Purge use of RNGCryptoServiceProvider in examples

dotnet · Oct 1, 2024 · 0f1a48d · 0f1a48d
1 parent 6139eea
commit 0f1a48d
Show file tree

Hide file tree

Showing 31 changed files with 104 additions and 89 deletions.
diff --git a/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp b/snippets/cpp/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/cpp/sample.cpp
@@ -18,12 +18,12 @@ array<Byte>^ CreateRandomSalt(int length)
         randomBytes = gcnew array <Byte>(1);
     }
 
-    // Create a new RNGCryptoServiceProvider.
-    RNGCryptoServiceProvider^ cryptoRNGProvider =
-        gcnew RNGCryptoServiceProvider();
+    // Create a new RandomNumberGenerator.
+    RandomNumberGenerator^ randomNumberGenerator =
+        RandomNumberGenerator::Create();
 
     // Fill the buffer with random bytes.
-    cryptoRNGProvider->GetBytes(randomBytes);
+    randomNumberGenerator->GetBytes(randomBytes);
 
     // return the bytes.
     return randomBytes;

diff --git a/snippets/cpp/VS_Snippets_CLR/HMACRIPEMD160/CPP/hmacripemd160.cpp b/snippets/cpp/VS_Snippets_CLR/HMACRIPEMD160/CPP/hmacripemd160.cpp
@@ -111,8 +111,7 @@ int main()
          //  secret key shared by sender and receiver.
          array<Byte>^secretkey = gcnew array<Byte>(64);
 
-         //RNGCryptoServiceProvider is an implementation of a random number generator.
-         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+         RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
 
          // The array is now filled with cryptographically strong random bytes.
          rng->GetBytes( secretkey );

diff --git a/snippets/cpp/VS_Snippets_CLR/HMACSHA256/CPP/hmacsha256.cpp b/snippets/cpp/VS_Snippets_CLR/HMACSHA256/CPP/hmacsha256.cpp
@@ -111,8 +111,7 @@ int main()
          //  secret key shared by sender and receiver.
          array<Byte>^secretkey = gcnew array<Byte>(64);
 
-         //RNGCryptoServiceProvider is an implementation of a random number generator.
-         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+         RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
 
          // The array is now filled with cryptographically strong random bytes.
          rng->GetBytes( secretkey );

diff --git a/snippets/cpp/VS_Snippets_CLR/HMACSHA384/CPP/hmacsha384.cpp b/snippets/cpp/VS_Snippets_CLR/HMACSHA384/CPP/hmacsha384.cpp
@@ -111,8 +111,7 @@ int main()
          //  secret key shared by sender and receiver.
          array<Byte>^secretkey = gcnew array<Byte>(64);
 
-         //RNGCryptoServiceProvider is an implementation of a random number generator.
-         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+         RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
 
          // The array is now filled with cryptographically strong random bytes.
          rng->GetBytes( secretkey );

diff --git a/snippets/cpp/VS_Snippets_CLR/HMACSHA512/CPP/hmacsha512.cpp b/snippets/cpp/VS_Snippets_CLR/HMACSHA512/CPP/hmacsha512.cpp
@@ -110,9 +110,8 @@ int main()
          // Create a random key using a random number generator. This would be the
          //  secret key shared by sender and receiver.
          array<Byte>^secretkey = gcnew array<Byte>(64);
-
-         //RNGCryptoServiceProvider is an implementation of a random number generator.
-         RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+
+         RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
 
          // The array is now filled with cryptographically strong random bytes.
          rng->GetBytes( secretkey );

diff --git a/snippets/cpp/VS_Snippets_CLR/rfc28981/CPP/rfc28981.cpp b/snippets/cpp/VS_Snippets_CLR/rfc28981/CPP/rfc28981.cpp
@@ -27,8 +27,8 @@ int main()
       String^ pwd1 = passwordargs[ 1 ];
 
       array<Byte>^salt1 = gcnew array<Byte>(8);
-	  RNGCryptoServiceProvider ^ rngCsp = gcnew RNGCryptoServiceProvider();
-		 rngCsp->GetBytes(salt1);
+      RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
+      rng->GetBytes(salt1);
       //data1 can be a string or contents of a file.
       String^ data1 = "Some test data";
 

diff --git a/...cpp/VS_Snippets_CLR_Classic/classic RandomNumberGenerator.GetBytes Example/CPP/source.cpp b/...cpp/VS_Snippets_CLR_Classic/classic RandomNumberGenerator.GetBytes Example/CPP/source.cpp
@@ -16,8 +16,7 @@ public ref class Form1: public Form
       // <Snippet1>
       array<Byte>^ random = gcnew array<Byte>(100);
 
-      //RNGCryptoServiceProvider is an implementation of a random number generator.
-      RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+      RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
       rng->GetBytes( random ); // The array is now filled with cryptographically strong random bytes.
       // </Snippet1>
    }

diff --git a/...Snippets_CLR_Classic/classic RandomNumberGenerator.GetNonZeroBytes Example/CPP/source.cpp b/...Snippets_CLR_Classic/classic RandomNumberGenerator.GetNonZeroBytes Example/CPP/source.cpp
@@ -15,8 +15,7 @@ public ref class Form1: public Form
    {
       // <Snippet1>
       array<Byte>^ random = gcnew array<Byte>(100);
-      //RNGCryptoServiceProvider is an implementation of a random number generator.
-      RNGCryptoServiceProvider^ rng = gcnew RNGCryptoServiceProvider;
+      RandomNumberGenerator^ rng = RandomNumberGenerator::Create();
       rng->GetNonZeroBytes( random ); // The array is now filled with cryptographically strong random bytes, and none are zero.
       // </Snippet1>
    }

diff --git a/..._CLR_System/system.Security.Cryptography.RSAOAEPKeyExchangeDeformatter/CPP/rsaencoder.cpp b/..._CLR_System/system.Security.Cryptography.RSAOAEPKeyExchangeDeformatter/CPP/rsaencoder.cpp
@@ -122,7 +122,7 @@ ref class RSAEncoder
 
       // Create a random number using the RNGCryptoServiceProvider provider.
       //<Snippet6>
-      RNGCryptoServiceProvider^ ring = gcnew RNGCryptoServiceProvider;
+      RandomNumberGenerator^ ring = RandomNumberGenerator::Create();
       rsaFormatter->Rng = ring;
       //</Snippet6>
 
@@ -190,7 +190,7 @@ int main()
 //
 // Encoding the following message:
 // A phrase to be encoded.
-// Resulting message encoded: %?}T:v??xu?eD)YucItjwu¦ALH HB,Uj??2xq?.?s45
+// Resulting message encoded: %?}T:v??xu?eD)YucItjwu¦ALH HB,Uj??2xq?.?s45
 // ?f?L2?=X?CPzWx???"q5?6&N"AE,Z+T?(]S?_7~,?G{?VV!:S?df?
 // Resulting message decoded:
 // A phrase to be encoded.

diff --git a/snippets/csharp/System.Security.Cryptography/HMACRIPEMD160/Overview/hmacripemd160.cs b/snippets/csharp/System.Security.Cryptography/HMACRIPEMD160/Overview/hmacripemd160.cs
@@ -35,8 +35,8 @@ public static void Main(string[] Fileargs)
             // Create a random key using a random number generator. This would be the
             //  secret key shared by sender and receiver.
             byte[] secretkey = new Byte[64];
-            //RNGCryptoServiceProvider is an implementation of a random number generator.
-            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
+
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey);

diff --git a/snippets/csharp/System.Security.Cryptography/HMACSHA256/Overview/hmacsha256.cs b/snippets/csharp/System.Security.Cryptography/HMACSHA256/Overview/hmacsha256.cs
@@ -35,8 +35,8 @@ public static void Main(string[] Fileargs)
             // Create a random key using a random number generator. This would be the
             //  secret key shared by sender and receiver.
             byte[] secretkey = new Byte[64];
-            //RNGCryptoServiceProvider is an implementation of a random number generator.
-            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
+
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey);

diff --git a/snippets/csharp/System.Security.Cryptography/HMACSHA384/Overview/hmacsha384.cs b/snippets/csharp/System.Security.Cryptography/HMACSHA384/Overview/hmacsha384.cs
@@ -35,8 +35,8 @@ public static void Main(string[] Fileargs)
             // Create a random key using a random number generator. This would be the
             //  secret key shared by sender and receiver.
             byte[] secretkey = new Byte[64];
-            //RNGCryptoServiceProvider is an implementation of a random number generator.
-            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
+
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey);

diff --git a/snippets/csharp/System.Security.Cryptography/HMACSHA512/Overview/hmacsha512.cs b/snippets/csharp/System.Security.Cryptography/HMACSHA512/Overview/hmacsha512.cs
@@ -35,8 +35,8 @@ public static void Main(string[] Fileargs)
             // Create a random key using a random number generator. This would be the
             //  secret key shared by sender and receiver.
             byte[] secretkey = new Byte[64];
-            //RNGCryptoServiceProvider is an implementation of a random number generator.
-            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
+
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey);

diff --git a/snippets/csharp/System.Security.Cryptography/MACTripleDES/Overview/program.cs b/snippets/csharp/System.Security.Cryptography/MACTripleDES/Overview/program.cs
@@ -35,8 +35,8 @@ public static void Main(string[] Fileargs)
             // Create a random key using a random number generator. This would be the
             //  secret key shared by sender and receiver.
             byte[] secretkey = new Byte[24];
-            //RNGCryptoServiceProvider is an implementation of a random number generator.
-            using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
+
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey);

diff --git a/snippets/csharp/System.Security.Cryptography/PasswordDeriveBytes/Overview/sample.cs b/snippets/csharp/System.Security.Cryptography/PasswordDeriveBytes/Overview/sample.cs
@@ -79,11 +79,11 @@ public static byte[] CreateRandomSalt(int length)
             randBytes = new byte[1];
         }
 
-        // Create a new RNGCryptoServiceProvider.
-        RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider();
-
-        // Fill the buffer with random bytes.
-        rand.GetBytes(randBytes);
+        using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+        {
+            // Fill the buffer with random bytes.
+            rand.GetBytes(randBytes);
+        }
 
         // return the bytes.
         return randBytes;

diff --git a/...sharp/System.Security.Cryptography/RSAOAEPKeyExchangeDeformatter/Parameters/rsaencoder.cs b/...sharp/System.Security.Cryptography/RSAOAEPKeyExchangeDeformatter/Parameters/rsaencoder.cs
@@ -122,9 +122,9 @@ private void ConstructFormatter()
         rsaFormatter.SetKey(key);
         //</Snippet5>
 
-        // Create a random number using the RNGCryptoServiceProvider provider.
+        // Create a random number using the RandomNumberGenerator
         //<Snippet6>
-        RNGCryptoServiceProvider ring = new RNGCryptoServiceProvider(); 
+        RandomNumberGenerator ring = RandomNumberGenerator.Create(); 
         rsaFormatter.Rng = ring;
         //</Snippet6>
 

diff --git a/snippets/csharp/System.Security.Cryptography/RandomNumberGenerator/GetBytes/source.cs b/snippets/csharp/System.Security.Cryptography/RandomNumberGenerator/GetBytes/source.cs
@@ -1,18 +1,19 @@
 using System;
 using System.Data;
-using System.Security.Cryptography ;
+using System.Security.Cryptography;
 using System.Windows.Forms;
 
 public class Form1: Form
 {
    public static void Main()
    {
-      // <Snippet1>
-      byte[] random = new Byte[100];
+        // <Snippet1>
+        byte[] random = new byte[100];
 
-      //RNGCryptoServiceProvider is an implementation of a random number generator.
-      RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
-      rng.GetBytes(random); // The array is now filled with cryptographically strong random bytes.
-      // </Snippet1>
+        using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+        {
+            rng.GetBytes(random); // The array is now filled with cryptographically strong random bytes.
+        }
+        // </Snippet1>
    }
 }
diff --git a/snippets/csharp/System.Security.Cryptography/RandomNumberGenerator/GetNonZeroBytes/source.cs b/snippets/csharp/System.Security.Cryptography/RandomNumberGenerator/GetNonZeroBytes/source.cs
@@ -8,10 +8,12 @@ public class Form1: Form
  public void Method()
  {
 // <Snippet1>
-    byte[] random = new Byte[100];
-    //RNGCryptoServiceProvider is an implementation of a random number generator.
-    RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
-    rng.GetNonZeroBytes(random); // The array is now filled with cryptographically strong random bytes, and none are zero.
+    byte[] random = new byte[100];
+
+    using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+    {
+        rng.GetNonZeroBytes(random); // The array is now filled with cryptographically strong random bytes, and none are zero.
+    }
 // </Snippet1>
  }
 }
diff --git a/snippets/csharp/System.Security.Cryptography/Rfc2898DeriveBytes/Overview/rfc28981.cs b/snippets/csharp/System.Security.Cryptography/Rfc2898DeriveBytes/Overview/rfc28981.cs
@@ -26,11 +26,10 @@ public static void Main(string[] passwordargs)
             string pwd1 = passwordargs[0];
             // Create a byte array to hold the random value.
             byte[] salt1 = new byte[8];
-            using (RNGCryptoServiceProvider rngCsp = new
-RNGCryptoServiceProvider())
+            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
             {
                 // Fill the array with a random value.
-                rngCsp.GetBytes(salt1);
+                rng.GetBytes(salt1);
             }
 
             //data1 can be a string or contents of a file.

diff --git a/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs b/snippets/csharp/VS_Snippets_CFX/samlattribute/cs/source.cs
@@ -323,9 +323,13 @@ protected static BinarySecretSecurityToken CreateProofToken(int keySize)
         {
             // Create an array to store the key bytes.
             byte[] key = new byte[keySize/8];
+
             // Create some random bytes.
-            RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
-            random.GetNonZeroBytes(key);
+            using (RandomNumberGenerator random = RandomNumberGenerator.Create())
+            {
+                random.GetNonZeroBytes(key);
+            }
+
             // Create a BinarySecretSecurityToken from the random bytes and return it.
             return new BinarySecretSecurityToken(key);
         }
@@ -409,19 +413,25 @@ public virtual Message ProcessRequestSecurityToken(Message message)
             {
                 // Create an array to store the entropy bytes.
                 stsEntropy = new byte[keySize / 8];
+
                 // Create some random bytes.
-                RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
-                random.GetNonZeroBytes(stsEntropy);
+                using (RandomNumberGenerator random = RandomNumberGenerator.Create())
+                {
+                    random.GetNonZeroBytes(stsEntropy);
+                }
                 // Compute the combined key.
                 key = RequestSecurityTokenResponse.ComputeCombinedKey(senderEntropy, stsEntropy, keySize);
             }
             else // Issuer entropy only...
             {
                 // Create an array to store the entropy bytes.
                 key = new byte[keySize / 8];
+
                 // Create some random bytes.
-                RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
-                random.GetNonZeroBytes(key);
+                using (RandomNumberGenerator random = RandomNumberGenerator.Create())
+                {
+                    random.GetNonZeroBytes(key);
+                }
             }
 
             // Create a BinarySecretSecurityToken to be the proof token, based on the key material

diff --git a/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb b/snippets/visualbasic/VS_Snippets_CFX/samlattribute/vb/source.vb
@@ -320,9 +320,12 @@ Namespace Microsoft.ServiceModel.Samples.Federation
         Protected Shared Function CreateProofToken(ByVal keySize As Integer) As BinarySecretSecurityToken
             ' Create an array to store the key bytes.
             Dim key(keySize / 8 - 1) As Byte
+
             ' Create some random bytes.
-            Dim random As New RNGCryptoServiceProvider()
-            random.GetNonZeroBytes(key)
+            Using random As RandomNumberGenerator = RandomNumberGenerator.Create()
+                random.GetNonZeroBytes(key)
+            End Using
+
             ' Create a BinarySecretSecurityToken from the random bytes and return it.
             Return New BinarySecretSecurityToken(key)
         End Function
@@ -398,18 +401,23 @@ Namespace Microsoft.ServiceModel.Samples.Federation
             If Not (senderEntropy Is Nothing) Then
                 ' Create an array to store the entropy bytes.
                 stsEntropy = New Byte(keySize / 8) {}
+
                 ' Create some random bytes.
-                Dim random As New RNGCryptoServiceProvider()
-                random.GetNonZeroBytes(stsEntropy)
+                Using random As RandomNumberGenerator = RandomNumberGenerator.Create()
+                    random.GetNonZeroBytes(stsEntropy)
+                End Using
+
                 ' Compute the combined key.
                 key = RequestSecurityTokenResponse.ComputeCombinedKey(senderEntropy, stsEntropy, keySize)
                 ' Issuer entropy only...
             Else
                 ' Create an array to store the entropy bytes.
                 key = New Byte(keySize / 8) {}
+
                 ' Create some random bytes.
-                Dim random As New RNGCryptoServiceProvider()
-                random.GetNonZeroBytes(key)
+                Using random As RandomNumberGenerator = RandomNumberGenerator.Create()
+                    random.GetNonZeroBytes(key)
+                End Using
             End If
 
             ' Create a BinarySecretSecurityToken to be the proof token, based on the key material

diff --git a/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb b/snippets/visualbasic/VS_Snippets_CLR/Cryptography.PasswordDerivedbytes/VB/sample.vb
@@ -71,11 +71,11 @@ Module PasswordDerivedBytesExample
             randBytes = New Byte(0) {}
         End If
 
-        ' Create a new RNGCryptoServiceProvider.
-        Dim rand As New RNGCryptoServiceProvider()
-
-        ' Fill the buffer with random bytes.
-        rand.GetBytes(randBytes)
+        ' Create a new RandomNumberGenerator.
+        Using rand As RandomNumberGenerator = RandomNumberGenerator.Create()
+            ' Fill the buffer with random bytes.
+            rand.GetBytes(randBytes)
+        End Using
 
         ' return the bytes.
         Return randBytes

diff --git a/snippets/visualbasic/VS_Snippets_CLR/HMACRIPEMD160/vb/hmacripemd160.vb b/snippets/visualbasic/VS_Snippets_CLR/HMACRIPEMD160/vb/hmacripemd160.vb
@@ -27,8 +27,8 @@ Public Class HMACRIPEMD160example
             ' Create a random key using a random number generator. This would be the
             '  secret key shared by sender and receiver.
             Dim secretkey() As Byte = New [Byte](63) {}
-            'RNGCryptoServiceProvider is an implementation of a random number generator.
-            Using rng As New RNGCryptoServiceProvider()
+
+            Using rng As RandomNumberGenerator = RandomNumberGenerator.Create()
                 ' The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey)
 

diff --git a/snippets/visualbasic/VS_Snippets_CLR/HMACSHA256/vb/hmacsha256.vb b/snippets/visualbasic/VS_Snippets_CLR/HMACSHA256/vb/hmacsha256.vb
@@ -27,8 +27,8 @@ Public Class HMACSHA256example
             ' Create a random key using a random number generator. This would be the
             '  secret key shared by sender and receiver.
             Dim secretkey() As Byte = New [Byte](63) {}
-            'RNGCryptoServiceProvider is an implementation of a random number generator.
-            Using rng As New RNGCryptoServiceProvider()
+
+            Using rng As RandomNumberGenerator = RandomNumberGenerator.Create()
                 ' The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey)
 

diff --git a/snippets/visualbasic/VS_Snippets_CLR/HMACSHA384/vb/hmacsha384.vb b/snippets/visualbasic/VS_Snippets_CLR/HMACSHA384/vb/hmacsha384.vb
@@ -27,8 +27,8 @@ Public Class HMACSHA384example
             ' Create a random key using a random number generator. This would be the
             '  secret key shared by sender and receiver.
             Dim secretkey() As Byte = New [Byte](63) {}
-            'RNGCryptoServiceProvider is an implementation of a random number generator.
-            Using rng As New RNGCryptoServiceProvider()
+
+            Using rng As RandomNumberGenerator = RandomNumberGenerator.Create()
                 ' The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey)
 

diff --git a/snippets/visualbasic/VS_Snippets_CLR/HMACSHA512/vb/hmacsha512.vb b/snippets/visualbasic/VS_Snippets_CLR/HMACSHA512/vb/hmacsha512.vb
@@ -27,8 +27,8 @@ Public Class HMACSHA5126example
             ' Create a random key using a random number generator. This would be the
             '  secret key shared by sender and receiver.
             Dim secretkey() As Byte = New [Byte](63) {}
-            'RNGCryptoServiceProvider is an implementation of a random number generator.
-            Using rng As New RNGCryptoServiceProvider()
+
+            Using rng As RandomNumberGenerator = RandomNumberGenerator.Create()
                 ' The array is now filled with cryptographically strong random bytes.
                 rng.GetBytes(secretkey)