Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Condition S.S.Cryptography tests on SHA1 signature support #67998

Merged
merged 5 commits into from
Apr 28, 2022
Merged

Condition S.S.Cryptography tests on SHA1 signature support #67998

merged 5 commits into from
Apr 28, 2022

Conversation

vcsjones
Copy link
Member

This gets System.Security.Cryptography and System.Security.Cryptography.OpenSsl tests to pass on RHEL 9 and other similar distributions where SHA1 signatures are no longer permitted.

Places where the hash algorithm didn't matter I switched to SHA2. Where SHA1 was explicitly under test, they are now skipped on platforms that don't support it.

This does not fix S.S.C.X509Certificates. That is significantly more effort due to a lot of test data that use SHA1, and will be done in a follow up PR.

Contributes to #65874

@ghost ghost assigned vcsjones Apr 13, 2022
@ghost
Copy link

ghost commented Apr 13, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This gets System.Security.Cryptography and System.Security.Cryptography.OpenSsl tests to pass on RHEL 9 and other similar distributions where SHA1 signatures are no longer permitted.

Places where the hash algorithm didn't matter I switched to SHA2. Where SHA1 was explicitly under test, they are now skipped on platforms that don't support it.

This does not fix S.S.C.X509Certificates. That is significantly more effort due to a lot of test data that use SHA1, and will be done in a follow up PR.

Contributes to #65874

Author: vcsjones
Assignees: -
Labels:

area-System.Security
Milestone: -

@vcsjones
Copy link
Member Author

Draft to get feedback from CI and I might try to append X509Certificates changes to this, depending on how much additional work it turns out to be.

@tmds
Copy link
Member

tmds commented Apr 14, 2022

I'm going to run this branch through our CI and report the list of test failures.

@tmds
Copy link
Member

tmds commented Apr 14, 2022

I'm going to run this branch through our CI and report the list of test failures.

These are the failing tests.

System.Security.Cryptography.Xml.Tests.SignedXmlTest.Constructor_Empty
System.Security.Cryptography.Xml.Tests.SignedXmlTest.AsymmetricRSAMixedCaseAttributesVerifyWindows
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"a\", tamperNode: \"a\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"a\", tamperNode: \"b\", expected: True)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"b\", tamperNode: \"b\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"b\", tamperNode: \"c\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"y\", tamperNode: \"b\", expected: True)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"y\", tamperNode: \"c\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"y\", tamperNode: \"y\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"\", tamperNode: \"a\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"\", tamperNode: \"b\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"\", tamperNode: \"c\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureDetectsTamperedDataOnMultipleEnvelopedSignatures(signatureParent: \"\", tamperNode: \"y\", expected: False)
System.Security.Cryptography.Xml.Tests.SignedXmlTest.GetIdElement
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureHandlesIncorrectOrTamperedReferenceWithMultipleEnvelopedSignatures(signatureParent: \"a\", newReference: \"b\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureHandlesIncorrectOrTamperedReferenceWithMultipleEnvelopedSignatures(signatureParent: \"a\", newReference: \"nonexisting\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.Constructor_XmlElement
System.Security.Cryptography.Xml.Tests.SignedXmlTest.DigestValue_LF
System.Security.Cryptography.Xml.Tests.SignedXmlTest.SignedXML_CRLF_Invalid
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureMultipleEnvelopedSignatures(signatureParent: \"a\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureMultipleEnvelopedSignatures(signatureParent: \"b\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureMultipleEnvelopedSignatures(signatureParent: \"y\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.CheckSignatureMultipleEnvelopedSignatures(signatureParent: \"\")
System.Security.Cryptography.Xml.Tests.SignedXmlTest.MultipleX509Certificates
System.Security.Cryptography.Xml.Tests.SignedXmlTest.AsymmetricRSAVerify
System.Security.Cryptography.Xml.Tests.SignedXmlTest.SignedXML_LF_Valid
System.Security.Cryptography.Xml.Tests.SignedXmlTest.DigestValue_CRLF
System.Security.Cryptography.Xml.Tests.SignedXmlTest.SignedXML_CRLF_Valid
System.Security.Cryptography.Xml.Tests.SignedXmlTest.Constructor_XmlDocument
System.Security.Cryptography.Xml.Tests.Reference_ArbitraryElements.DuplicateLegalAttributes
System.Security.Cryptography.Xml.Tests.Reference_ArbitraryElements.ExtraAttributes
System.Security.Cryptography.Xml.Tests.Reference_ArbitraryElements.Transforms_ExtraData_XmlProcessingInstruction
System.Security.Cryptography.Xml.Tests.Reference_ArbitraryElements.OutOfOrder
System.Security.Cryptography.Xml.Tests.Reference_ArbitraryElements.Transforms_ExtraData_CData_Text
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_Lang
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.DifferentSignatureXMLNS
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.OutOfOrder
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_Base
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"<![CDATA[some stuff]]>\", checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"<!-- comment -->\", checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"                             \", checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"this\", checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"&amp;\", checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraData(arbitraryData: \"<?xml-stylesheet type='text / xsl' href='style.xsl\"..., checkSignatureSucceeds: True, loadThrows: False)
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_WeirdXMLNS
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_Preserve
System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.CorrectAttributes
System.Security.Cryptography.Xml.Tests.SignedInfo_ArbitraryElements.OutOfOrder
System.Security.Cryptography.Xml.Tests.KeyInfo_ArbitraryElements.ExtraData
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2020-08-28T22:17:02.0000000Z, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2020-08-28T22:17:02.0000000+00:00, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2020-08-28T22:17:02.0000000, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2021-08-28T22:17:01.0000000Z, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2021-08-28T22:17:01.0000000+00:00, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.VerifyExpiration_LocalTime(verificationTime: 2021-08-28T22:17:01.0000000, shouldBeValid: True)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChain_WithCertificatePolicy_Match
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChain
System.Security.Cryptography.X509Certificates.Tests.ChainTests.TestResetMethod
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChainCustomTrustStore(chainBuildsSuccessfully: False, chainFlags: UntrustedRoot, testArguments: TrustedIntermediateUntrustedRoot)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChainCustomTrustStore(chainBuildsSuccessfully: True, chainFlags: NoError, testArguments: UntrustedIntermediateTrustedRoot)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChainCustomTrustStore(chainBuildsSuccessfully: True, chainFlags: NoError, testArguments: TrustedIntermediateTrustedRoot)
System.Security.Cryptography.X509Certificates.Tests.ChainTests.BuildChainCustomTrustStore(chainBuildsSuccessfully: True, chainFlags: NoError, testArguments: MultipleCalls)
System.Security.Cryptography.X509Certificates.Tests.CtorTests.TestCopyConstructor_Lifetime_Independent
System.Security.Cryptography.X509Certificates.Tests.CtorTests.TestCopyConstructor_Lifetime_Cloned_Reversed
System.Security.Cryptography.X509Certificates.Tests.CtorTests.TestCopyConstructor_Lifetime_Cloned
System.Security.Cryptography.X509Certificates.Tests.PublicKeyTests.TestKey_RSA384_ValidatesSignature
System.Security.Cryptography.X509Certificates.Tests.PfxTests.TestPrivateKey(keyStorageFlags: DefaultKeySet)
System.Security.Cryptography.X509Certificates.Tests.PfxTests.TestPrivateKey(keyStorageFlags: EphemeralKeySet)
System.Security.Cryptography.X509Certificates.Tests.PfxTests.TestPrivateKeyProperty
System.Security.Cryptography.X509Certificates.Tests.CollectionTests.X509ChainElementCollection_CopyTo_NonZeroLowerBound_ThrowsIndexOutOfRangeException
System.Security.Cryptography.X509Certificates.Tests.CollectionTests.X509ChainElementCollection_IndexerVsEnumerator
System.Security.Cryptography.Pkcs.Tests.SignedCmsWholeDocumentTests.ReadRsaPkcs1DoubleCounterSigned
System.Security.Cryptography.Pkcs.Tests.SignedCmsWholeDocumentTests.ReadRsaPkcs1CounterSigned
System.Security.Cryptography.Pkcs.Tests.SignedCmsWholeDocumentTests.CheckNoSignatureDocument
System.Security.Cryptography.Pkcs.Tests.SignedCmsWholeDocumentTests.ReadRsaPkcs1SimpleDocument
System.Security.Cryptography.Pkcs.Tests.SignedCmsWholeDocumentTests.NonEmbeddedCertificate
System.Security.Cryptography.Pkcs.Tests.TimestampRequestTests.ProcessResponse_FreeTsa_WithCerts_NoNonce(expectedStatus: Accepted, variant: 0)
System.Security.Cryptography.Pkcs.Tests.TimestampRequestTests.ProcessResponse_FreeTsa_WithCerts_NoNonce(expectedStatus: HashMismatch, variant: 0)
System.Security.Cryptography.Pkcs.Tests.TimestampRequestTests.ProcessResponse_FreeTsa_WithCerts_NoNonce(expectedStatus: HashMismatch, variant: 1)
System.Security.Cryptography.Pkcs.Tests.TimestampRequestTests.ProcessResponse_FreeTsa_WithCerts_NoNonce(expectedStatus: NonceMismatch, variant: 0)
System.Security.Cryptography.Pkcs.Tests.TimestampRequestTests.ProcessResponse_FreeTsa_WithCerts_NoNonce(expectedStatus: UnexpectedCertificates, variant: 0)
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CreateSignature_RsaPss(digestOid: \"1.3.14.3.2.26\", assignByConstructor: True)
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CreateSignature_RsaPss(digestOid: \"1.3.14.3.2.26\", assignByConstructor: False)
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.SignCmsUsingExplicitRSAKey
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.Decode_IgnoresExtraData
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CheckSignature_ExtraStore_IsAdditional
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.AddCertificate
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.UntrustedCertFails_WhenTrustChecked
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CheckSignedEncrypted_IssuerSerial_FromNetFx
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CheckSignedEncrypted_SKID_FromNetFx
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.RemoveAllCertsAddBackSignerCert
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.AddCertificateWithPrivateKey
System.Security.Cryptography.Pkcs.Tests.SignedCmsTests.CounterSignCmsUsingExplicitECDsaKeyForFirstSignerAndRSAForCounterSignature
System.Security.Cryptography.Pkcs.Tests.TimestampTokenTests.ParseDocument_ExcessData(testDataName: \"FreeTsaDotOrg1\")
System.Security.Cryptography.Pkcs.Tests.TimestampTokenTests.ParseDocument(testDataName: \"FreeTsaDotOrg1\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.CheckSignature_SHA1WithRSA
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_RSA(identifierType: IssuerAndSerialNumber)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_RSA(identifierType: SubjectKeyIdentifier)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddSecondCounterSignature_NoSignature_WithoutCert(addExtraCert: False)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddSecondCounterSignature_NoSignature_WithoutCert(addExtraCert: True)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.RemoveCounterSignature_MatchesSubjectKeyIdentifier
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: IssuerAndSerialNumber, digestOid: \"1.3.14.3.2.26\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: SubjectKeyIdentifier, digestOid: \"1.3.14.3.2.26\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: IssuerAndSerialNumber, digestOid: \"2.16.840.1.101.3.4.2.1\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: SubjectKeyIdentifier, digestOid: \"2.16.840.1.101.3.4.2.1\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: IssuerAndSerialNumber, digestOid: \"2.16.840.1.101.3.4.2.2\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: SubjectKeyIdentifier, digestOid: \"2.16.840.1.101.3.4.2.2\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: IssuerAndSerialNumber, digestOid: \"2.16.840.1.101.3.4.2.3\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_ECDSA(identifierType: SubjectKeyIdentifier, digestOid: \"2.16.840.1.101.3.4.2.3\")
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddSecondCounterSignature_NoSignature_WithCert(addExtraCert: False)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddSecondCounterSignature_NoSignature_WithCert(addExtraCert: True)
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddFirstCounterSigner_NoSignature
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.RemoveCounterSignature_MatchesIssuerAndSerialNumber
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.RemoveCounterSignature_MatchesNoSignature
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_DuplicateCert_RSA
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddCounterSigner_DSA
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.AddFirstCounterSigner_NoSignature_NoPrivateKey
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.RemoveCounterSignature_UsesLiveState
System.Security.Cryptography.Pkcs.Tests.SignerInfoTests.CheckSignature_ExtraStore_IsAdditional
System.Security.Cryptography.Rsa.Tests.RSASignatureFormatterTests.VerifyKnownSignature
System.Security.Cryptography.Rsa.Tests.RSASignatureFormatterTests.VerifySignature_SHA1
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderBackCompat.AlgorithmLookups(primaryId: \"SHA1\", halg: Implementation { CanReuseTransform = True, CanTransformMultipleBlocks = True, Hash = null, HashSize = 160, InputBlockSize = 1, ... })
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderBackCompat.AlgorithmLookups(primaryId: \"SHA1\", halg: typeof(System.Security.Cryptography.SHA1))
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderBackCompat.AlgorithmLookups(primaryId: \"SHA1\", halg: \"1.3.14.3.2.26\")
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.VerifySignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.ExpectedHashSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.VerifySignature_SHA1_384
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.VerifySignature_SHA1_1032
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.ExpectedSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.VerifyHashSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.ExpectedSignature_SHA1_1032
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.ExpectedSignature_SHA1_384
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.SignAndVerify_Roundtrip(hashAlgorithm: \"SHA1\", rsaParameters: System.Security.Cryptography.RSAParameters)
System.Security.Cryptography.Rsa.Tests.SignVerify_Span.SignAndVerify_Roundtrip(hashAlgorithm: \"SHA1\", rsaParameters: System.Security.Cryptography.RSAParameters)
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderTests.VerifyHash_DefaultAlgorithm_Success
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderTests.SignHash_DefaultAlgorithm_Success
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderTests.SignData_VerifyHash_CaseInsensitive_Success
System.Security.Cryptography.Csp.Tests.RSACryptoServiceProviderTests.Verify_InvalidPaddingMode_Throws
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.VerifySignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.VerifyHashSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.VerifySignature_SHA1_384
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.ExpectedHashSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.ExpectedSignature_SHA1_1032
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.ExpectedSignature_SHA1_384
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.VerifySignature_SHA1_1032
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.ExpectedSignature_SHA1_2048
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.SignAndVerify_Roundtrip(hashAlgorithm: \"SHA1\", rsaParameters: System.Security.Cryptography.RSAParameters)
System.Security.Cryptography.Rsa.Tests.SignVerify_Array.SignAndVerify_Roundtrip(hashAlgorithm: \"SHA1\", rsaParameters: System.Security.Cryptography.RSAParameters)
System.Reflection.PortableExecutable.Tests.PEBuilderTests.Checksum
System.Reflection.PortableExecutable.Tests.PEBuilderTests.BasicValidationSigned
LibraryImportGenerator.UnitTests.Diagnostics.StringMarshallingForwardingNotSupported_ReportsDiagnostic

@runfoapp runfoapp bot mentioned this pull request Apr 14, 2022
Closed
@tmds
Copy link
Member

tmds commented Apr 15, 2022

@vcsjones let me know when it is helpful to run your PR against our rhel9 CI.

@vcsjones vcsjones marked this pull request as ready for review April 17, 2022 19:42
@vcsjones
Copy link
Member Author

I marked this as ready for review to at least get the System.Security.Cryptography ones in.

Regarding S.S.C.{Pkcs, Xml, X509Certificates}, these are going to take more work and depends on what the outcome of the "signed signed certificates gets their own signature checked" conversation is.

These test projects have a considerable amount of SHA1 use, largely just as test data. We would want to move to SHA256 where feasible, as just doing a blanket "disable what doesn't work" would result in a significant test gap in RHEL9.

If we disable the signed signed cert check, a lot of those X509Certificate tests will start working, so I don't want to replace a ton of test data until its been confirmed that is the appropriate thing to do.

@tmds
Copy link
Member

tmds commented Apr 22, 2022

If we disable the signed signed cert check, a lot of those X509Certificate tests will start working, so I don't want to replace a ton of test data until its been confirmed that is the appropriate thing to do.

Makes sense. Let's wait for @bartonjs to chime in.

@runfoapp runfoapp bot mentioned this pull request Apr 28, 2022
Closed
@vcsjones
Copy link
Member Author

@tmds I am going to merge this as-is and open further pull requests for other areas.

@vcsjones vcsjones merged commit 0a2bc2f into dotnet:main Apr 28, 2022
@vcsjones vcsjones deleted the sha1-conditional branch April 28, 2022 23:23
@tmds tmds mentioned this pull request May 23, 2022
Merged
@ghost ghost locked as resolved and limited conversation to collaborators May 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vcsjones @tmds @bartonjs