...
On Windows platforms, the BcryptGenRandomBCryptGenRandom()
function can be used to generate cryptographically strong random numbers. The Microsoft Developer Network BCryptGenRandom()
reference [MSDN] states:
...
Tool | Version | Checker | Description | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checkerstdlib-use-rand | Fully checked | |||||||||||
Axivion Bauhaus Suite |
| CertC-MSC30 | ||||||||||||
Clang |
| cert-msc30-c | Checked by clang-tidy | |||||||||||
CodeSonar |
| BADFUNC.RANDOM.RAND | Use of rand | |||||||||||
Compass/ROSE | ||||||||||||||
Coverity |
| DONTCALL | Implemented - weak support | |||||||||||
Cppcheck Premium |
| premium-cert-msc30-c | Fully implemented | |||||||||||
| CC2.MSC30 | Fully implemented | ||||||||||||
Helix QAC |
| C5022 C++5029 | ||||||||||||
Klocwork |
| CERT.MSC.STD_RAND_CALL | ||||||||||||
LDRA tool suite |
| 44 S | Enhanced enforcement | |||||||||||
Parasoft C/C++test |
| CERT_C-MSC30-a | Do not use the rand() function for generating pseudorandom numbers | |||||||||||
PC-lint Plus |
| 586 | Fully supported | |||||||||||
Polyspace Bug Finder |
| Vulnerable pseudo-random number generator | Using a cryptographically weakCERT C: Rule MSC30-C | Checks for vulnerable pseudo-random number generator | PRQA QA-C(rule fully covered) | |||||||||
RuleChecker |
| PRQA QA-C_v |
| stdlib-use-rand | Fully checked | PRQA QA-C_v | 5022 | Fully implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...