...
Compliant Solution (Windows)
The CryptGenRandomThe BcryptGenRandom() function function does not run the risk of not being properly seeded because its arguments serve as seeders:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h> #include <Windows.h> #include <wincrypt<Bcrypt.h> #include <Ntstatus.h> #include <stdio<Wincrypt.h> void func(void) { HCRYPTPROV hCryptProvBCRYPT_ALG_HANDLE hAlgorithm = NULL; long rand_buf; /*PUCHAR ExamplepbBuffer of instantiating the CSP */ if (CryptAcquireContext(&hCryptProv, NULL, NULL,= (PUCHAR) &rand_buf; ULONG cbBuffer PROV_RSA_FULL, 0)) {= sizeof(rand_buf); ULONG dwFlags printf("CryptAcquireContext succeeded.\n")= BCRYPT_USE_SYSTEM_PREFERRED_RNG; } else { printf("Error during CryptAcquireContext!\n")NTSTATUS status; } for (unsigned int i = 0; i < 10; ++i) { ifstatus = BCryptGenRandom(!CryptGenRandom(hCryptProvhAlgorithm, sizeof(rand_buf), pbBuffer, cbBuffer, dwFlags); if (status (BYTE *)&rand_buf))== STATUS_SUCCESS) { printf("Error\n"%ld, ", rand_buf); } else { printf("%ld, ", rand_buf); /* Handle Error */ } } } |
The output is as follows:
| Code Block |
|---|
1st run: -1597837311683378946, 9061306821957231690, -13080318861933176011, 1048837407-1745403355, -931041900883473417, -658114613882992405, -1709220953169629816, -10196972891824800038, 1802206541899851668, 406505841, 1702784647, 2nd run: 885904119-58750553, -6873795561921870721, -17822968541973269161, 14437019161512649964, -624291047673518452, 2049692692234003619, -9904515631622633366, 1312389688, -1423078042125631172, 12570792112067680022, 897185104, 3rd run: 190598304-189899579, -15374094641220698973, 1594174739752205360, -4244019161826365616, -197515347479310867, 8269129271430950090, 1705549595-283206168, -1515331215941773185, 474951399129633665, 1982500583, 543448789, |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC32-C | Medium | Likely | Low | P18 | L1 |
...