SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Elpiniki Tsakalaki

Saved on

compared with

New Version 28

changes.mady.by.user Elpiniki Tsakalaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
[{{CryptGenRandom()}}|http://msdn.microsoft.com/en-us/library/aa379942.aspx] does not run the risk of not being properly seeded. The reason for that is that its arguments serve as seeders. From the Microsoft Developer Network {{CryptGenRandom()}} reference \[[MSDN|https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-MSDN]\]:

The CryptGenRandom function fills a buffer with cryptographically random bytes.

Syntax

BOOL WINAPI CryptGenRandom(
__in HCRYPTPROV hProv,
__in DWORD dwLen,
__inout BYTE *pbBuffer
);

Parameters

Wiki Markup
hProv \[in\]
    Handle of acryptographic service provider(CSP) created by a call toCryptAcquireContext.
dwLen \[in\]
    Number of bytes of random data to be generated.
pbBuffer \[in, out\]
    Buffer to receive the returned data. This buffer must be at leastdwLenbytes in length.
    Optionally, the application can fill this buffer with data to use as an auxiliary random seed.
\\

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC18-C

  medium

likely

  low  

P18

 L1

Automated Detection

 TODOCompass/ROSE can detect violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...