// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
+using System.Security.Cryptography;
using System.Runtime.InteropServices;
internal static partial class Interop
Sys.GetNonCryptographicallySecureRandomBytes(buffer, length);
}
- internal static unsafe int GetCryptographicallySecureRandomBytes(byte* buffer, int length)
+ internal static unsafe void GetCryptographicallySecureRandomBytes(byte* buffer, int length)
{
- return Sys.GetCryptographicallySecureRandomBytes(buffer, length);
+ if (Sys.GetCryptographicallySecureRandomBytes(buffer, length) != 0)
+ throw new CryptographicException();
}
}
public static unsafe Guid NewGuid()
{
Guid g;
- Interop.GetRandomBytes((byte*)&g, sizeof(Guid));
+
+ // Guid.NewGuid is often used as a cheap source of random data that are sometimes used for security purposes.
+ // Windows implementation uses secure RNG to implement it. We use secure RNG for Unix too to avoid subtle security
+ // vulnerabilities in applications that depend on it. See https://github.com/dotnet/runtime/issues/42752 for details.
+ Interop.GetCryptographicallySecureRandomBytes((byte*)&g, sizeof(Guid));
const ushort VersionMask = 0xF000;
const ushort RandomGuidVersion = 0x4000;
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
-using System.IO;
using System.Diagnostics;
namespace System.Security.Cryptography
{
Debug.Assert(count > 0);
- int res = Interop.GetCryptographicallySecureRandomBytes(pbBuffer, count);
- if (res != 0)
- throw new CryptographicException();
+ Interop.GetCryptographicallySecureRandomBytes(pbBuffer, count);
}
}
}