SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 78

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 79

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

On Windows platforms, the CryptGenRandom() function can be used to generate cryptographically strong random numbers. Note that the exact details of the implementation are unknown, including, for example, what source of entropy CryptGenRandom() uses. From the Microsoft Developer Network CryptGenRandom() reference [MSDN]:

If an application has access to a good random source, it can fill the pbBuffer buffer with some random data before calling CryptGenRandom(). The CSP [cryptographic service provider] then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing the pbBuffer buffer before calling CryptGenRandom().

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V

 

 

Fortify SCA

V. 5.0

 

 

Compass/ROSE

 

 

 

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

stlibuse

Fully implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V
 Warncall -wc randFully implemented

Related Vulnerabilities

...

MITRE CWE: CWE-330, "Use of insufficiently random values"

Sources

[MSDN] "CryptGenRandom Function"

...