Use static crypto rng

2 files changed, 9 insertions, 56 deletions

diff --git a/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs b/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
index 4a9b28085..673810c49 100644
--- a/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
+++ b/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
@@ -10,8 +10,12 @@ namespace Emby.Server.Implementations.Cryptography
     /// <summary>
     /// Class providing abstractions over cryptographic functions.
     /// </summary>
-    public class CryptographyProvider : ICryptoProvider, IDisposable
+    public class CryptographyProvider : ICryptoProvider
     {
+        // FIXME: When we get DotNet Standard 2.1 we need to revisit how we do the crypto
+        // Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
+        // there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
+        // Please note the default method of PBKDF2 is not included, it cannot be used to generate hashes cleanly as it is actually a pbkdf with sha1
         private static readonly HashSet<string> _supportedHashMethods = new HashSet<string>()
             {
                 "MD5",
@@ -30,22 +34,6 @@ namespace Emby.Server.Implementations.Cryptography
                 "System.Security.Cryptography.SHA512"
             };
 
-        private RandomNumberGenerator _randomNumberGenerator;
-
-        private bool _disposed;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="CryptographyProvider"/> class.
-        /// </summary>
-        public CryptographyProvider()
-        {
-            // FIXME: When we get DotNet Standard 2.1 we need to revisit how we do the crypto
-            // Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
-            // there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
-            // Please note the default method of PBKDF2 is not included, it cannot be used to generate hashes cleanly as it is actually a pbkdf with sha1
-            _randomNumberGenerator = RandomNumberGenerator.Create();
-        }
-
         /// <inheritdoc />
         public string DefaultHashMethod => "PBKDF2";
 
@@ -101,36 +89,6 @@ namespace Emby.Server.Implementations.Cryptography
 
         /// <inheritdoc />
         public byte[] GenerateSalt(int length)
-        {
-            byte[] salt = new byte[length];
-            _randomNumberGenerator.GetBytes(salt);
-            return salt;
-        }
-
-        /// <inheritdoc />
-        public void Dispose()
-        {
-            Dispose(true);
-            GC.SuppressFinalize(this);
-        }
-
-        /// <summary>
-        /// Releases unmanaged and - optionally - managed resources.
-        /// </summary>
-        /// <param name="disposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param>
-        protected virtual void Dispose(bool disposing)
-        {
-            if (_disposed)
-            {
-                return;
-            }
-
-            if (disposing)
-            {
-                _randomNumberGenerator.Dispose();
-            }
-
-            _disposed = true;
-        }
+            => RandomNumberGenerator.GetBytes(length);
     }
 }
diff --git a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
index 25ef01dce..5e84255f9 100644
--- a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
@@ -93,13 +93,9 @@ namespace Jellyfin.Server.Implementations.Users
         /// <inheritdoc />
         public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
         {
-            string pin;
-            using (var cryptoRandom = RandomNumberGenerator.Create())
-            {
-                byte[] bytes = new byte[4];
-                cryptoRandom.GetBytes(bytes);
-                pin = BitConverter.ToString(bytes);
-            }
+            byte[] bytes = new byte[4];
+            RandomNumberGenerator.Fill(bytes);
+            string pin = BitConverter.ToString(bytes);
 
             DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
             string filePath = _passwordResetFileBase + user.Id + ".json";
@@ -114,7 +110,6 @@ namespace Jellyfin.Server.Implementations.Users
             await using (FileStream fileStream = AsyncFile.OpenWrite(filePath))
             {
                 await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
-                await fileStream.FlushAsync().ConfigureAwait(false);
             }
 
             user.EasyPassword = pin;