...
Call srandom()
before invoking random()
to seed the random sequence generated by random()
. This compliant solution produces different random number sequences each time the program is runfunction is called, depending on the resolution of the system clock:
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
void func(void) {
struct timespec ts;
if (timespec_get(&ts, TIME_UTC) == 0) {
/* Handle error */
}
else {
srandom(ts.tv_nsec ^ ts.tv_sec);
for (unsigned int i = 0; i < 10; ++i) {
/* Generates different sequences at different runs */
printf("%ld, ", random());
}
}
}
|
...
This may not be sufficiently random for concurrent execution, where it which may lead to correlated generated series in different threads, or for small embedded systems that have an unsigned int
type with a width of 16 bits. (The POSIX standard specifies a minimum width of 32 bits for unsigned int
. However, prior to the 2001 edition, POSIX.1 allowed 16 bit unsigned int
). Depending . Depending on the application and the desired level of security, a programmer may choose alternative ways to seed PRNGs. In general, hardware is more capable than software of generating real random numbers (for example, by sampling the thermal noise of a diode).
Compliant Solution (Windows)
The CryptGenRandomThe BCryptGenRandom()
function function does not run the risk of not being properly seeded because its arguments serve as seeders:
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> #include <Windows.h> #include <Bcrypt.h> #include <wincrypt<Ntstatus.h> #include <stdio<Wincrypt.h> void func(void) { HCRYPTPROV hCryptProvBCRYPT_ALG_HANDLE hAlgorithm = NULL; long rand_buf; /*PUCHAR ExamplepbBuffer of instantiating the CSP */ if (CryptAcquireContext(&hCryptProv, NULL, NULL,= (PUCHAR) &rand_buf; ULONG cbBuffer PROV_RSA_FULL, 0)) {= sizeof(rand_buf); ULONG dwFlags printf("CryptAcquireContext succeeded.\n")= BCRYPT_USE_SYSTEM_PREFERRED_RNG; } else { printf("Error during CryptAcquireContext!\n"); } NTSTATUS status; for (unsigned int i = 0; i < 10; ++i) { status if= BCryptGenRandom(!CryptGenRandom(hCryptProvhAlgorithm, sizeof(rand_buf), pbBuffer, cbBuffer, dwFlags); if (status (BYTE *)&rand_buf))== STATUS_SUCCESS) { printf("Error\n"%ld, ", rand_buf); } else { printf("%ld, ", rand_buf);/* Handle Error */ } } } |
The output is as follows:
Code Block |
---|
1st run: -1597837311683378946, 9061306821957231690, -13080318861933176011, 1048837407-1745403355, -931041900883473417, -658114613882992405, -1709220953169629816, -10196972891824800038, 1802206541899851668, 406505841, 1702784647, 2nd run: 885904119-58750553, -6873795561921870721, -17822968541973269161, 14437019161512649964, -624291047673518452, 2049692692234003619, -9904515631622633366, 1312389688, -1423078042125631172, 1257079211, 897185104,2067680022, 3rd run: 190598304-189899579, -15374094641220698973, 1594174739752205360, -4244019161826365616, -197515347479310867, 8269129271430950090, 1705549595-283206168, -1515331215941773185, 474951399129633665, 1982500583,543448789, |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC32-C | Medium | Likely | Low | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | |||||||
Axivion Bauhaus Suite |
| CertC-MSC32 | |||||||
CodeSonar |
| HARDCODED.SEED | Hardcoded Seed in PRNG | ||||||
Cppcheck Premium |
| premium-cert-msc32-c | Fully implemented | ||||||
Helix QAC |
| C5031 C++5036 | |||||||
Klocwork |
| CERT.MSC.SEED_RANDOM | |||||||
PC-lint Plus |
| 2460, 2461, 2760 | Fully supported | ||||||
Polyspace Bug Finder |
| Checks for:
Rule fully covered. | |||||||
Parasoft C/C++test |
| CERT_C-MSC32-d | Properly seed pseudorandom number generators |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C Secure Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
Prior to 2018-01-12: CERT: Unspecified Relationship | |
CERT C | MSC51-CPP. Ensure your random number generator is properly seeded |
Prior to 2018-01-12: CERT: Unspecified Relationship | ||
CWE 2.11 | CWE-327, Use of a Broken or Risky Cryptographic Algorithm | 2017-05-16: CERT: Rule subset of CWE |
CWE 2.11 | CWE-330, Use of Insufficiently Random Values | 2017-06-28: CERT: Rule subset of CWE |
CWE 2.11 | CWE-331, Insufficient Entropy | 2017-06-28: CERT: Exact |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-327 and MSC32-C
- Intersection( MSC30-C, MSC32-C) = Ø
- MSC32-C says to properly seed pseudorandom number generators. For example, if you call rand(), make sure to seed it properly by calling srand() first. So far, we haven’t found any calls to rand().
...
- Failure to seed a PRNG causes it to produce reproducible (hence insecure) series of random numbers.
- CWE-327 = Union( MSC32-C, list) where list =
- Invocation of broken/risky crypto algorithms that are not properly seeded
CWE-330 and MSC32-C
Independent( MSC30-C, MSC32-C, CON33-C)
CWE-330 = Union( MSC30-C, MSC32-C, CON33-C, list) where list = other improper use or creation of random values. (EG the would qualify)
MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.
Bibliography
...