at Aspose.Slides. ​ .lhrksw4qmpxsb9gbrklg24zzqz43kn79 ( ​ , )
at Aspose.Slides.​ .lhrksw4qmpxsb9gbrklg24zzqz43kn79 ( ​ , )
at Aspose.Slides.​ .( ​ , )
at Aspose.Slides. .(Presentation , Stream , Int32[] , PdfOptions , InterruptionToken )
at Aspose.Slides. .(Presentation , Stream , PdfOptions , InterruptionToken )
at Aspose.Slides.Presentation.Save(Stream stream, SaveFormat format, ISaveOptions options)
at Aspose.Slides.Presentation.Save(String fname, SaveFormat format, ISaveOptions options)


#2

@andreagasparin,

I have observed your requirements and regret to share that at present Aspose.Slides is not FIPS compliant and an issue with ID SLIDESNET-39845 has already been added in our issue tracking system to provide requested support. This thread has been linked with the issue so that you may be notified once the issue will be fixed.


#3

Hi Mudassir,

thanks for your reply. Could it be possible to know which version of Aspose.Slides will contain the fix for case SLIDESNET-39845?

Moreover, and maybe even more important: if possible we need a guarantee that all the “not FIPS compliant calls/code blocks” still present in Aspose are not used to handle any security aspect within Aspose library.
For example: all the code blocks that use MD5 are unrelated to security (MD5 is just used as fast digest of items of a dictionary that does not have any security implication).

Could Aspose absolutely guarantee this?

Thanks
Andrea


#4

@andreagasparin,

I have observed your comments. I regret to inform that issue is still unresolved and i request for your patience. We will share details with you regarding ETA soon.

For your above question we need to investigate this if we can provide this facility. We will get back to you soon.


#5

Hi,

are there any news regarding the questions I asked above? We have in particular some urgency to have an answer to the following question:

“Moreover, and maybe even more important: if possible we need a guarantee that all the “not FIPS compliant calls/code blocks” still present in Aspose are not used to handle any security aspect within Aspose library.
For example: all the code blocks that use MD5 are unrelated to security (MD5 is just used as fast digest of items of a dictionary that does not have any security implication).”

Or if it is not possible for you we need an ETA for the two FIPS related fixes I wrote above.

Thanks
Andrea


#6

@andreagasparin,

I have observed your comments and regret to inform that we are still investigating this and will be able to answer on Monday. I also like to inform that tickets are going to be resolved tentatively in Aspose.Slides 19.3. We will share good news with you soon.


#7

Hi Adnan,

are there any news for this issue? Will the fix be released with version 19.3?

Thanks
Andrea


#8

@andreagasparin,

I have observed your comments. I like to inform that issue is still in progress and Aspose.Slides 19.3 will be released by end of March 2019. I request for your patience and we will share good news with you soon.


#9

Hi Adnan,

sorry to bother you again, but do you have some news to share about this topic?

Thanks
Andrea


#10

@andreagasparin,

I like to inform this issue is going to be resolved tentatively in Aspose.Slides 19.3. We will share good news with you soon.