Skip to content

Remove DSA from macOS #119182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Aug 30, 2025
Merged

Remove DSA from macOS #119182

merged 13 commits into from
Aug 30, 2025
+196 −880

Conversation

vcsjones
Copy link
Member

This removes DSA (FF-DSA) from macOS.

Closes #71738
Fixes #118107

bartonjs
bartonjs reviewed Aug 28, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Aug 29, 2025
Open
@vcsjones vcsjones marked this pull request as ready for review August 29, 2025 14:35
@Copilot Copilot AI review requested due to automatic review settings August 29, 2025 14:35
@vcsjones vcsjones added breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. labels Aug 29, 2025
@vcsjones vcsjones added this to the 11.0.0 milestone Aug 29, 2025
Copilot
Copilot AI reviewed Aug 29, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes Digital Signature Algorithm (DSA) support from macOS platforms in the .NET cryptography libraries. The change affects the native Apple cryptography implementation and updates test files to properly handle the absence of DSA support.

Key changes include:

  • Removal of DSA-specific enum values and code from the native Apple cryptography implementation
  • Updates to test attributes to use conditional testing based on platform DSA support
  • Deletion of DSA SecurityTransforms implementation files
  • Updates to platform support detection to exclude Apple platforms from DSA support

Reviewed Changes

Copilot reviewed 49 out of 49 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.h Removes DSA enum value and updates function documentation
src/native/libs/System.Security.Cryptography.Native.Apple/pal_signverify.c Removes DSA-specific transform functions and conditional logic
src/native/libs/System.Security.Cryptography.Native.Apple/pal_seckey.h Updates documentation to remove DSA references
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Pal.macOS.cs Removes DSA public key decoding logic
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.macOS.cs Removes DSA key handling and import logic
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Keys.macOS.cs Replaces DSA implementation with PlatformNotSupportedException
src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj Removes DSA SecurityTransforms source files and adds NotSupported implementation
Multiple test files Updates test attributes from SkipOnPlatform to ConditionalFact/ConditionalTheory using PlatformSupport.IsDSASupported
src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs Adds IsDSASupported property excluding Apple platforms
src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.*.cs Complete removal of DSA SecurityTransforms implementation files

@dotnet-policy-service dotnet-policy-service bot added the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Aug 29, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Added needs-breaking-change-doc-created label because this PR has the breaking-change label.

When you commit this breaking change:

  1. Create and link to this PR and the issue a matching issue in the dotnet/docs repo using the breaking change documentation template, then remove this needs-breaking-change-doc-created label.
  2. Ask a committer to mail the .NET Breaking Change Notification DL.

Tagging @dotnet/compat for awareness of the breaking change.

bartonjs
bartonjs reviewed Aug 29, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Aug 29, 2025
Open
@build-analysis build-analysis bot mentioned this pull request Aug 30, 2025
Open
3 tasks
@vcsjones vcsjones merged commit f2b0068 into dotnet:main Aug 30, 2025
101 checks passed
@vcsjones vcsjones deleted the macos-dsa-bye-bye-bye branch August 30, 2025 16:36
@vcsjones vcsjones removed the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Aug 30, 2025
@vcsjones
Copy link
Member Author

Breaking change doc: dotnet/docs#48201

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release.
Projects
None yet
Milestone
11.0.0
Development

Successfully merging this pull request may close these issues.

Consider fully retiring FF-DSA from macOS SIGSEGV when independent DSA keys are concurrently disposed
2 participants
@vcsjones @bartonjs