diff --git a/eng/pipelines/libraries/helix-queues-setup.yml b/eng/pipelines/libraries/helix-queues-setup.yml index dcfa5a119db38..755a6d4ceb8ff 100644 --- a/eng/pipelines/libraries/helix-queues-setup.yml +++ b/eng/pipelines/libraries/helix-queues-setup.yml @@ -72,6 +72,7 @@ jobs: - Ubuntu.2204.Amd64.Open - (Debian.12.Amd64.Open)Ubuntu.2204.Amd64.Open@mcr.microsoft.com/dotnet-buildtools/prereqs:debian-12-helix-amd64 - (Mariner.2.0.Amd64.Open)Ubuntu.2204.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner-2.0-helix-amd64 + - (AzureLinux.3.0.Amd64.Open)Ubuntu.2204.Amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux-3.0-helix-amd64 - (openSUSE.15.2.Amd64.Open)Ubuntu.2204.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:opensuse-15.2-helix-amd64 - ${{ if or(ne(parameters.jobParameters.isExtraPlatforms, true), eq(parameters.jobParameters.includeAllPlatforms, true)) }}: - (Centos.9.Amd64.Open)Ubuntu.2204.Amd64.Open@mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream9-helix diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs index 492c9d451329c..1a6686c4326db 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs @@ -18,7 +18,9 @@ public abstract partial class ECKeyFileTests where T : ECAlgorithm // This would need to be virtualized if there was ever a platform that // allowed explicit in ECDH or ECDSA but not the other. - public static bool SupportsExplicitCurves { get; } = EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupported; + public static bool SupportsExplicitCurves { get; } = + EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupported || + EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupportFailOnUseOnly; public static bool CanDeriveNewPublicKey { get; } = EcDiffieHellman.Tests.ECDiffieHellmanFactory.CanDeriveNewPublicKey; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanFactory.cs index 84bbea4587eef..e45d5e88bd887 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanFactory.cs @@ -12,6 +12,7 @@ public interface IECDiffieHellmanProvider #endif bool IsCurveValid(Oid oid); bool ExplicitCurvesSupported { get; } + bool ExplicitCurvesSupportFailOnUseOnly => PlatformDetection.IsAzureLinux; bool CanDeriveNewPublicKey { get; } bool SupportsRawDerivation { get; } bool SupportsSha3 { get; } @@ -48,5 +49,7 @@ public static bool IsCurveValid(Oid oid) public static bool SupportsRawDerivation => s_provider.SupportsRawDerivation; public static bool SupportsSha3 => s_provider.SupportsSha3; + + public static bool ExplicitCurvesSupportFailOnUseOnly => s_provider.ExplicitCurvesSupportFailOnUseOnly; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanTests.ImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanTests.ImportExport.cs index 82f78094bb100..441bf94e40eb8 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanTests.ImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDiffieHellman/ECDiffieHellmanTests.ImportExport.cs @@ -319,7 +319,7 @@ public static void TestGeneralExportWithExplicitParameters() [Fact] public static void TestExplicitCurveImportOnUnsupportedPlatform() { - if (ECDiffieHellmanFactory.ExplicitCurvesSupported) + if (ECDiffieHellmanFactory.ExplicitCurvesSupported || ECDiffieHellmanFactory.ExplicitCurvesSupportFailOnUseOnly) { return; } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDsa/ECDsaFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDsa/ECDsaFactory.cs index 59d45d3de99c7..8781846d2abae 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDsa/ECDsaFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/ECDsa/ECDsaFactory.cs @@ -12,6 +12,7 @@ public interface IECDsaProvider #endif bool IsCurveValid(Oid oid); bool ExplicitCurvesSupported { get; } + bool ExplicitCurvesSupportFailOnUseOnly => PlatformDetection.IsAzureLinux; } public static partial class ECDsaFactory @@ -39,5 +40,6 @@ public static bool IsCurveValid(Oid oid) } public static bool ExplicitCurvesSupported => s_provider.ExplicitCurvesSupported; + public static bool ExplicitCurvesSupportFailOnUseOnly => s_provider.ExplicitCurvesSupportFailOnUseOnly; } } diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs index ea13e350b977f..601118c17bd01 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs @@ -8,13 +8,13 @@ namespace System.Security.Cryptography.Rsa.Tests [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")] public class KeyGeneration { - [Fact] + [ConditionalFact(typeof(PlatformDetection), nameof(PlatformDetection.IsNotAzureLinux))] public static void GenerateMinKey() { GenerateKey(rsa => GetMin(rsa.LegalKeySizes)); } - [Fact] + [ConditionalFact(typeof(PlatformDetection), nameof(PlatformDetection.IsNotAzureLinux))] public static void GenerateSecondMinKey() { GenerateKey(rsa => GetSecondMin(rsa.LegalKeySizes)); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs index b13a6ee01d8e4..a01390dec6c98 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs @@ -12,6 +12,7 @@ public interface IRSAProvider bool SupportsSha2Oaep { get; } bool SupportsPss { get; } bool SupportsSha1Signatures { get; } + bool SupportsMd5Signatures { get; } bool SupportsSha3 { get; } } @@ -43,6 +44,7 @@ public static RSA Create(RSAParameters rsaParameters) public static bool SupportsPss => s_provider.SupportsPss; public static bool SupportsSha1Signatures => s_provider.SupportsSha1Signatures; + public static bool SupportsMd5Signatures => s_provider.SupportsMd5Signatures; public static bool SupportsSha3 => s_provider.SupportsSha3; public static bool NoSupportsSha3 => !SupportsSha3; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs index 84c8f76d2b3ee..cc4d396d01ffb 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs @@ -600,7 +600,11 @@ public static IEnumerable RoundTripTheories yield return new object[] { nameof(HashAlgorithmName.SHA1), rsaParameters }; } - yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters }; + if (RSAFactory.SupportsMd5Signatures) + { + yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters }; + } + yield return new object[] { nameof(HashAlgorithmName.SHA256), rsaParameters }; } @@ -1589,7 +1593,11 @@ public static IEnumerable HashAlgorithmNames yield return new object[] { HashAlgorithmName.SHA256.Name }; yield return new object[] { HashAlgorithmName.SHA384.Name }; yield return new object[] { HashAlgorithmName.SHA512.Name }; - yield return new object[] { HashAlgorithmName.MD5.Name }; + + if (RSAFactory.SupportsMd5Signatures) + { + yield return new object[] { HashAlgorithmName.MD5.Name }; + } if (RSAFactory.SupportsSha1Signatures) { diff --git a/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs index b625df0184c2b..94ecb8d82c511 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs @@ -5,14 +5,17 @@ namespace System.Security.Cryptography.Tests { internal static class SignatureSupport { - internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) + internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.SHA1); + internal static bool CanProduceMd5Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.MD5); + + private static bool CanProduceSignature(AsymmetricAlgorithm algorithm, HashAlgorithmName hashAlgorithmName) { using (algorithm) { #if NETFRAMEWORK return true; #else - // We expect all non-Linux platforms to support SHA1 signatures, currently. + // We expect all non-Linux platforms to support any signatures, currently. if (!OperatingSystem.IsLinux()) { return true; @@ -23,7 +26,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) case ECDsa ecdsa: try { - ecdsa.SignData(Array.Empty(), HashAlgorithmName.SHA1); + ecdsa.SignData(Array.Empty(), hashAlgorithmName); return true; } catch (CryptographicException) @@ -33,7 +36,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) case RSA rsa: try { - rsa.SignData(Array.Empty(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); + rsa.SignData(Array.Empty(), hashAlgorithmName, RSASignaturePadding.Pkcs1); return true; } catch (CryptographicException) diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs index 48b8ba86f730a..2de3b94fad764 100644 --- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs +++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs @@ -27,9 +27,11 @@ public static partial class PlatformDetection public static bool IsTizen => IsDistroAndVersion("tizen"); public static bool IsFedora => IsDistroAndVersion("fedora"); public static bool IsLinuxBionic => IsBionic(); + public static bool IsAzureLinux => IsDistroAndVersionOrHigher("azurelinux", 3); public static bool IsMonoLinuxArm64 => IsMonoRuntime && IsLinux && IsArm64Process; public static bool IsNotMonoLinuxArm64 => !IsMonoLinuxArm64; + public static bool IsNotAzureLinux => !IsAzureLinux; // OSX family public static bool IsOSXLike => IsOSX || IsiOS || IstvOS || IsMacCatalyst; diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs index d41df34b61404..025bbc426a4cd 100644 --- a/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs +++ b/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs @@ -37,6 +37,8 @@ public bool Supports384PrivateKey public bool SupportsSha1Signatures => true; + public bool SupportsMd5Signatures => true; + public bool SupportsSha3 { get; } = SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too. } diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs index 887bdc3d983e2..8ef0c9474d73d 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs @@ -156,9 +156,12 @@ public static void VerifyLegacySignVerifyHash(bool useLegacySign, bool useLegacy public static IEnumerable AlgorithmIdentifiers() { - yield return new object[] { "MD5", MD5.Create() }; - yield return new object[] { "MD5", typeof(MD5) }; - yield return new object[] { "MD5", "1.2.840.113549.2.5" }; + if (RSAFactory.SupportsMd5Signatures) + { + yield return new object[] { "MD5", MD5.Create() }; + yield return new object[] { "MD5", typeof(MD5) }; + yield return new object[] { "MD5", "1.2.840.113549.2.5" }; + } if (RSAFactory.SupportsSha1Signatures) { diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs index 7cd358cd5d121..fb40b5ece1d0f 100644 --- a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs +++ b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs @@ -9,6 +9,7 @@ namespace System.Security.Cryptography.Rsa.Tests public class RSACryptoServiceProviderProvider : IRSAProvider { private bool? _supportsSha1Signatures; + private bool? _supportsMd5Signatures; public RSA Create() => new RSACryptoServiceProvider(); @@ -23,6 +24,7 @@ public class RSACryptoServiceProviderProvider : IRSAProvider public bool SupportsPss => false; public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); + public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create()); public bool SupportsSha3 => false; } diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/EcDsaOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/EcDsaOpenSslProvider.cs index aac122ce56d58..4735038ec0184 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/EcDsaOpenSslProvider.cs +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/EcDsaOpenSslProvider.cs @@ -50,7 +50,7 @@ public bool ExplicitCurvesSupported { get { - return true; + return !PlatformDetection.IsAzureLinux; } } } diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs index 0adcda4bfad5e..18aa9528877d9 100644 --- a/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs +++ b/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs @@ -8,6 +8,7 @@ namespace System.Security.Cryptography.Rsa.Tests public class RSAOpenSslProvider : IRSAProvider { private bool? _supportsSha1Signatures; + private bool? _supportsMd5Signatures; public RSA Create() => new RSAOpenSsl(); @@ -22,6 +23,7 @@ public class RSAOpenSslProvider : IRSAProvider public bool SupportsPss => true; public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); + public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create()); public bool SupportsSha3 => SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too. } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/KeyBagTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/KeyBagTests.cs index 2a3ba970c01ae..071a210c79dd5 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/KeyBagTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/KeyBagTests.cs @@ -29,7 +29,7 @@ public static void BuildWithFactoryReadDirect() Assert.True(rsa2.TrySignData( keyBag.Pkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1, out int sigLen)); @@ -38,7 +38,7 @@ public static void BuildWithFactoryReadDirect() Assert.True(rsa.VerifyData( keyBag.Pkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/ShroudedKeyBagTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/ShroudedKeyBagTests.cs index b2141a822c218..aebe413b35763 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/ShroudedKeyBagTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/ShroudedKeyBagTests.cs @@ -40,7 +40,7 @@ public static void BuildWithCharsFactoryReadDirect() Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1, out int sigLen)); @@ -49,7 +49,7 @@ public static void BuildWithCharsFactoryReadDirect() Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } @@ -77,7 +77,7 @@ public static void BuildWithBytesFactoryReadDirect() Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1, out int sigLen)); @@ -86,7 +86,7 @@ public static void BuildWithBytesFactoryReadDirect() Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, - HashAlgorithmName.MD5, + HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignatureSupport.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignatureSupport.cs index ee31485341cab..5e317d841cfc4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignatureSupport.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignatureSupport.cs @@ -10,5 +10,8 @@ public class SignatureSupport { public static bool SupportsRsaSha1Signatures { get; } = System.Security.Cryptography.Tests.SignatureSupport.CanProduceSha1Signature(RSA.Create()); + + public static bool SupportsRsaMd5Signatures { get; } = + System.Security.Cryptography.Tests.SignatureSupport.CanProduceMd5Signature(RSA.Create()); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs index 10a51fc819545..c3ff48deb9eb8 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs @@ -198,7 +198,7 @@ public static void CheckSignature_ExtraStore_IsAdditional() signer.CheckSignature(new X509Certificate2Collection(), true); } - [Fact] + [ConditionalFact(typeof(SignatureSupport), nameof(SignatureSupport.SupportsRsaMd5Signatures))] public static void CheckSignature_MD5WithRSA() { SignedCms cms = new SignedCms(); diff --git a/src/libraries/System.Security.Cryptography/tests/ChaCha20Poly1305Tests.cs b/src/libraries/System.Security.Cryptography/tests/ChaCha20Poly1305Tests.cs index ced6edcf35095..24ec6ffbc99fc 100644 --- a/src/libraries/System.Security.Cryptography/tests/ChaCha20Poly1305Tests.cs +++ b/src/libraries/System.Security.Cryptography/tests/ChaCha20Poly1305Tests.cs @@ -478,6 +478,11 @@ public static void CheckIsSupported() // CryptoKit is supported on macOS 10.15+, which is our minimum target. expectedIsSupported = true; } + else if (PlatformDetection.IsAzureLinux) + { + // Though Azure Linux uses OpenSSL, they build OpenSSL without ChaCha20-Poly1305. + expectedIsSupported = false; + } else if (PlatformDetection.OpenSslPresentOnSystem && PlatformDetection.IsOpenSslSupported) { const int OpenSslChaChaMinimumVersion = 0x1_01_00_00_F; //major_minor_fix_patch_status diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultECDiffieHellmanProvider.Unix.cs b/src/libraries/System.Security.Cryptography/tests/DefaultECDiffieHellmanProvider.Unix.cs index 162831d72ac69..b1c51483231dd 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultECDiffieHellmanProvider.Unix.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultECDiffieHellmanProvider.Unix.cs @@ -25,7 +25,7 @@ public bool ExplicitCurvesSupported { get { - if (PlatformDetection.IsOSXLike) + if (PlatformDetection.IsOSXLike || PlatformDetection.IsAzureLinux) { return false; } diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultECDsaProvider.Unix.cs b/src/libraries/System.Security.Cryptography/tests/DefaultECDsaProvider.Unix.cs index 53e9198720360..5ade1828c0277 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultECDsaProvider.Unix.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultECDsaProvider.Unix.cs @@ -25,7 +25,7 @@ public bool ExplicitCurvesSupported { get { - if (PlatformDetection.IsOSXLike) + if (PlatformDetection.IsOSXLike || PlatformDetection.IsAzureLinux) { return false; } diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs index c65b78ace1288..d6883088f06f2 100644 --- a/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs +++ b/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs @@ -10,6 +10,7 @@ public class DefaultRSAProvider : IRSAProvider { private bool? _supports384PrivateKey; private bool? _supportsSha1Signatures; + private bool? _supportsMd5Signatures; public RSA Create() => RSA.Create(); @@ -41,6 +42,7 @@ public bool Supports384PrivateKey } public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create()); + public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create()); public bool SupportsLargeExponent => true; diff --git a/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs b/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs index 6f58c00e80994..9c3537808b0a7 100644 --- a/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs @@ -14,6 +14,8 @@ public abstract class HKDFTests protected abstract byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info); protected abstract byte[] DeriveKey(HashAlgorithmName hash, byte[] ikm, int outputLength, byte[] salt, byte[] info); + internal static bool MD5Supported => !PlatformDetection.IsBrowser && !PlatformDetection.IsAzureLinux; + [Theory] [MemberData(nameof(GetHkdfTestCases))] public void ExtractTests(HkdfTestCase test) @@ -22,9 +24,8 @@ public void ExtractTests(HkdfTestCase test) Assert.Equal(test.Prk, prk); } - [Theory] + [ConditionalTheory(nameof(MD5Supported))] [MemberData(nameof(GetHkdfTestCases))] - [SkipOnPlatform(TestPlatforms.Browser, "MD5 is not supported on Browser")] public void ExtractTamperHashTests(HkdfTestCase test) { byte[] prk = Extract(HashAlgorithmName.MD5, 128 / 8, test.Ikm, test.Salt); @@ -257,7 +258,7 @@ public static IEnumerable GetPrkTooShortTestCases() yield return new object[] { HashAlgorithmName.SHA256, 256 / 8 - 1 }; yield return new object[] { HashAlgorithmName.SHA512, 512 / 8 - 1 }; - if (!PlatformDetection.IsBrowser) + if (MD5Supported) { yield return new object[] { HashAlgorithmName.MD5, 128 / 8 - 1 }; } diff --git a/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs b/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs index 2adf417aec845..fa18da8e11cbd 100644 --- a/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs +++ b/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs @@ -9,12 +9,12 @@ namespace System.Security.Cryptography.Tests { - [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")] + [ConditionalClass(typeof(HmacMD5Tests.Traits), nameof(HmacMD5Tests.Traits.IsSupported))] public class HmacMD5Tests : Rfc2202HmacTests { public sealed class Traits : IHmacTrait { - public static bool IsSupported => true; + public static bool IsSupported => !PlatformDetection.IsAzureLinux && !PlatformDetection.IsBrowser; public static int HashSizeInBytes => HMACSHA1.HashSizeInBytes; }