...
Compliant Solution (Windows)
The CryptGenRandomThe BCryptGenRandom()
function function does not run the risk of not being properly seeded because its arguments serve as seeders:
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> #include <Windows.h> #include <Bcrypt.h> #include <wincrypt<Ntstatus.h> #include <stdio<Wincrypt.h> void func(void) { HCRYPTPROV hCryptProvBCRYPT_ALG_HANDLE hAlgorithm = NULL; long rand_buf; /*PUCHAR ExamplepbBuffer of instantiating the CSP */ if (CryptAcquireContext(&hCryptProv, NULL, NULL,= (PUCHAR) &rand_buf; ULONG cbBuffer PROV_RSA_FULL, 0)) {= sizeof(rand_buf); ULONG dwFlags printf("CryptAcquireContext succeeded.\n")= BCRYPT_USE_SYSTEM_PREFERRED_RNG; } else { printf("Error during CryptAcquireContext!\n")NTSTATUS status; } for (unsigned int i = 0; i < 10; ++i) { ifstatus = BCryptGenRandom(!CryptGenRandom(hCryptProvhAlgorithm, sizeof(rand_buf), pbBuffer, cbBuffer, dwFlags); if (status (BYTE *)&rand_buf)== STATUS_SUCCESS) { printf("Error\n"%ld, ", rand_buf); } else { printf("%ld, ", rand_buf);/* Handle Error */ } } } |
The output is as follows:
Code Block |
---|
1st run: -1597837311683378946, 9061306821957231690, -13080318861933176011, 1048837407-1745403355, -931041900883473417, -658114613882992405, -1709220953169629816, -10196972891824800038, 1802206541899851668, 406505841,1702784647, 2nd run: 885904119-58750553, -6873795561921870721, -17822968541973269161, 14437019161512649964, -624291047673518452, 2049692692234003619, -9904515631622633366, 1312389688, -1423078042125631172, 12570792112067680022, 897185104, 3rd run: 190598304-189899579, -15374094641220698973, 1594174739752205360, -4244019161826365616, -197515347479310867, 8269129271430950090, 1705549595-283206168, -1515331215941773185, 474951399129633665, 1982500583, 543448789, |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC32-C | Medium | Likely | Low | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | |||||||
Axivion Bauhaus Suite |
| CertC-MSC32 | |||||||
CodeSonar |
| HARDCODED.SEED | Hardcoded Seed in PRNG | ||||||
Cppcheck Premium |
| premium-cert-msc32-c | Fully implemented | ||||||
Helix QAC |
| C5031 C++5036 | |||||||
Klocwork |
| CERT.MSC.SEED_RANDOM | |||||||
PC-lint Plus |
| 2460, 2461, 2760 | Fully supported | ||||||
Polyspace Bug Finder |
| Checks for:
|
|
Seeding routine uses a constant seed making the output deterministic
Seeding routine uses a predictable seed making the output predictable
Rule fully covered. | |||||||||
Parasoft C/C++test |
| CERT_C-MSC32-d | Properly seed pseudorandom number generators |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C Secure Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT C |
MSC51-CPP. Ensure your random number generator is properly seeded |
Prior to 2018-01-12: CERT: Unspecified Relationship | ||
CWE 2.11 | CWE-327, Use of a Broken or Risky Cryptographic Algorithm | 2017-05-16: CERT: Rule subset of CWE |
CWE 2.11 | CWE-330, Use of Insufficiently Random Values | 2017-06-28: CERT: Rule subset of CWE |
CWE 2.11 | CWE-331, Insufficient Entropy | 2017-06-28: CERT: Exact |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE
...
-327 and MSC32-C
- Intersection( MSC30-C, MSC32-C) = Ø
- MSC32-C says to properly seed pseudorandom number generators. For example, if you call rand(), make sure to seed it properly by calling srand() first. So far, we haven’t found any calls to rand().
- Failure to seed a PRNG causes it to produce reproducible (hence insecure) series of random numbers.
- CWE-327 = Union( MSC32-C, list) where list =
- Invocation of broken/risky crypto algorithms that are not properly seeded
CWE-330 and MSC32-C
Independent( MSC30-C, MSC32-C, CON33-C)
CWE-330 = Union( MSC30-C, MSC32-C, CON33-C, list) where list = other improper use or creation of random values. (EG the would qualify)
MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.
Bibliography
...