Skip to content

Change some tests to be conditional on the availability of SCOSSL #118663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 15, 2025
Merged

Change some tests to be conditional on the availability of SCOSSL #118663

merged 3 commits into from
Aug 15, 2025

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Aug 13, 2025
edited
Loading

Some of our cryptography tests are conditioned on whether or not they are running on Azure Linux, which by default uses SCOSSL for cryptographic algorithms. This is not guaranteed though - using vanilla OpenSSL on Azure Linux is possible simply by uninstalling the SymCrypt-OpenSSL package.

In this case, our tests would fail because they are assuming the environment is using SCOSSL when it is really using OpenSSL.

n.b. not all of our tests can be conditioned on if SCOSSL is the default OpenSSL provider. Azure Linux itself applies some patches when building OpenSSL. A notable example is they compile OpenSSL with -no-chacha. That means that regardless of the OpenSSL provider, ChaCha20Poly1305 will not be available. So some tests remain conditioned on IsAzureLinux, not IsSymCryptOpenSsl.

With SymCrypt-OpenSSL package present:
yes-scossl

Without SymCrypt-OpenSSL package present:
no-scossl

Fixes #118656

@Copilot Copilot AI review requested due to automatic review settings August 13, 2025 01:52
Copilot
Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors cryptography tests to condition behavior on the actual availability of SCOSSL (SymCrypt-OpenSSL) rather than assuming it's present on Azure Linux. This improves test accuracy since Azure Linux can run with vanilla OpenSSL if the SymCrypt-OpenSSL package is uninstalled.

Key changes:

  • Introduces IsSymCryptOpenSsl platform detection by checking for SymCrypt provider module files
  • Replaces IsAzureLinux checks with IsSymCryptOpenSsl checks in cryptographic algorithm tests
  • Maintains some Azure Linux-specific conditions for features like ChaCha20Poly1305 that are affected by Azure Linux's OpenSSL build patches

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file
File Description
PlatformDetection.Unix.cs Adds new IsSymCryptOpenSsl detection logic that checks for SymCrypt provider module files
KmacTestDriver.cs Updates key size requirements check from Azure Linux to SymCrypt detection
HmacMD5Tests.cs Changes MD5 support detection from Azure Linux to SymCrypt detection
HKDFTests.cs Updates MD5 and empty key support checks to use SymCrypt detection
DefaultECDsaProvider.Unix.cs Changes explicit curves support check from Azure Linux to SymCrypt detection
DefaultECDiffieHellmanProvider.Unix.cs Updates explicit curves support check to use SymCrypt detection
EcDsaOpenSslProvider.cs Simplifies explicit curves support check using new SymCrypt detection
KeyGeneration.cs Updates RSA key generation tests to use SymCrypt detection
ECDsaFactory.cs Changes explicit curves failure condition to use SymCrypt detection
ECDiffieHellmanFactory.cs Updates explicit curves failure condition to use SymCrypt detection

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

This was referenced Aug 13, 2025
Closed
Closed
@vcsjones vcsjones added the test-enhancement Improvements of test source code label Aug 13, 2025
bartonjs
bartonjs approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, modulo one incorrectly cased letter.

@vcsjones vcsjones enabled auto-merge (squash) August 14, 2025 22:07
@vcsjones vcsjones merged commit 59ce21a into dotnet:main Aug 15, 2025
85 of 88 checks passed
@vcsjones vcsjones deleted the symcrypt-openssl branch August 15, 2025 01:03
@build-analysis build-analysis bot mentioned this pull request Aug 15, 2025
Closed
@vcsjones vcsjones added this to the 10.0.0 milestone Aug 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security test-enhancement Improvements of test source code
Projects
None yet
Milestone
10.0.0
Development

Successfully merging this pull request may close these issues.

Consider alternative way to determine SCOSSL behaviors in tests
2 participants
@vcsjones @bartonjs