From 55b58518fbf7bf5bcc9e55dadbe114f6b036a81d Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Wed, 19 May 2021 15:52:09 +0200
Subject: [PATCH 01/16] Make DSA.Create, AesCcm, AesGcm, ChaCha20Poly1305 throw
 PNSE on iOS

---
 ...em.Security.Cryptography.Algorithms.csproj | 20 ++++++----
 .../Cryptography/AesCcm.NotSupported.cs       | 38 +++++++++++++++++++
 .../Cryptography/AesGcm.NotSupported.cs       | 38 +++++++++++++++++++
 .../Security/Cryptography/CryptoConfig.cs     |  9 ++++-
 .../Cryptography/DSA.Create.NotSupported.cs   | 13 +++++++
 .../tests/AesCcmTests.cs                      |  4 ++
 .../tests/AesGcmTests.cs                      |  4 ++
 .../tests/CryptoConfigTests.cs                |  9 ++++-
 8 files changed, 123 insertions(+), 12 deletions(-)
 create mode 100644 src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs

diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj b/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj
index 833822b03c7fd..b811c393c7336 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj
@@ -520,8 +520,6 @@
              Link="Common\Microsoft\Win32\SafeHandles\SafeCreateHandle.OSX.cs" />
     <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeHandleCache.cs"
              Link="Common\Microsoft\Win32\SafeHandles\SafeHandleCache.cs" />
-    <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.cs"
-             Link="Common\System\Security\Cryptography\DSASecurityTransforms.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.cs"
              Link="Common\System\Security\Cryptography\EccSecurityTransforms.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\ECDiffieHellmanSecurityTransforms.cs"
@@ -546,6 +544,8 @@
              Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.Pbkdf2.cs" />
     <Compile Include="$(CommonPath)Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs"
              Link="Common\Interop\OSX\System.Security.Cryptography.Native.Apple\Interop.SecKeyRef.macOS.cs" />
+    <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.cs"
+             Link="Common\System\Security\Cryptography\DSASecurityTransforms.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.macOS.cs"
              Link="Common\System\Security\Cryptography\DSASecurityTransforms.macOS.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.macOS.cs"
@@ -555,25 +555,27 @@
     <Compile Include="Internal\Cryptography\Pbkdf2Implementation.OSX.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(UseAppleCrypto)' == 'true' AND '$(TargetsOSX)' != 'true'">
-    <Compile Include="$(CommonPath)System\Security\Cryptography\DSASecurityTransforms.iOS.cs"
-             Link="Common\System\Security\Cryptography\DSASecurityTransforms.iOS.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\EccSecurityTransforms.iOS.cs"
              Link="Common\System\Security\Cryptography\EccSecurityTransforms.iOS.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\RSASecurityTransforms.iOS.cs"
              Link="Common\System\Security\Cryptography\RSASecurityTransforms.iOS.cs" />
     <Compile Include="Internal\Cryptography\Pbkdf2Implementation.Managed.cs" />
+    <Compile Include="System\Security\Cryptography\AesCcm.NotSupported.cs" />
+    <Compile Include="System\Security\Cryptography\AesGcm.NotSupported.cs" />
+    <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.NotSupported.cs" />
+    <Compile Include="System\Security\Cryptography\DSA.Create.NotSupported.cs" />
   </ItemGroup>
   <ItemGroup Condition=" '$(TargetsUnix)' == 'true'">
     <Compile Include="$(CommonPath)Interop\Unix\Interop.Libraries.cs"
              Link="Common\Interop\Unix\Interop.Libraries.cs" />
     <Compile Include="$(CommonPath)Internal\Cryptography\AsymmetricAlgorithmHelpers.Hash.cs"
              Link="Common\Internal\Cryptography\AsymmetricAlgorithmHelpers.Hash.cs" />
-    <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
-             Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\ECDiffieHellmanDerivation.cs"
              Link="Common\System\Security\Cryptography\ECDiffieHellmanDerivation.cs" />
   </ItemGroup>
-  <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true'">
+  <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true' and '$(TargetsiOS)' != 'true' and '$(TargetstvOS)' != 'true'">
+    <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
+             Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs"
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.EVP.Cipher.cs"
@@ -582,9 +584,9 @@
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.ERR.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs"
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs" />
+    <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.Unix.cs" />
     <Compile Include="System\Security\Cryptography\AesCcm.Unix.cs" />
     <Compile Include="System\Security\Cryptography\AesGcm.Unix.cs" />
-    <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.Unix.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true' and '$(UseAppleCrypto)' != 'true'">
     <Compile Include="Internal\Cryptography\DesImplementation.Unix.cs" />
@@ -676,6 +678,8 @@
              Link="Common\Interop\Android\System.Security.Cryptography.Native.Android\Interop.Rsa.cs" />
     <Compile Include="$(CommonPath)Interop\Android\System.Security.Cryptography.Native.Android\SafeKeyHandle.cs"
              Link="Common\Interop\Android\System.Security.Cryptography.Native.Android\SafeKeyHandle.cs" />
+    <Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs"
+             Link="Common\Microsoft\Win32\SafeHandles\SafeEvpCipherCtxHandle.Unix.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\DSAAndroid.cs"
              Link="Common\System\Security\Cryptography\DSAAndroid.cs" />
     <Compile Include="System\Security\Cryptography\DSA.Create.Android.cs" />
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs
index 170540eec2cee..6cbfe82d10ab7 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.NotSupported.cs
@@ -1,10 +1,48 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
+
 namespace System.Security.Cryptography
 {
     public partial class AesCcm
     {
         public static bool IsSupported => false;
+
+#if !BROWSER // allow GenFacades to handle browser target
+        private void ImportKey(ReadOnlySpan<byte> key)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        private void EncryptCore(
+            ReadOnlySpan<byte> nonce,
+            ReadOnlySpan<byte> plaintext,
+            Span<byte> ciphertext,
+            Span<byte> tag,
+            ReadOnlySpan<byte> associatedData = default)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        private void DecryptCore(
+            ReadOnlySpan<byte> nonce,
+            ReadOnlySpan<byte> ciphertext,
+            ReadOnlySpan<byte> tag,
+            Span<byte> plaintext,
+            ReadOnlySpan<byte> associatedData = default)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        public void Dispose()
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            // no-op
+        }
+#endif
     }
 }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs
index efbf1a729b57c..0950177836646 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.NotSupported.cs
@@ -1,10 +1,48 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
+
 namespace System.Security.Cryptography
 {
     public partial class AesGcm
     {
         public static bool IsSupported => false;
+
+#if !BROWSER // allow GenFacades to handle browser target
+        private void ImportKey(ReadOnlySpan<byte> key)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        private void EncryptCore(
+            ReadOnlySpan<byte> nonce,
+            ReadOnlySpan<byte> plaintext,
+            Span<byte> ciphertext,
+            Span<byte> tag,
+            ReadOnlySpan<byte> associatedData = default)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        private void DecryptCore(
+            ReadOnlySpan<byte> nonce,
+            ReadOnlySpan<byte> ciphertext,
+            ReadOnlySpan<byte> tag,
+            Span<byte> plaintext,
+            ReadOnlySpan<byte> associatedData = default)
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            throw new NotImplementedException();
+        }
+
+        public void Dispose()
+        {
+            Debug.Fail("Instance ctor should fail before we reach this point.");
+            // no-op
+        }
+#endif
     }
 }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs
index 898cf554a8bc3..ff73ce605054d 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/CryptoConfig.cs
@@ -185,8 +185,13 @@ public partial class CryptoConfig
                 ht.Add("System.Security.Cryptography.RSA", RSACryptoServiceProviderType);
                 ht.Add("System.Security.Cryptography.AsymmetricAlgorithm", RSACryptoServiceProviderType);
 
-                ht.Add("DSA", DSACryptoServiceProviderType);
-                ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType);
+                if (!OperatingSystem.IsIOS() &&
+                    !OperatingSystem.IsTvOS() &&
+                    !OperatingSystem.IsMacCatalyst())
+                {
+                    ht.Add("DSA", DSACryptoServiceProviderType);
+                    ht.Add("System.Security.Cryptography.DSA", DSACryptoServiceProviderType);
+                }
 
                 // Windows will register the public ECDsaCng type.  Non-Windows gets a special handler.
                 if (OperatingSystem.IsWindows())
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
new file mode 100644
index 0000000000000..8ebda687277a9
--- /dev/null
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
@@ -0,0 +1,13 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace System.Security.Cryptography
+{
+    public partial class DSA : AsymmetricAlgorithm
+    {
+        public static new DSA Create()
+        {
+            throw new PlatformNotSupportedException();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
index 7ee3d6c76d72f..a828a19232e70 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
@@ -707,6 +707,10 @@ public static void CheckIsSupported()
             {
                 expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem;
             }
+            else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst())
+            {
+                expectedIsSupported = false;
+            }
 
             Assert.Equal(expectedIsSupported, AesCcm.IsSupported);
         }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
index 514c189496f24..f0fc1159379ee 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
@@ -875,6 +875,10 @@ public static void CheckIsSupported()
             {
                 expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem;
             }
+            else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst())
+            {
+                expectedIsSupported = false;
+            }
 
             Assert.Equal(expectedIsSupported, AesGcm.IsSupported);
         }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
index 245f023acb53e..3ae50adcc0a73 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
@@ -222,8 +222,13 @@ public static IEnumerable<object[]> AllValidNames
                     yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true };
                     yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true };
                     yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true };
-                    yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };
-                    yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };
+                    if (!OperatingSystem.IsIOS() &&
+                        !OperatingSystem.IsTvOS() &&
+                        !OperatingSystem.IsMacCatalyst())
+                    {
+                        yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };
+                        yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };
+                    }
                     yield return new object[] { "ECDsa", "System.Security.Cryptography.ECDsaCng", true };
                     yield return new object[] { "ECDsaCng", "System.Security.Cryptography.ECDsaCng", false };
                     yield return new object[] { "System.Security.Cryptography.ECDsaCng", null, false };

From 034b4abaa98e76d4045ec75a5b83ff30cedf1063 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Wed, 19 May 2021 18:26:47 +0200
Subject: [PATCH 02/16] Remove DSASecurityTransforms.iOS.cs

---
 .../Cryptography/DSASecurityTransforms.iOS.cs | 25 -------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs

diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs
deleted file mode 100644
index 2773e65dbc74e..0000000000000
--- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.iOS.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System.Buffers;
-using System.Diagnostics;
-using System.Formats.Asn1;
-using System.IO;
-using System.Runtime.InteropServices;
-using System.Security.Cryptography.Apple;
-using Internal.Cryptography;
-
-namespace System.Security.Cryptography
-{
-    internal static partial class DSAImplementation
-    {
-        public sealed partial class DSASecurityTransforms : DSA
-        {
-            public override DSAParameters ExportParameters(bool includePrivateParameters)
-                => throw new PlatformNotSupportedException();
-
-            public override void ImportParameters(DSAParameters parameters)
-                => throw new PlatformNotSupportedException();
-        }
-    }
-}

From 8152f88164feee872597c24ddd59969d3ce7db94 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Wed, 19 May 2021 18:30:03 +0200
Subject: [PATCH 03/16] Re-enable System.Security.Cryptography.Algorithms.Tests
 on iOS

---
 src/libraries/tests.proj | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj
index 096343ab2e8d3..45e3a9e6e854d 100644
--- a/src/libraries/tests.proj
+++ b/src/libraries/tests.proj
@@ -164,9 +164,6 @@
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Threading.Tasks/tests/System.Threading.Tasks.Tests.csproj" />
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Private.Xml/tests/XmlResolver/System.Xml.XmlResolver.Tests/System.Xml.XmlResolver.Tests.csproj" />
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.IO.Packaging/tests/System.IO.Packaging.Tests.csproj" />
-
-    <!-- System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. -->
-    <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Security.Cryptography.Algorithms/tests/System.Security.Cryptography.Algorithms.Tests.csproj" />
   </ItemGroup>
 
   <ItemGroup Condition="('$(TargetOS)' == 'tvOS' or '$(TargetOS)' == 'tvOSSimulator') and '$(RunDisablediOSTests)' != 'true'">

From 2e107741adbd5f15692dce0bdb42711c439f802e Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 06:59:21 +0200
Subject: [PATCH 04/16] Fix System.Security.Cryptography.Primitives.Tests
 CryptoConfig tests

---
 .../tests/CryptoConfigTests.cs                | 23 ++++++++++++++++++-
 ...urity.Cryptography.Primitives.Tests.csproj |  2 ++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs
index 36bb7f85caffc..205de5e17212c 100644
--- a/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs
+++ b/src/libraries/System.Security.Cryptography.Primitives/tests/CryptoConfigTests.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using Test.Cryptography;
 using Xunit;
 
 namespace System.Security.Cryptography.CryptoConfigTests
@@ -126,9 +127,20 @@ public static void NamedSymmetricAlgorithmCreate(string identifier, Type baseTyp
         [InlineData("RSA", typeof(RSA))]
         [InlineData("System.Security.Cryptography.RSA", typeof(RSA))]
         [InlineData("ECDsa", typeof(ECDsa))]
+        public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseType)
+        {
+            using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier))
+            {
+                Assert.NotNull(created);
+                Assert.IsAssignableFrom(baseType, created);
+            }
+        }
+
+        [Theory]
         [InlineData("DSA", typeof(DSA))]
         [InlineData("System.Security.Cryptography.DSA", typeof(DSA))]
-        public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseType)
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
+        public static void NamedAsymmetricAlgorithmCreate_DSA(string identifier, Type baseType)
         {
             using (AsymmetricAlgorithm created = AsymmetricAlgorithm.Create(identifier))
             {
@@ -137,6 +149,15 @@ public static void NamedAsymmetricAlgorithmCreate(string identifier, Type baseTy
             }
         }
 
+        [Theory]
+        [InlineData("DSA")]
+        [InlineData("System.Security.Cryptography.DSA")]
+        [PlatformSpecific(PlatformSupport.MobileAppleCrypto)]
+        public static void NamedAsymmetricAlgorithmCreate_DSA_NotSupported(string identifier)
+        {
+            Assert.Null(AsymmetricAlgorithm.Create(identifier));
+        }
+
         [Fact]
         public static void NamedCreate_Mismatch()
         {
diff --git a/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj b/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj
index ab43c57e984c4..3131378207d2d 100644
--- a/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography.Primitives/tests/System.Security.Cryptography.Primitives.Tests.csproj
@@ -4,6 +4,8 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
   <ItemGroup>
+    <Compile Include="$(CommonTestPath)System\Security\Cryptography\PlatformSupport.cs"
+             Link="CommonTest\System\Security\Cryptography\PlatformSupport.cs" />
     <Compile Include="$(CommonTestPath)System\IO\PositionValueStream.cs"
              Link="CommonTest\System\IO\PositionValueStream.cs" />
     <Compile Include="AsymmetricAlgorithm\Trivial.cs" />

From 51368a39fe02bf11f8a913c7228145acb6d36a73 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 07:04:27 +0200
Subject: [PATCH 05/16] Disable DSA tests in
 System.Security.Cryptography.Csp.Tests

---
 .../tests/DSACryptoServiceProviderTests.cs                      | 2 ++
 src/libraries/tests.proj                                        | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs
index a766c5fe36688..8a703c33d1d25 100644
--- a/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs
+++ b/src/libraries/System.Security.Cryptography.Csp/tests/DSACryptoServiceProviderTests.cs
@@ -2,10 +2,12 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Security.Cryptography.Dsa.Tests;
+using Test.Cryptography;
 using Xunit;
 
 namespace System.Security.Cryptography.Csp.Tests
 {
+    [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
     public class DSACryptoServiceProviderTests
     {
         const int PROV_DSS_DH = 13;
diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj
index 45e3a9e6e854d..8e71ff3ae754a 100644
--- a/src/libraries/tests.proj
+++ b/src/libraries/tests.proj
@@ -158,7 +158,6 @@
 
     <!-- Crashes on CI but passes locally https://github.com/dotnet/runtime/issues/52615 -->
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.IO.Compression/tests/System.IO.Compression.Tests.csproj" />
-    <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj" />
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Threading.Tasks.Dataflow/tests/System.Threading.Tasks.Dataflow.Tests.csproj" />
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.IO.FileSystem/tests/System.IO.FileSystem.Tests.csproj" />
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Threading.Tasks/tests/System.Threading.Tasks.Tests.csproj" />

From 367ea34adf06aa16e62edc3f7a218ec2a283b746 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 07:51:45 +0200
Subject: [PATCH 06/16] Enable System.Security.Cryptography.Pkcs tests on iOS

---
 .../tests/TestUtilities/System/PlatformDetection.cs |  1 +
 .../tests/SignedCms/SignedCmsTests.cs               | 12 +++++++++++-
 .../tests/SignedCms/SignedCmsTests.netcoreapp.cs    |  6 +++++-
 .../tests/SignedCms/SignerInfoTests.cs              | 13 ++++++++++++-
 .../tests/SignedCms/SignerInfoTests.netcoreapp.cs   |  8 +++++++-
 5 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
index 6c0d4a1978999..ecf16031fe9db 100644
--- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
+++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
@@ -138,6 +138,7 @@ public static bool IsNonZeroLowerBoundArraySupported
         public static bool IsOpenSslSupported => IsLinux || IsFreeBSD || Isillumos || IsSolaris;
 
         public static bool UsesAppleCrypto => IsOSX || IsMacCatalyst || IsiOS || IstvOS;
+        public static bool UsesMobileAppleCrypto => IsMacCatalyst || IsiOS || IstvOS;
 
         // Changed to `true` when linking
         public static bool IsBuiltWithAggressiveTrimming => false;
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
index ce65f7a76e645..c53e966a72d9e 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs
@@ -535,6 +535,7 @@ public static void AddSignerWithNegativeSerial()
         [Theory]
         [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, false)]
         [InlineData(SubjectIdentifierType.IssuerAndSerialNumber, true)]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void AddFirstSigner_DSA(SubjectIdentifierType identifierType, bool detached)
         {
             ContentInfo contentInfo = new ContentInfo(new byte[] { 9, 8, 7, 6, 5 });
@@ -1036,7 +1037,16 @@ public static void EnsureExtraCertsAdded(bool newDocument)
             else
             {
                 cms = new SignedCms();
-                cms.Decode(SignedDocuments.OneDsa1024);
+
+                // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead
+                if (PlatformDetection.UsesMobileAppleCrypto)
+                {
+                    cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier);
+                }
+                else
+                {
+                    cms.Decode(SignedDocuments.OneDsa1024);
+                }
             }
 
             int preCount = cms.Certificates.Count;
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs
index a24a66d1f3912..9d90fe7905550 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs
@@ -70,6 +70,7 @@ public static void SignCmsUsingExplicitRSAKey()
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void SignCmsUsingExplicitDSAKey()
         {
             using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey())
@@ -100,6 +101,7 @@ public static void SignCmsUsingExplicitECDsaP521Key()
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCounterSignature()
         {
             using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey())
@@ -112,6 +114,7 @@ public static void CounterSignCmsUsingExplicitRSAKeyForFirstSignerAndDSAForCount
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void CounterSignCmsUsingExplicitDSAKeyForFirstSignerAndECDsaForCounterSignature()
         {
             using (X509Certificate2 cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey())
@@ -202,7 +205,7 @@ public static void SignCmsUsingRSACertWithNotMatchingKeyThrows()
         }
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.OSX, "Creating DSA keys is not supported on OSX")]
+        [SkipOnPlatform(PlatformSupport.AppleCrypto, "Creating DSA keys is not supported on OSX")]
         public static void SignCmsUsingDSACertWithNotMatchingKeyThrows()
         {
             byte[] content = { 9, 8, 7, 6, 5 };
@@ -401,6 +404,7 @@ public static void AddSigner_RSA_EphemeralKey()
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void AddSigner_DSA_EphemeralKey()
         {
             using (DSA dsa = DSA.Create())
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs
index ff67c37e9ec9d..9c558870210a0 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.cs
@@ -444,6 +444,7 @@ public static void RemoveCounterSignature_WithNoMatch()
         [InlineData(0)]
         [InlineData(1)]
         [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework, "NetFx bug")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void RemoveCounterSignature_EncodedInSingleAttribute(int indexToRemove)
         {
             SignedCms cms = new SignedCms();
@@ -698,6 +699,7 @@ public static void AddCounterSignerToUnsortedAttributeSignature()
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public static void AddCounterSigner_DSA()
         {
             SignedCms cms = new SignedCms();
@@ -1027,7 +1029,16 @@ private static void AddSecondCounterSignature_NoSignature(bool withCertificate,
         public static void EnsureExtraCertsAdded()
         {
             SignedCms cms = new SignedCms();
-            cms.Decode(SignedDocuments.OneDsa1024);
+
+            // DSA is not supported on mobile Apple platforms, so use ECDsa signed document instead
+            if (PlatformDetection.UsesMobileAppleCrypto)
+            {
+                cms.Decode(SignedDocuments.SHA256ECDSAWithRsaSha256DigestIdentifier);
+            }
+            else
+            {
+                cms.Decode(SignedDocuments.OneDsa1024);
+            }
 
             int preCount = cms.Certificates.Count;
 
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs
index 3bdef6bd3decd..cda2262f78205 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignerInfoTests.netcoreapp.cs
@@ -246,7 +246,13 @@ public static void SignerInfo_AddRemoveUnsignedAttributes_JoinCounterSignaturesA
                 cms.ComputeSignature(signer);
             }
 
-            using (X509Certificate2 counterSigner1cert = Certificates.Dsa1024.TryGetCertificateWithPrivateKey())
+            // DSA is not supported on mobile Apple platforms, so use ECDsa key instead
+            X509Certificate2 counterSigner1cert =
+                PlatformDetection.UsesMobileAppleCrypto ?
+                Certificates.ECDsaP521Win.TryGetCertificateWithPrivateKey() :
+                Certificates.Dsa1024.TryGetCertificateWithPrivateKey();
+
+            using (counterSigner1cert)
             {
                 CmsSigner counterSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, counterSigner1cert);
                 counterSigner.IncludeOption = X509IncludeOption.EndCertOnly;

From 7848f96a89fdee5c2cdbe0f23038805ddda71f9f Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 08:01:13 +0200
Subject: [PATCH 07/16] Enable System.Security.Cryptography.Xml tests on iOS

---
 .../tests/DSAKeyValueTest.cs                               | 7 ++-----
 .../tests/SignedXmlTest.cs                                 | 1 +
 .../tests/System.Security.Cryptography.Xml.Tests.csproj    | 2 ++
 src/libraries/tests.proj                                   | 4 ----
 4 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs
index a26582120fd2a..14863aff90810 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/DSAKeyValueTest.cs
@@ -13,11 +13,12 @@
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Xml;
+using Test.Cryptography;
 using Xunit;
 
 namespace System.Security.Cryptography.Xml.Tests
 {
-
+    [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
     public class DSAKeyValueTest
     {
         [Fact]
@@ -51,7 +52,6 @@ public void Ctor_Dsa_Null()
 
         [Fact]
         [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
         public void GetXml()
         {
             DSAKeyValue dsa = new DSAKeyValue();
@@ -80,7 +80,6 @@ public void GetXml()
 
         [Fact]
         [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
         public void GetXml_SameDsa()
         {
             using (DSA dsa = DSA.Create())
@@ -92,7 +91,6 @@ public void GetXml_SameDsa()
         }
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
         public void LoadXml()
         {
             const string pValue = "oDZlcdJA1Kf6UeNEIZqm4KDqA6zpX7CmEtAGWi9pgnBhWOUDVEfhswfsvTLR5BCbKfE6KoHvt5Hh8D1RcAko//iZkLZ+gds9y/5Oxape8tu3TUi1BnNPWu8ieXjMtdnpyudKFsCymssJked1rBeRePG23HTVwOV1DpopjRkjBEU=";
@@ -132,7 +130,6 @@ public void LoadXml_Null()
         }
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
         public void ImportDSAKeyValue()
         {
             string p = "6zJxhRqpk5yQ7sjFSr6mPepyVwpTAXSmw1oh+5Cn/z1DjFSpW6rC6sTOkE3CMNwWOwIzrpVS3bWep7wo9CaBrOPIIVe+E4sqpPeyM2wr10mQThHEsCQAjnxBhJJindf9amaBhi6sOtVNnyETFWV6yKDptZEm9c3xdl4L7ogEbX8=";
diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
index 54caa519ac66b..e616b96296526 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
@@ -539,6 +539,7 @@ public void ComputeSignatureNoSigningKey()
         }
 
         [Fact]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void ComputeSignatureMissingReferencedObject()
         {
             XmlDocument doc = new XmlDocument();
diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
index 61ba24acb4c46..bdd0e35bf9b1b 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj
@@ -3,6 +3,8 @@
     <TargetFrameworks>$(NetCoreAppCurrent);net461</TargetFrameworks>
   </PropertyGroup>
   <ItemGroup>
+    <Compile Include="$(CommonTestPath)System\Security\Cryptography\PlatformSupport.cs"
+             Link="CommonTest\System\Security\Cryptography\PlatformSupport.cs" />
     <Compile Include="AssertCrypto.cs" />
     <Compile Include="CipherDataTests.cs" />
     <Compile Include="DataObjectTest.cs" />
diff --git a/src/libraries/tests.proj b/src/libraries/tests.proj
index 8e71ff3ae754a..f973d6877e44b 100644
--- a/src/libraries/tests.proj
+++ b/src/libraries/tests.proj
@@ -143,10 +143,6 @@
     <!-- Failures -->
     <!-- https://github.com/dotnet/runtime/issues/51335 -->
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.IO.Pipes/tests/System.IO.Pipes.Tests.csproj" />
-    <!-- https://github.com/dotnet/runtime/issues/51330 -->
-    <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj" />
-    <!-- https://github.com/dotnet/runtime/issues/51370 -->
-    <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Security.Cryptography.Xml/tests/System.Security.Cryptography.Xml.Tests.csproj" />
     <!-- https://github.com/dotnet/runtime/issues/51338 -->
     <ProjectExclusions Include="$(MSBuildThisFileDirectory)System.Private.Xml/tests/XmlSchema/XmlSchemaValidatorApi/System.Xml.XmlSchema.XmlSchemaValidatorApi.Tests.csproj" />
 

From 806376da9e790b9bc2dec94ee07550358a5862ba Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 08:10:01 +0200
Subject: [PATCH 08/16] Add UnsupportedOSPlatform attributes

---
 .../System.Security.Cryptography.Algorithms.cs | 18 ++++++++++++++++++
 .../src/System/Security/Cryptography/AesCcm.cs |  3 +++
 .../Security/Cryptography/ChaCha20Poly1305.cs  |  3 +++
 .../Cryptography/DSA.Create.NotSupported.cs    |  5 +++++
 4 files changed, 29 insertions(+)

diff --git a/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs b/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs
index f55f635e6b762..c11560bdb7179 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/ref/System.Security.Cryptography.Algorithms.cs
@@ -15,6 +15,9 @@ public abstract partial class Aes : System.Security.Cryptography.SymmetricAlgori
         public static new System.Security.Cryptography.Aes? Create(string algorithmName) { throw null; }
     }
     [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
     public sealed partial class AesCcm : System.IDisposable
     {
         public AesCcm(byte[] key) { }
@@ -29,6 +32,9 @@ public sealed partial class AesCcm : System.IDisposable
         public void Encrypt(System.ReadOnlySpan<byte> nonce, System.ReadOnlySpan<byte> plaintext, System.Span<byte> ciphertext, System.Span<byte> tag, System.ReadOnlySpan<byte> associatedData = default(System.ReadOnlySpan<byte>)) { }
     }
     [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
     public sealed partial class AesGcm : System.IDisposable
     {
         public AesGcm(byte[] key) { }
@@ -101,6 +107,9 @@ public abstract partial class AsymmetricSignatureFormatter
         public abstract void SetKey(System.Security.Cryptography.AsymmetricAlgorithm key);
     }
     [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
     public sealed partial class ChaCha20Poly1305 : System.IDisposable
     {
         public ChaCha20Poly1305(byte[] key) { }
@@ -154,8 +163,17 @@ public abstract partial class DES : System.Security.Cryptography.SymmetricAlgori
     public abstract partial class DSA : System.Security.Cryptography.AsymmetricAlgorithm
     {
         protected DSA() { }
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
         public static new System.Security.Cryptography.DSA Create() { throw null; }
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
         public static System.Security.Cryptography.DSA Create(int keySizeInBits) { throw null; }
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
         public static System.Security.Cryptography.DSA Create(System.Security.Cryptography.DSAParameters parameters) { throw null; }
         [System.Diagnostics.CodeAnalysis.RequiresUnreferencedCodeAttribute("The default algorithm implementations might be removed, use strong type references like 'RSA.Create()' instead.")]
         public static new System.Security.Cryptography.DSA? Create(string algName) { throw null; }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs
index 91c73dcfb0be0..50377c3aee3e8 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.cs
@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
     [UnsupportedOSPlatform("browser")]
+    [UnsupportedOSPlatform("ios")]
+    [UnsupportedOSPlatform("tvos")]
+    [UnsupportedOSPlatform("maccatalyst")]
     public sealed partial class AesCcm : IDisposable
     {
         public static KeySizes NonceByteSizes { get; } = new KeySizes(7, 13, 1);
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs
index 874133cc39f71..115edee5514a4 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ChaCha20Poly1305.cs
@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
     [UnsupportedOSPlatform("browser")]
+    [UnsupportedOSPlatform("ios")]
+    [UnsupportedOSPlatform("tvos")]
+    [UnsupportedOSPlatform("maccatalyst")]
     public sealed partial class ChaCha20Poly1305 : IDisposable
     {
         // Per https://tools.ietf.org/html/rfc7539, ChaCha20Poly1305 AEAD requires a 256-bit key and 96-bit nonce,
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
index 8ebda687277a9..28c8781708959 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
@@ -1,10 +1,15 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Runtime.Versioning;
+
 namespace System.Security.Cryptography
 {
     public partial class DSA : AsymmetricAlgorithm
     {
+        [UnsupportedOSPlatform("ios")]
+        [UnsupportedOSPlatform("tvos")]
+        [UnsupportedOSPlatform("maccatalyst")]
         public static new DSA Create()
         {
             throw new PlatformNotSupportedException();

From 37fa10dbf47e1bbce6dd7be6513efb2136d63359 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 08:13:35 +0200
Subject: [PATCH 09/16] Annotate DSAKeyValue default constructor with
 UnsupportedOSPlatform

---
 .../ref/System.Security.Cryptography.Xml.cs                   | 3 +++
 .../src/System/Security/Cryptography/Xml/DSAKeyValue.cs       | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
index b8b7593f96b8c..f0c200066ae43 100644
--- a/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs
@@ -43,6 +43,9 @@ public sealed partial class DataReference : System.Security.Cryptography.Xml.Enc
     }
     public partial class DSAKeyValue : System.Security.Cryptography.Xml.KeyInfoClause
     {
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+        [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
         public DSAKeyValue() { }
         public DSAKeyValue(System.Security.Cryptography.DSA key) { }
         public System.Security.Cryptography.DSA Key { get { throw null; } set { } }
diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs
index e1c4d4a7c3cbe..e491e065ccfce 100644
--- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/DSAKeyValue.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Runtime.Versioning;
 using System.Xml;
 
 #pragma warning disable CA5384 // Do Not Use Digital Signature Algorithm (DSA)
@@ -15,6 +16,9 @@ public class DSAKeyValue : KeyInfoClause
         // public constructors
         //
 
+        [UnsupportedOSPlatform("ios")]
+        [UnsupportedOSPlatform("tvos")]
+        [UnsupportedOSPlatform("maccatalyst")]
         public DSAKeyValue()
         {
             _key = DSA.Create();

From 39eea6593275dd2de6b011580a99331d131edd6c Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 08:18:11 +0200
Subject: [PATCH 10/16] Simplify platform checks

---
 .../tests/TestUtilities/System/PlatformDetection.Unix.cs      | 2 +-
 .../tests/AesCcmTests.cs                                      | 2 +-
 .../tests/AesGcmTests.cs                                      | 2 +-
 .../tests/CryptoConfigTests.cs                                | 4 +---
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
index b162a25ba11c3..096616937019e 100644
--- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
+++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
@@ -105,7 +105,7 @@ public static bool OpenSslPresentOnSystem
         {
             get
             {
-                if (IsAndroid || IsiOS || IstvOS || IsMacCatalyst || IsBrowser)
+                if (IsAndroid || UsesMobileAppleCrypto || IsBrowser)
                 {
                     return false;
                 }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
index a828a19232e70..eeb1f7edac2dc 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesCcmTests.cs
@@ -707,7 +707,7 @@ public static void CheckIsSupported()
             {
                 expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem;
             }
-            else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst())
+            else if (PlatformDetection.UsesMobileAppleCrypto)
             {
                 expectedIsSupported = false;
             }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
index f0fc1159379ee..0322e37aac23c 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/AesGcmTests.cs
@@ -875,7 +875,7 @@ public static void CheckIsSupported()
             {
                 expectedIsSupported = PlatformDetection.OpenSslPresentOnSystem;
             }
-            else if (OperatingSystem.IsIOS() || OperatingSystem.IsTvOS() || OperatingSystem.IsMacCatalyst())
+            else if (PlatformDetection.UsesMobileAppleCrypto)
             {
                 expectedIsSupported = false;
             }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
index 3ae50adcc0a73..067a50a10015d 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/CryptoConfigTests.cs
@@ -222,9 +222,7 @@ public static IEnumerable<object[]> AllValidNames
                     yield return new object[] { "RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true };
                     yield return new object[] { "System.Security.Cryptography.RSA", "System.Security.Cryptography.RSACryptoServiceProvider", true };
                     yield return new object[] { "System.Security.Cryptography.AsymmetricAlgorithm", "System.Security.Cryptography.RSACryptoServiceProvider", true };
-                    if (!OperatingSystem.IsIOS() &&
-                        !OperatingSystem.IsTvOS() &&
-                        !OperatingSystem.IsMacCatalyst())
+                    if (!PlatformDetection.UsesMobileAppleCrypto)
                     {
                         yield return new object[] { "DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };
                         yield return new object[] { "System.Security.Cryptography.DSA", "System.Security.Cryptography.DSACryptoServiceProvider", true };

From 0cfc56e21f8e5b0c8ed69e29618e948988b6b2a6 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 08:19:46 +0200
Subject: [PATCH 11/16] Add more UnsupportedOSPlatform attributes to DSA.Create

---
 .../src/System/Security/Cryptography/DSA.cs                 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
index e5d90e5d6eadb..f99d76d89930c 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
@@ -35,6 +35,9 @@ public abstract partial class DSA : AsymmetricAlgorithm
             return (DSA?)CryptoConfig.CreateFromName(algName);
         }
 
+        [UnsupportedOSPlatform("ios")]
+        [UnsupportedOSPlatform("tvos")]
+        [UnsupportedOSPlatform("maccatalyst")]
         public static DSA Create(int keySizeInBits)
         {
             DSA dsa = Create();
@@ -51,6 +54,9 @@ public static DSA Create(int keySizeInBits)
             }
         }
 
+        [UnsupportedOSPlatform("ios")]
+        [UnsupportedOSPlatform("tvos")]
+        [UnsupportedOSPlatform("maccatalyst")]
         public static DSA Create(DSAParameters parameters)
         {
             DSA dsa = Create();

From 4cb6326bf03099a5b1b3cf30c2d67873446ddc2e Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 09:02:52 +0200
Subject: [PATCH 12/16] Fix ApiCompat

---
 .../Common/src/System/Security/Cryptography/DSAOpenSsl.cs | 2 +-
 .../System/Security/Cryptography/DSASecurityTransforms.cs | 3 +--
 .../src/System/Security/Cryptography/AesGcm.cs            | 3 +++
 .../System/Security/Cryptography/DSA.Create.Android.cs    | 2 +-
 .../Security/Cryptography/DSA.Create.NotSupported.cs      | 5 +----
 .../src/System/Security/Cryptography/DSA.cs               | 8 ++++++++
 .../src/System/Security/Cryptography/DSACng.cs            | 2 +-
 7 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs
index 6993d59a33f73..7c75208f8a2ea 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs
@@ -11,7 +11,7 @@ namespace System.Security.Cryptography
 #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
     public partial class DSA : AsymmetricAlgorithm
     {
-        public static new DSA Create()
+        private static DSA CreateCore()
         {
             return new DSAImplementation.DSAOpenSsl();
         }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs
index d991928f7779d..8b7e0dbb4ec71 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/DSASecurityTransforms.cs
@@ -12,10 +12,9 @@
 namespace System.Security.Cryptography
 {
 #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
-
     public partial class DSA : AsymmetricAlgorithm
     {
-        public static new DSA Create()
+        private static DSA CreateCore()
         {
             return new DSAImplementation.DSASecurityTransforms();
         }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs
index 78b0ce86db240..89c98f7866d08 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs
@@ -7,6 +7,9 @@
 namespace System.Security.Cryptography
 {
     [UnsupportedOSPlatform("browser")]
+    [UnsupportedOSPlatform("ios")]
+    [UnsupportedOSPlatform("tvos")]
+    [UnsupportedOSPlatform("maccatalyst")]
     public sealed partial class AesGcm : IDisposable
     {
         private const int NonceSize = 12;
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs
index 446a3e56f72bf..7dff1107e8dc8 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.Android.cs
@@ -5,7 +5,7 @@ namespace System.Security.Cryptography
 {
     public partial class DSA : AsymmetricAlgorithm
     {
-        public static new DSA Create()
+        private static DSA CreateCore()
         {
             return new DSAImplementation.DSAAndroid();
         }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
index 28c8781708959..c9421b066260a 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.Create.NotSupported.cs
@@ -7,10 +7,7 @@ namespace System.Security.Cryptography
 {
     public partial class DSA : AsymmetricAlgorithm
     {
-        [UnsupportedOSPlatform("ios")]
-        [UnsupportedOSPlatform("tvos")]
-        [UnsupportedOSPlatform("maccatalyst")]
-        public static new DSA Create()
+        private static DSA CreateCore()
         {
             throw new PlatformNotSupportedException();
         }
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
index f99d76d89930c..89f2bf01310a5 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
@@ -35,6 +35,14 @@ public abstract partial class DSA : AsymmetricAlgorithm
             return (DSA?)CryptoConfig.CreateFromName(algName);
         }
 
+        [UnsupportedOSPlatform("ios")]
+        [UnsupportedOSPlatform("tvos")]
+        [UnsupportedOSPlatform("maccatalyst")]
+        public static new DSA Create()
+        {
+            return CreateCore();
+        }
+
         [UnsupportedOSPlatform("ios")]
         [UnsupportedOSPlatform("tvos")]
         [UnsupportedOSPlatform("maccatalyst")]
diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs
index 9cdf2b83cab31..8ede9bb6dcf5c 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSACng.cs
@@ -8,7 +8,7 @@ namespace System.Security.Cryptography
 {
     public partial class DSA : AsymmetricAlgorithm
     {
-        public static new DSA Create()
+        private static DSA CreateCore()
         {
             return new DSAImplementation.DSACng();
         }

From 6c61e1d6f220fdbbc97de5041d2eafca3f7cd7d5 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 09:04:28 +0200
Subject: [PATCH 13/16] Might as well use DSA.CreateCore in the other two
 DSA.Create methods

---
 .../src/System/Security/Cryptography/DSA.cs                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
index 89f2bf01310a5..2e06904214f42 100644
--- a/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
+++ b/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs
@@ -48,7 +48,7 @@ public static new DSA Create()
         [UnsupportedOSPlatform("maccatalyst")]
         public static DSA Create(int keySizeInBits)
         {
-            DSA dsa = Create();
+            DSA dsa = CreateCore();
 
             try
             {
@@ -67,7 +67,7 @@ public static DSA Create(int keySizeInBits)
         [UnsupportedOSPlatform("maccatalyst")]
         public static DSA Create(DSAParameters parameters)
         {
-            DSA dsa = Create();
+            DSA dsa = CreateCore();
 
             try
             {

From d9a8cc8d1091d4b3f8e03ffe91083d6bbc44ab31 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 10:58:06 +0200
Subject: [PATCH 14/16] More ApiCompat fixes

---
 .../src/Internal/Cryptography/Helpers.cs      | 10 ++++++++++
 .../Cryptography/Pal/AnyOS/ManagedPal.cs      |  2 +-
 .../Cryptography/Pkcs/CmsSignature.DSA.cs     | 20 +++++++++++++------
 ....Security.Cryptography.X509Certificates.cs |  3 +++
 .../DSACertificateExtensions.cs               |  4 ++++
 .../X509Certificates/X509Certificate2.cs      |  4 ++--
 .../ApiCompatBaseline.PreviousNetCoreApp.txt  |  6 +++++-
 7 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/src/libraries/Common/src/Internal/Cryptography/Helpers.cs b/src/libraries/Common/src/Internal/Cryptography/Helpers.cs
index 2440690cd6e19..c2998444ea105 100644
--- a/src/libraries/Common/src/Internal/Cryptography/Helpers.cs
+++ b/src/libraries/Common/src/Internal/Cryptography/Helpers.cs
@@ -4,11 +4,21 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
+using System.Runtime.Versioning;
 
 namespace Internal.Cryptography
 {
     internal static partial class Helpers
     {
+#if NET5_0_OR_GREATER
+        [UnsupportedOSPlatformGuard("ios")]
+        [UnsupportedOSPlatformGuard("tvos")]
+        [UnsupportedOSPlatformGuard("maccatalyst")]
+        public static bool IsDSASupported => !OperatingSystem.IsIOS() && !OperatingSystem.IsTvOS() && !OperatingSystem.IsMacCatalyst();
+#else
+        public static bool IsDSASupported => true;
+#endif
+
         [return: NotNullIfNotNull("src")]
         public static byte[]? CloneByteArray(this byte[]? src)
         {
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs
index 94e8c460e4ce5..1a23c5d0be81e 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs
@@ -84,7 +84,7 @@ public override byte[] GetSubjectKeyIdentifier(X509Certificate2 certificate)
             if (typeof(T) == typeof(ECDsa))
                 return (T?)(object?)certificate.GetECDsaPrivateKey();
 #if NETCOREAPP || NETSTANDARD2_1
-            if (typeof(T) == typeof(DSA))
+            if (typeof(T) == typeof(DSA) && Internal.Cryptography.Helpers.IsDSASupported)
                 return (T?)(object?)certificate.GetDSAPrivateKey();
 #endif
 
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs
index c2c51f6dc3ef8..d6d6c5b4bafab 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs
@@ -2,10 +2,11 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Buffers;
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
 using Internal.Cryptography;
-using System.Diagnostics.CodeAnalysis;
 
 namespace System.Security.Cryptography.Pkcs
 {
@@ -13,11 +14,14 @@ internal partial class CmsSignature
     {
         static partial void PrepareRegistrationDsa(Dictionary<string, CmsSignature> lookup)
         {
-            lookup.Add(Oids.DsaWithSha1, new DSACmsSignature(Oids.DsaWithSha1, HashAlgorithmName.SHA1));
-            lookup.Add(Oids.DsaWithSha256, new DSACmsSignature(Oids.DsaWithSha256, HashAlgorithmName.SHA256));
-            lookup.Add(Oids.DsaWithSha384, new DSACmsSignature(Oids.DsaWithSha384, HashAlgorithmName.SHA384));
-            lookup.Add(Oids.DsaWithSha512, new DSACmsSignature(Oids.DsaWithSha512, HashAlgorithmName.SHA512));
-            lookup.Add(Oids.Dsa, new DSACmsSignature(null, default));
+            if (Helpers.IsDSASupported)
+            {
+                lookup.Add(Oids.DsaWithSha1, new DSACmsSignature(Oids.DsaWithSha1, HashAlgorithmName.SHA1));
+                lookup.Add(Oids.DsaWithSha256, new DSACmsSignature(Oids.DsaWithSha256, HashAlgorithmName.SHA256));
+                lookup.Add(Oids.DsaWithSha384, new DSACmsSignature(Oids.DsaWithSha384, HashAlgorithmName.SHA384));
+                lookup.Add(Oids.DsaWithSha512, new DSACmsSignature(Oids.DsaWithSha512, HashAlgorithmName.SHA512));
+                lookup.Add(Oids.Dsa, new DSACmsSignature(null, default));
+            }
         }
 
         private sealed class DSACmsSignature : CmsSignature
@@ -58,6 +62,8 @@ protected override bool VerifyKeyType(AsymmetricAlgorithm key)
                             _signatureAlgorithm));
                 }
 
+                Debug.Assert(Helpers.IsDSASupported);
+
                 DSA? dsa = certificate.GetDSAPublicKey();
 
                 if (dsa == null)
@@ -105,6 +111,8 @@ protected override bool VerifyKeyType(AsymmetricAlgorithm key)
                 [NotNullWhen(true)] out string? signatureAlgorithm,
                 [NotNullWhen(true)] out byte[]? signatureValue)
             {
+                Debug.Assert(Helpers.IsDSASupported);
+
                 // If there's no private key, fall back to the public key for a "no private key" exception.
                 DSA? dsa = key as DSA ??
                     PkcsPal.Instance.GetPrivateKeyForSigning<DSA>(certificate, silent) ??
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs b/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs
index 992d44d0824b9..4b7bdf649bd79 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs
@@ -34,6 +34,9 @@ public sealed partial class CertificateRequest
         public byte[] CreateSigningRequest() { throw null; }
         public byte[] CreateSigningRequest(System.Security.Cryptography.X509Certificates.X509SignatureGenerator signatureGenerator) { throw null; }
     }
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("maccatalyst")]
     public static partial class DSACertificateExtensions
     {
         public static System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.DSA privateKey) { throw null; }
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs
index 42744defa1cda..7d54eaa38b13f 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/DSACertificateExtensions.cs
@@ -3,6 +3,7 @@
 
 using Internal.Cryptography;
 using Internal.Cryptography.Pal;
+using System.Runtime.Versioning;
 
 namespace System.Security.Cryptography.X509Certificates
 {
@@ -10,6 +11,9 @@ namespace System.Security.Cryptography.X509Certificates
     /// Provides extension methods for retrieving <see cref="DSA" /> implementations for the
     /// public and private keys of a <see cref="X509Certificate2" />.
     /// </summary>
+    [UnsupportedOSPlatform("ios")]
+    [UnsupportedOSPlatform("tvos")]
+    [UnsupportedOSPlatform("maccatalyst")]
     public static class DSACertificateExtensions
     {
         /// <summary>
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
index b16df4a367f99..76022ec91b6ab 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
@@ -943,7 +943,7 @@ public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem, ReadOnl
                 return keyAlgorithm switch
                 {
                     Oids.Rsa => ExtractKeyFromPem<RSA>(keyPem, s_RsaPublicKeyPrivateKeyLabels, RSA.Create, certificate.CopyWithPrivateKey),
-                    Oids.Dsa => ExtractKeyFromPem<DSA>(keyPem, s_DsaPublicKeyPrivateKeyLabels, DSA.Create, certificate.CopyWithPrivateKey),
+                    Oids.Dsa when Helpers.IsDSASupported => ExtractKeyFromPem<DSA>(keyPem, s_DsaPublicKeyPrivateKeyLabels, DSA.Create, certificate.CopyWithPrivateKey),
                     Oids.EcPublicKey when IsECDsa(certificate) =>
                         ExtractKeyFromPem<ECDsa>(
                             keyPem,
@@ -1013,7 +1013,7 @@ public static X509Certificate2 CreateFromEncryptedPem(ReadOnlySpan<char> certPem
                 return keyAlgorithm switch
                 {
                     Oids.Rsa => ExtractKeyFromEncryptedPem<RSA>(keyPem, password, RSA.Create, certificate.CopyWithPrivateKey),
-                    Oids.Dsa => ExtractKeyFromEncryptedPem<DSA>(keyPem, password, DSA.Create, certificate.CopyWithPrivateKey),
+                    Oids.Dsa when Helpers.IsDSASupported => ExtractKeyFromEncryptedPem<DSA>(keyPem, password, DSA.Create, certificate.CopyWithPrivateKey),
                     Oids.EcPublicKey when IsECDsa(certificate) =>
                         ExtractKeyFromEncryptedPem<ECDsa>(
                             keyPem,
diff --git a/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt b/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt
index 2d6940197b4f6..ae74975ddda7b 100644
--- a/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt
+++ b/src/libraries/shims/ApiCompatBaseline.PreviousNetCoreApp.txt
@@ -171,4 +171,8 @@ Compat issues with assembly System.Security.Cryptography.Algorithms:
 CannotRemoveAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' exists on 'System.Security.Cryptography.CryptoConfig' in the contract but not the implementation.
 Compat issues with assembly System.Threading.Tasks.Extensions:
 CannotChangeAttribute : Attribute 'System.AttributeUsageAttribute' on 'System.Runtime.CompilerServices.AsyncMethodBuilderAttribute' changed from '[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Delegate | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Struct, Inherited=false, AllowMultiple=false)]' in the contract to '[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Delegate | AttributeTargets.Enum | AttributeTargets.Interface | AttributeTargets.Method | AttributeTargets.Struct, Inherited=false, AllowMultiple=false)]' in the implementation.
-Total Issues: 158
+CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesCcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation.
+CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesGcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation.
+CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesCcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation.
+CannotChangeAttribute : Attribute 'System.Runtime.Versioning.UnsupportedOSPlatformAttribute' on 'System.Security.Cryptography.AesGcm' changed from '[UnsupportedOSPlatformAttribute("browser")]' in the contract to '[UnsupportedOSPlatformAttribute("browser")]' in the implementation.
+Total Issues: 162

From fdc95f27c6ee3aa19d894a9e37df794053b33ea3 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 11:45:13 +0200
Subject: [PATCH 15/16] Fix test build

---
 .../System.Security.Cryptography.Xml/tests/SignedXmlTest.cs      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
index e616b96296526..0a17b7850f47f 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
@@ -15,6 +15,7 @@
 using System.Text;
 using System.Xml;
 using System.Xml.XPath;
+using Test.Cryptography;
 using Xunit;
 
 namespace System.Security.Cryptography.Xml.Tests

From c663d2a01b9735b22896f5aa15beda9c811b5f54 Mon Sep 17 00:00:00 2001
From: Filip Navara <navara@emclient.com>
Date: Thu, 20 May 2021 13:59:22 +0200
Subject: [PATCH 16/16] Fix tests on Mac Catalyst

---
 .../System.Security.Cryptography.Xml/tests/KeyInfoTest.cs  | 7 ++++---
 .../tests/SignedXmlTest.cs                                 | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs
index 9812572ae6abd..61534f61c2ba0 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoTest.cs
@@ -13,6 +13,7 @@
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Xml;
+using Test.Cryptography;
 using Xunit;
 
 namespace System.Security.Cryptography.Xml.Tests
@@ -69,7 +70,7 @@ public void KeyInfoNode()
         private static string xmlDSA = "<DSAKeyValue><P>" + dsaP + "</P><Q>" + dsaQ + "</Q><G>" + dsaG + "</G><Y>" + dsaY + "</Y></DSAKeyValue>";
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void DSAKeyValue()
         {
             using (DSA key = DSA.Create())
@@ -148,7 +149,7 @@ public void X509Data()
         }
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void Complex()
         {
             KeyInfoName name = new KeyInfoName();
@@ -199,7 +200,7 @@ public void Complex()
         }
 
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void ImportKeyNode()
         {
             string keyName = "Mono::";
diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
index 0a17b7850f47f..c6ad9ba72e8e6 100644
--- a/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
+++ b/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs
@@ -289,7 +289,7 @@ public void AsymmetricRSAMixedCaseAttributesVerifyWindows()
 
         [Fact]
         [ActiveIssue("https://github.com/dotnet/runtime/issues/20575", TestPlatforms.OSX)]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void AsymmetricDSASignature()
         {
             SignedXml signedXml = MSDNSample();
@@ -389,7 +389,7 @@ public void AsymmetricRSAVerify()
         // Using empty constructor
         // The two other constructors don't seems to apply in verifying signatures
         [Fact]
-        [SkipOnPlatform(TestPlatforms.iOS | TestPlatforms.tvOS, "Not supported on iOS or tvOS.")]
+        [SkipOnPlatform(PlatformSupport.MobileAppleCrypto, "DSA is not available")]
         public void AsymmetricDSAVerify()
         {
             string value = "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\" /><Reference URI=\"#MyObjectId\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Vvq6sXEVbtZC8GwNtLQnGOy/VI=</DigestValue></Reference></SignedInfo><SignatureValue>BYz/qRGjGsN1yMFPxWa3awUZm1y4I/IxOQroMxkOteRGgk1HIwhRYw==</SignatureValue><KeyInfo><KeyValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><DSAKeyValue><P>iglVaZ+LsSL8Y0aDXmFMBwva3xHqIypr3l/LtqBH9ziV2Sh1M4JVasAiKqytWIWt/s/Uk8Ckf2tO2Ww1vsNi1NL+Kg9T7FE52sn380/rF0miwGkZeidzm74OWhykb3J+wCTXaIwOzAWI1yN7FoeoN7wzF12jjlSXAXeqPMlViqk=</P><Q>u4sowiJMHilNRojtdmIuQY2YnB8=</Q><G>SdnN7d+wn1n+HH4Hr8MIryIRYgcXdbZ5TH7jAnuWc1koqRc1AZfcYAZ6RDf+orx6Lzn055FTFiN+1NHQfGUtXJCWW0zz0FVV1NJux7WRj8vGTldjJ5ef0oCenkpwDjcIxWsZgVobve4GPoyN1sAc1scnkJB59oupibklmF4y72A=</G><Y>XejzS8Z51yfl0zbYnxSYYbHqreSLjNCoGPB/KjM1TOyV5sMjz0StKtGrFWryTWc7EgvFY7kUth4e04VKf9HbK8z/FifHTXj8+Tszbjzw8GfInnBwLN+vJgbpnjtypmiI5Bm2nLiRbfkdAHP+OrKtr/EauM9GQfYuaxm3/Vj8B84=</Y><J>vGwGg9wqwwWP9xsoPoXu6kHArJtadiNKe9azBiUx5Ob883gd5wlKfEcGuKkBmBySGbgwxyOsIBovd9Kk48hF01ymfQzAAuHR0EdJECSsTsTTKVTLQNBU32O+PRbLYpv4E8kt6rNL83JLJCBY</J><Seed>sqzn8J6fd2gtEyq6YOqiUSHgPE8=</Seed><PgenCounter>sQ==</PgenCounter></DSAKeyValue></KeyValue></KeyInfo><Object Id=\"MyObjectId\"><MyElement xmlns=\"samples\">This is some text</MyElement></Object></Signature>";