From ebd695fee1ccccac472e39adb2a2469e89a7ccb2 Mon Sep 17 00:00:00 2001
From: Jeff Handley <jeffhandley@users.noreply.github.com>
Date: Fri, 7 May 2021 18:33:52 -0700
Subject: [PATCH] Mark RNGCryptoServiceProvider as Obsolete (#52373)

* Mark RNGCryptoServiceProvider as Obsolete

* Use the static methods on RandomNumberGenerator instead of Create()

* Use RandomNumberGenerator.GetBytes() instead of RandomNumberGenerator.Create().GetBytes()

* Revert "Use RandomNumberGenerator.GetBytes() instead of RandomNumberGenerator.Create().GetBytes()"

This reverts commit 447f8485a08f831f34d00597a30800ac36f034ef.

* Update src/libraries/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.Windows.cs

Co-authored-by: Jeremy Barton <jbarton@microsoft.com>
---
 docs/project/list-of-diagnostics.md                    |  1 +
 src/libraries/Common/src/System/Obsoletions.cs         |  3 +++
 src/libraries/Directory.Build.targets                  |  3 ++-
 .../NamedPipeTest.CurrentUserOnly.Windows.cs           | 10 +++-------
 .../ref/System.Security.Cryptography.Csp.cs            |  1 +
 .../src/System.Security.Cryptography.Csp.csproj        |  2 ++
 .../Security/Cryptography/RNGCryptoServiceProvider.cs  |  1 +
 .../tests/RNGCryptoServiceProviderTests.cs             |  4 ++++
 .../WindowsIdentityImpersonatedTests.netcoreapp.cs     |  2 +-
 9 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/docs/project/list-of-diagnostics.md b/docs/project/list-of-diagnostics.md
index 1ac9545c029bb..78509d235f7bc 100644
--- a/docs/project/list-of-diagnostics.md
+++ b/docs/project/list-of-diagnostics.md
@@ -76,6 +76,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
 |  __`SYSLIB0019`__ | RuntimeEnvironment members SystemConfigurationFile, GetRuntimeInterfaceAsIntPtr, and GetRuntimeInterfaceAsObject are no longer supported and throw PlatformNotSupportedException. |
 |  __`SYSLIB0020`__ | JsonSerializerOptions.IgnoreNullValues is obsolete. To ignore null values when serializing, set DefaultIgnoreCondition to JsonIgnoreCondition.WhenWritingNull. |
 |  __`SYSLIB0022`__ | The Rijndael and RijndaelManaged types are obsolete. Use Aes instead. |
+|  __`SYSLIB0023`__ | RNGCryptoServiceProvider is obsolete. To generate a random number, use one of the RandomNumberGenerator static methods instead. |
 
 ## Analyzer Warnings
 
diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs
index 1ae6bf8cf3056..e2946bf0ab298 100644
--- a/src/libraries/Common/src/System/Obsoletions.cs
+++ b/src/libraries/Common/src/System/Obsoletions.cs
@@ -74,5 +74,8 @@ internal static class Obsoletions
 
         internal const string RijndaelMessage = "The Rijndael and RijndaelManaged types are obsolete. Use Aes instead.";
         internal const string RijndaelDiagId = "SYSLIB0022";
+
+        internal const string RNGCryptoServiceProviderMessage = "RNGCryptoServiceProvider is obsolete. To generate a random number, use one of the RandomNumberGenerator static methods instead.";
+        internal const string RNGCryptoServiceProviderDiagId = "SYSLIB0023";
     }
 }
diff --git a/src/libraries/Directory.Build.targets b/src/libraries/Directory.Build.targets
index 33fe06f303da7..1f2f725bf18b9 100644
--- a/src/libraries/Directory.Build.targets
+++ b/src/libraries/Directory.Build.targets
@@ -21,8 +21,9 @@
          SYSLIB0004: Constrained Execution Region (CER).
          SYSLIB0017: Strong name signing.
          SYSLIB0022: Rijndael types.
+         SYSLIB0023: RNGCryptoServiceProvider.
     -->
-    <NoWarn Condition="'$(IsPartialFacadeAssembly)' == 'true'">$(NoWarn);SYSLIB0003;SYSLIB0004;SYSLIB0015;SYSLIB0017;SYSLIB0022</NoWarn>
+    <NoWarn Condition="'$(IsPartialFacadeAssembly)' == 'true'">$(NoWarn);SYSLIB0003;SYSLIB0004;SYSLIB0015;SYSLIB0017;SYSLIB0022;SYSLIB0023</NoWarn>
     <!-- Reset these properties back to blank, since they are defaulted by Microsoft.NET.Sdk -->
     <WarningsAsErrors Condition="'$(WarningsAsErrors)' == 'NU1605'" />
     <!-- Set the documentation output file globally. -->
diff --git a/src/libraries/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.Windows.cs b/src/libraries/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.Windows.cs
index 08c45dee85cef..439454502655d 100644
--- a/src/libraries/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.Windows.cs
+++ b/src/libraries/System.IO.Pipes/tests/NamedPipeTests/NamedPipeTest.CurrentUserOnly.Windows.cs
@@ -22,14 +22,10 @@ public class TestAccountImpersonator : IDisposable
         public TestAccountImpersonator()
         {
             string testAccountPassword;
-            using (RandomNumberGenerator rng = new RNGCryptoServiceProvider())
-            {
-                var randomBytes = new byte[33];
-                rng.GetBytes(randomBytes);
+            byte[] randomBytes = RandomNumberGenerator.GetBytes(33);
 
-                // Add special chars to ensure it satisfies password requirements.
-                testAccountPassword = Convert.ToBase64String(randomBytes) + "_-As@!%*(1)4#2";
-            }
+            // Add special chars to ensure it satisfies password requirements.
+            testAccountPassword = Convert.ToBase64String(randomBytes) + "_-As@!%*(1)4#2";
 
             DateTime accountExpirationDate = DateTime.UtcNow + TimeSpan.FromMinutes(2);
             using (var principalCtx = new PrincipalContext(ContextType.Machine))
diff --git a/src/libraries/System.Security.Cryptography.Csp/ref/System.Security.Cryptography.Csp.cs b/src/libraries/System.Security.Cryptography.Csp/ref/System.Security.Cryptography.Csp.cs
index a992ffcf0392f..b6e8614320410 100644
--- a/src/libraries/System.Security.Cryptography.Csp/ref/System.Security.Cryptography.Csp.cs
+++ b/src/libraries/System.Security.Cryptography.Csp/ref/System.Security.Cryptography.Csp.cs
@@ -175,6 +175,7 @@ public RC2CryptoServiceProvider() { }
         public override void GenerateIV() { }
         public override void GenerateKey() { }
     }
+    [System.ObsoleteAttribute("RNGCryptoServiceProvider is obsolete. To generate a random number, use one of the RandomNumberGenerator static methods instead.", DiagnosticId = "SYSLIB0023", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
     [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
     public sealed partial class RNGCryptoServiceProvider : System.Security.Cryptography.RandomNumberGenerator
     {
diff --git a/src/libraries/System.Security.Cryptography.Csp/src/System.Security.Cryptography.Csp.csproj b/src/libraries/System.Security.Cryptography.Csp/src/System.Security.Cryptography.Csp.csproj
index da68c42443e03..2e8119ae25704 100644
--- a/src/libraries/System.Security.Cryptography.Csp/src/System.Security.Cryptography.Csp.csproj
+++ b/src/libraries/System.Security.Cryptography.Csp/src/System.Security.Cryptography.Csp.csproj
@@ -27,6 +27,8 @@
     <Compile Include="Internal\Cryptography\Helpers.cs" />
     <Compile Include="$(CommonPath)Internal\Cryptography\Helpers.cs"
              Link="Internal\Cryptography\Helpers.cs" />
+    <Compile Include="$(CommonPath)System\Obsoletions.cs"
+             Link="Common\System\Obsoletions.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\KeySizeHelpers.cs"
              Link="Common\System\Security\Cryptography\KeySizeHelpers.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\CryptoPool.cs"
diff --git a/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RNGCryptoServiceProvider.cs b/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RNGCryptoServiceProvider.cs
index 46766f1ecfd30..fee72fec9c7ea 100644
--- a/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RNGCryptoServiceProvider.cs
+++ b/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RNGCryptoServiceProvider.cs
@@ -5,6 +5,7 @@
 
 namespace System.Security.Cryptography
 {
+    [Obsolete(Obsoletions.RNGCryptoServiceProviderMessage, DiagnosticId = Obsoletions.RNGCryptoServiceProviderDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
     [EditorBrowsable(EditorBrowsableState.Never)]
     public sealed class RNGCryptoServiceProvider : RandomNumberGenerator
     {
diff --git a/src/libraries/System.Security.Cryptography.Csp/tests/RNGCryptoServiceProviderTests.cs b/src/libraries/System.Security.Cryptography.Csp/tests/RNGCryptoServiceProviderTests.cs
index 1262d3f47fe16..676d5fc2b6625 100644
--- a/src/libraries/System.Security.Cryptography.Csp/tests/RNGCryptoServiceProviderTests.cs
+++ b/src/libraries/System.Security.Cryptography.Csp/tests/RNGCryptoServiceProviderTests.cs
@@ -4,6 +4,8 @@
 using System.Linq;
 using Xunit;
 
+#pragma warning disable SYSLIB0023 // RNGCryptoServiceProvider is obsolete
+
 namespace System.Security.Cryptography.RNG.Tests
 {
     /// <summary>
@@ -120,3 +122,5 @@ public static void VerifyCtors()
         }
     }
 }
+
+#pragma warning restore SYSLIB0023
diff --git a/src/libraries/System.Security.Principal.Windows/tests/WindowsIdentityImpersonatedTests.netcoreapp.cs b/src/libraries/System.Security.Principal.Windows/tests/WindowsIdentityImpersonatedTests.netcoreapp.cs
index 02846c7bffab7..868afcc8c1a4f 100644
--- a/src/libraries/System.Security.Principal.Windows/tests/WindowsIdentityImpersonatedTests.netcoreapp.cs
+++ b/src/libraries/System.Security.Principal.Windows/tests/WindowsIdentityImpersonatedTests.netcoreapp.cs
@@ -128,7 +128,7 @@ public WindowsTestAccount(string userName)
     private void CreateUser()
     {
         string testAccountPassword;
-        using (RandomNumberGenerator rng = new RNGCryptoServiceProvider())
+        using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
         {
             byte[] randomBytes = new byte[33];
             rng.GetBytes(randomBytes);