Disable MD5 tests on Azure Linux

vcsjones · web-flow · commit a7f258b282e6 · 2024-08-16T17:43:58.000-04:00
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs
@@ -12,6 +12,7 @@ public interface IRSAProvider
         bool SupportsSha2Oaep { get; }
         bool SupportsPss { get; }
         bool SupportsSha1Signatures { get; }
+        bool SupportsMd5Signatures { get; }
         bool SupportsSha3 { get; }
     }
 
@@ -43,6 +44,7 @@ public static RSA Create(RSAParameters rsaParameters)
         public static bool SupportsPss => s_provider.SupportsPss;
 
         public static bool SupportsSha1Signatures => s_provider.SupportsSha1Signatures;
+        public static bool SupportsMd5Signatures => s_provider.SupportsMd5Signatures;
 
         public static bool SupportsSha3 => s_provider.SupportsSha3;
         public static bool NoSupportsSha3 => !SupportsSha3;
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/SignVerify.cs
@@ -600,7 +600,11 @@ public static IEnumerable<object[]> RoundTripTheories
                         yield return new object[] { nameof(HashAlgorithmName.SHA1), rsaParameters };
                     }
 
-                    yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters };
+                    if (RSAFactory.SupportsMd5Signatures)
+                    {
+                        yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters };
+                    }
+
                     yield return new object[] { nameof(HashAlgorithmName.SHA256), rsaParameters };
                 }
 
@@ -1589,7 +1593,11 @@ public static IEnumerable<object[]> HashAlgorithmNames
                 yield return new object[] { HashAlgorithmName.SHA256.Name };
                 yield return new object[] { HashAlgorithmName.SHA384.Name };
                 yield return new object[] { HashAlgorithmName.SHA512.Name };
-                yield return new object[] { HashAlgorithmName.MD5.Name };
+
+                if (RSAFactory.SupportsMd5Signatures)
+                {
+                    yield return new object[] { HashAlgorithmName.MD5.Name };
+                }
 
                 if (RSAFactory.SupportsSha1Signatures)
                 {
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs b/src/libraries/Common/tests/System/Security/Cryptography/SignatureSupport.cs
@@ -5,14 +5,17 @@ namespace System.Security.Cryptography.Tests
 {
     internal static class SignatureSupport
     {
-        internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
+        internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.SHA1);
+        internal static bool CanProduceMd5Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.MD5);
+
+        private static bool CanProduceSignature(AsymmetricAlgorithm algorithm, HashAlgorithmName hashAlgorithmName)
         {
             using (algorithm)
             {
 #if NETFRAMEWORK
                 return true;
 #else
-                // We expect all non-Linux platforms to support SHA1 signatures, currently.
+                // We expect all non-Linux platforms to support any signatures, currently.
                 if (!OperatingSystem.IsLinux())
                 {
                     return true;
@@ -23,7 +26,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
                     case ECDsa ecdsa:
                         try
                         {
-                            ecdsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1);
+                            ecdsa.SignData(Array.Empty<byte>(), hashAlgorithmName);
                             return true;
                         }
                         catch (CryptographicException)
@@ -33,7 +36,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
                     case RSA rsa:
                         try
                         {
-                            rsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
+                            rsa.SignData(Array.Empty<byte>(), hashAlgorithmName, RSASignaturePadding.Pkcs1);
                             return true;
                         }
                         catch (CryptographicException)
diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
@@ -28,6 +28,7 @@ public static partial class PlatformDetection
         public static bool IsFedora => IsDistroAndVersion("fedora");
         public static bool IsLinuxBionic => IsBionic();
         public static bool IsRedHatFamily => IsRedHatFamilyAndVersion();
+        public static bool IsAzureLinux => IsDistroAndVersionOrHigher("azurelinux", 3);
 
         public static bool IsMonoLinuxArm64 => IsMonoRuntime && IsLinux && IsArm64Process;
         public static bool IsNotMonoLinuxArm64 => !IsMonoLinuxArm64;
diff --git a/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs b/src/libraries/System.Security.Cryptography.Cng/tests/RSACngProvider.cs
@@ -37,6 +37,8 @@ public bool Supports384PrivateKey
 
         public bool SupportsSha1Signatures => true;
 
+        public bool SupportsMd5Signatures => true;
+
         public bool SupportsSha3 { get; } = SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.
     }
 
diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderBackCompat.cs
@@ -156,9 +156,12 @@ public static void VerifyLegacySignVerifyHash(bool useLegacySign, bool useLegacy
 
         public static IEnumerable<object[]> AlgorithmIdentifiers()
         {
-            yield return new object[] { "MD5", MD5.Create() };
-            yield return new object[] { "MD5", typeof(MD5) };
-            yield return new object[] { "MD5", "1.2.840.113549.2.5" };
+            if (RSAFactory.SupportsMd5Signatures)
+            {
+                yield return new object[] { "MD5", MD5.Create() };
+                yield return new object[] { "MD5", typeof(MD5) };
+                yield return new object[] { "MD5", "1.2.840.113549.2.5" };
+            }
 
             if (RSAFactory.SupportsSha1Signatures)
             {
diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RSACryptoServiceProviderProvider.cs
@@ -9,6 +9,7 @@ namespace System.Security.Cryptography.Rsa.Tests
     public class RSACryptoServiceProviderProvider : IRSAProvider
     {
         private bool? _supportsSha1Signatures;
+        private bool? _supportsMd5Signatures;
 
         public RSA Create() => new RSACryptoServiceProvider();
 
@@ -23,6 +24,7 @@ public class RSACryptoServiceProviderProvider : IRSAProvider
         public bool SupportsPss => false;
 
         public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
+        public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());
 
         public bool SupportsSha3 => false;
     }
diff --git a/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs b/src/libraries/System.Security.Cryptography.OpenSsl/tests/RSAOpenSslProvider.cs
@@ -8,6 +8,7 @@ namespace System.Security.Cryptography.Rsa.Tests
     public class RSAOpenSslProvider : IRSAProvider
     {
         private bool? _supportsSha1Signatures;
+        private bool? _supportsMd5Signatures;
 
         public RSA Create() => new RSAOpenSsl();
 
@@ -22,6 +23,7 @@ public class RSAOpenSslProvider : IRSAProvider
         public bool SupportsPss => true;
 
         public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
+        public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());
 
         public bool SupportsSha3 => SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.
     }
diff --git a/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs b/src/libraries/System.Security.Cryptography/tests/DefaultRSAProvider.cs
@@ -10,6 +10,7 @@ public class DefaultRSAProvider : IRSAProvider
     {
         private bool? _supports384PrivateKey;
         private bool? _supportsSha1Signatures;
+        private bool? _supportsMd5Signatures;
 
         public RSA Create() => RSA.Create();
 
@@ -41,6 +42,7 @@ public bool Supports384PrivateKey
         }
 
         public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
+        public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());
 
         public bool SupportsLargeExponent => true;
 
diff --git a/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs b/src/libraries/System.Security.Cryptography/tests/HKDFTests.cs
@@ -14,6 +14,8 @@ public abstract class HKDFTests
         protected abstract byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info);
         protected abstract byte[] DeriveKey(HashAlgorithmName hash, byte[] ikm, int outputLength, byte[] salt, byte[] info);
 
+        internal static bool MD5Supported => !PlatformDetection.IsBrowser && !PlatformDetection.IsAzureLinux;
+
         [Theory]
         [MemberData(nameof(GetHkdfTestCases))]
         public void ExtractTests(HkdfTestCase test)
@@ -22,9 +24,8 @@ public void ExtractTests(HkdfTestCase test)
             Assert.Equal(test.Prk, prk);
         }
 
-        [Theory]
+        [ConditionalTheory(nameof(MD5Supported))]
         [MemberData(nameof(GetHkdfTestCases))]
-        [SkipOnPlatform(TestPlatforms.Browser, "MD5 is not supported on Browser")]
         public void ExtractTamperHashTests(HkdfTestCase test)
         {
             byte[] prk = Extract(HashAlgorithmName.MD5, 128 / 8, test.Ikm, test.Salt);
@@ -257,7 +258,7 @@ public static IEnumerable<object[]> GetPrkTooShortTestCases()
             yield return new object[] { HashAlgorithmName.SHA256, 256 / 8 - 1 };
             yield return new object[] { HashAlgorithmName.SHA512, 512 / 8 - 1 };
 
-            if (!PlatformDetection.IsBrowser)
+            if (MD5Supported)
             {
                 yield return new object[] { HashAlgorithmName.MD5, 128 / 8 - 1 };
             }
diff --git a/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs b/src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs
@@ -9,12 +9,12 @@
 
 namespace System.Security.Cryptography.Tests
 {
-    [SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
+    [ConditionalClass(typeof(HmacMD5Tests.Traits), nameof(HmacMD5Tests.Traits.IsSupported))]
     public class HmacMD5Tests : Rfc2202HmacTests<HmacMD5Tests.Traits>
     {
         public sealed class Traits : IHmacTrait
         {
-            public static bool IsSupported => true;
+            public static bool IsSupported => !PlatformDetection.IsAzureLinux && !PlatformDetection.IsBrowser;
             public static int HashSizeInBytes => HMACMD5.HashSizeInBytes;
         }
 

Original file line number	Diff line number	Diff line change
`@@ -5,14 +5,17 @@ namespace System.Security.Cryptography.Tests`
`5`	`5`	`{`
`6`	`6`	`internal static class SignatureSupport`
`7`	`7`	`{`
`8`		`- internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)`
	`8`	`+ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.SHA1);`
	`9`	`+ internal static bool CanProduceMd5Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.MD5);`
	`10`	`+`
	`11`	`+ private static bool CanProduceSignature(AsymmetricAlgorithm algorithm, HashAlgorithmName hashAlgorithmName)`
`9`	`12`	`{`
`10`	`13`	`using (algorithm)`
`11`	`14`	`{`
`12`	`15`	`#if NETFRAMEWORK`
`13`	`16`	`return true;`
`14`	`17`	`#else`
`15`		`- // We expect all non-Linux platforms to support SHA1 signatures, currently.`
	`18`	`+ // We expect all non-Linux platforms to support any signatures, currently.`
`16`	`19`	`if (!OperatingSystem.IsLinux())`
`17`	`20`	`{`
`18`	`21`	`return true;`
`@@ -23,7 +26,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)`
`23`	`26`	`case ECDsa ecdsa:`
`24`	`27`	`try`
`25`	`28`	`{`
`26`		`- ecdsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1);`
	`29`	`+ ecdsa.SignData(Array.Empty<byte>(), hashAlgorithmName);`
`27`	`30`	`return true;`
`28`	`31`	`}`
`29`	`32`	`catch (CryptographicException)`
`@@ -33,7 +36,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)`
`33`	`36`	`case RSA rsa:`
`34`	`37`	`try`
`35`	`38`	`{`
`36`		`- rsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);`
	`39`	`+ rsa.SignData(Array.Empty<byte>(), hashAlgorithmName, RSASignaturePadding.Pkcs1);`
`37`	`40`	`return true;`
`38`	`41`	`}`
`39`	`42`	`catch (CryptographicException)`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,8 @@ public bool Supports384PrivateKey`
`37`	`37`
`38`	`38`	`public bool SupportsSha1Signatures => true;`
`39`	`39`
	`40`	`+ public bool SupportsMd5Signatures => true;`
	`41`	`+`
`40`	`42`	`public bool SupportsSha3 { get; } = SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.`
`41`	`43`	`}`
`42`	`44`
Original file line number	Diff line number	Diff line change
`@@ -156,9 +156,12 @@ public static void VerifyLegacySignVerifyHash(bool useLegacySign, bool useLegacy`
`156`	`156`
`157`	`157`	`public static IEnumerable<object[]> AlgorithmIdentifiers()`
`158`	`158`	`{`
`159`		`- yield return new object[] { "MD5", MD5.Create() };`
`160`		`- yield return new object[] { "MD5", typeof(MD5) };`
`161`		`- yield return new object[] { "MD5", "1.2.840.113549.2.5" };`
	`159`	`+ if (RSAFactory.SupportsMd5Signatures)`
	`160`	`+ {`
	`161`	`+ yield return new object[] { "MD5", MD5.Create() };`
	`162`	`+ yield return new object[] { "MD5", typeof(MD5) };`
	`163`	`+ yield return new object[] { "MD5", "1.2.840.113549.2.5" };`
	`164`	`+ }`
`162`	`165`
`163`	`166`	`if (RSAFactory.SupportsSha1Signatures)`
`164`	`167`	`{`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ namespace System.Security.Cryptography.Rsa.Tests`
`9`	`9`	`public class RSACryptoServiceProviderProvider : IRSAProvider`
`10`	`10`	`{`
`11`	`11`	`private bool? _supportsSha1Signatures;`
	`12`	`+ private bool? _supportsMd5Signatures;`
`12`	`13`
`13`	`14`	`public RSA Create() => new RSACryptoServiceProvider();`
`14`	`15`
`@@ -23,6 +24,7 @@ public class RSACryptoServiceProviderProvider : IRSAProvider`
`23`	`24`	`public bool SupportsPss => false;`
`24`	`25`
`25`	`26`	`public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());`
	`27`	`+ public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());`
`26`	`28`
`27`	`29`	`public bool SupportsSha3 => false;`
`28`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ namespace System.Security.Cryptography.Rsa.Tests`
`8`	`8`	`public class RSAOpenSslProvider : IRSAProvider`
`9`	`9`	`{`
`10`	`10`	`private bool? _supportsSha1Signatures;`
	`11`	`+ private bool? _supportsMd5Signatures;`
`11`	`12`
`12`	`13`	`public RSA Create() => new RSAOpenSsl();`
`13`	`14`
`@@ -22,6 +23,7 @@ public class RSAOpenSslProvider : IRSAProvider`
`22`	`23`	`public bool SupportsPss => true;`
`23`	`24`
`24`	`25`	`public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());`
	`26`	`+ public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());`
`25`	`27`
`26`	`28`	`public bool SupportsSha3 => SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.`
`27`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ public class DefaultRSAProvider : IRSAProvider`
`10`	`10`	`{`
`11`	`11`	`private bool? _supports384PrivateKey;`
`12`	`12`	`private bool? _supportsSha1Signatures;`
	`13`	`+ private bool? _supportsMd5Signatures;`
`13`	`14`
`14`	`15`	`public RSA Create() => RSA.Create();`
`15`	`16`
`@@ -41,6 +42,7 @@ public bool Supports384PrivateKey`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());`
	`45`	`+ public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());`
`44`	`46`
`45`	`47`	`public bool SupportsLargeExponent => true;`
`46`	`48`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ public abstract class HKDFTests`
`14`	`14`	`protected abstract byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info);`
`15`	`15`	`protected abstract byte[] DeriveKey(HashAlgorithmName hash, byte[] ikm, int outputLength, byte[] salt, byte[] info);`
`16`	`16`
	`17`	`+ internal static bool MD5Supported => !PlatformDetection.IsBrowser && !PlatformDetection.IsAzureLinux;`
	`18`	`+`
`17`	`19`	`[Theory]`
`18`	`20`	`[MemberData(nameof(GetHkdfTestCases))]`
`19`	`21`	`public void ExtractTests(HkdfTestCase test)`
`@@ -22,9 +24,8 @@ public void ExtractTests(HkdfTestCase test)`
`22`	`24`	`Assert.Equal(test.Prk, prk);`
`23`	`25`	`}`
`24`	`26`
`25`		`- [Theory]`
	`27`	`+ [ConditionalTheory(nameof(MD5Supported))]`
`26`	`28`	`[MemberData(nameof(GetHkdfTestCases))]`
`27`		`- [SkipOnPlatform(TestPlatforms.Browser, "MD5 is not supported on Browser")]`
`28`	`29`	`public void ExtractTamperHashTests(HkdfTestCase test)`
`29`	`30`	`{`
`30`	`31`	`byte[] prk = Extract(HashAlgorithmName.MD5, 128 / 8, test.Ikm, test.Salt);`
`@@ -257,7 +258,7 @@ public static IEnumerable<object[]> GetPrkTooShortTestCases()`
`257`	`258`	`yield return new object[] { HashAlgorithmName.SHA256, 256 / 8 - 1 };`
`258`	`259`	`yield return new object[] { HashAlgorithmName.SHA512, 512 / 8 - 1 };`
`259`	`260`
`260`		`- if (!PlatformDetection.IsBrowser)`
	`261`	`+ if (MD5Supported)`
`261`	`262`	`{`
`262`	`263`	`yield return new object[] { HashAlgorithmName.MD5, 128 / 8 - 1 };`
`263`	`264`	`}`