SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 32

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 33

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Compliant Solution (Windows)

Wiki Markup
On Windows platforms, the [{{CryptGenRandom()}}|http://msdn2.microsoft.com/en-us/library/aa379942.aspx] function may be used to generate cryptographically strong random numbers.  It is important to note
, however, 
 that the exact details of the implementation are unknown, and it
is undetermined as to what source of entropy the 
 is unknown what source of entropy the {{CryptGenRandom()}} uses.  From the Microsoft Developer Network {{CryptGenRandom()}} reference \[MSDN 08\]:

Wiki Markup
If an application has access to a good random source, it can fill the {{pbBuffer}} buffer with some random data before calling {{CryptGenRandom()}}. The CSP \[cryptographic service provider\] then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing the {{pbBuffer}} buffer before calling {{CryptGenRandom()}}.

Code Block
bgColor#ccccff
#include<Wincrypt.h>

HCRYPTPROV hCryptProv;
union {
    BYTE bs[sizeof(long int)];
    long int li;
} rand_buf;

if(!CryptGenRandom(hCryptProv, sizeof(rand_buf), &rand_buf) {
    /* Handle error */
} else {
    printf("Random number: %ld\n", rand_buf.li);
}

...

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.2.1, "The rand function"
\[[MSDN 08|AA. C References#MSDN 08]\] "[CryptGenRandom Function|http://msdn.microsoft.com/en-us/library/aa379942.aspx]"

...

MSC13-A. Detect and remove unused values      14. Miscellaneous (MSC)       MSC31-C. Ensure that return values are compared against the proper type