Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Compliant Solution (Windows)

The CryptGenRandomThe BCryptGenRandom() function  function does not run the risk of not being properly seeded because its arguments serve as seeders:

Code Block
bgColor#ccccff
langc
#include <stdio.h>
#include <Windows.h>
#include <Bcrypt.h>
#include <wincrypt<Ntstatus.h>
#include <stdio<Wincrypt.h>
 
void func(void) {
  HCRYPTPROV hCryptProvBCRYPT_ALG_HANDLE hAlgorithm = NULL;
  long rand_buf;
  /*PUCHAR ExamplepbBuffer of instantiating the CSP */
  if (CryptAcquireContext(&hCryptProv, NULL, NULL,= (PUCHAR) &rand_buf;
  ULONG cbBuffer                       PROV_RSA_FULL, 0)) {= sizeof(rand_buf);
  ULONG dwFlags printf("CryptAcquireContext succeeded.\n")= BCRYPT_USE_SYSTEM_PREFERRED_RNG;
  } else {
    printf("Error during CryptAcquireContext!\n")NTSTATUS status;
  }

  for (unsigned int i = 0; i < 10; ++i) {
    ifstatus = BCryptGenRandom(!CryptGenRandom(hCryptProvhAlgorithm, sizeof(rand_buf),
  pbBuffer, cbBuffer, dwFlags);
    if (status                 (BYTE *)&rand_buf)== STATUS_SUCCESS) {
      printf("Error\n"%ld, ", rand_buf);
    } else {
       printf("%ld, ", rand_buf);/* Handle Error */
    }
  }
}

The output is as follows:

Code Block
1st run: -1597837311683378946, 9061306821957231690, -13080318861933176011, 1048837407-1745403355, -931041900883473417, -658114613882992405, -1709220953169629816, -10196972891824800038, 1802206541899851668,
         406505841,1702784647, 
2nd run: 885904119-58750553, -6873795561921870721, -17822968541973269161, 14437019161512649964, -624291047673518452, 2049692692234003619, -9904515631622633366, 1312389688, -1423078042125631172, 12570792112067680022,
         897185104,
3rd run: 190598304-189899579, -15374094641220698973, 1594174739752205360, -4244019161826365616, -197515347479310867, 8269129271430950090, 1705549595-283206168, -1515331215941773185, 474951399129633665,
         1982500583, 543448789, 

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC32-C

Medium

Likely

Low

P18

L1

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MSC32
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

HARDCODED.SEED
MISC.CRYPTO.TIMESEED

Hardcoded Seed in PRNG
Predictable Seed in PRNG

Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-msc32-cFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5031

C++5036


Klocwork
Include Page
Klocwork_V
Klocwork_V

CERT.MSC.SEED_RANDOM


PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

2460, 2461, 2760

Fully supported

Polyspace Bug Finder
R2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MSC32-C


Checks for:

  • Deterministic random output from constant seed
,
  • Predictable random output from predictable seed

Seeding routine uses a constant seed making the output deterministic

Seeding routine uses a predictable seed making the output predictable

 PRQA QA-C 9.15031  

Rule fully covered.

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC32-d

Properly seed pseudorandom number generators

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardMSC30-C. Do not use the rand() function for generating pseudorandom numbers
SEI
Prior to 2018-01-12: CERT: Unspecified Relationship
CERT C
++ Coding Standard
MSC51-CPP. Ensure your random number generator is properly seeded
MITRE CWE
Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-327, Use of a Broken or Risky Cryptographic Algorithm2017-05-16: CERT: Rule subset of CWE
CWE 2.11CWE-330, Use of Insufficiently Random Values2017-06-28: CERT: Rule subset of CWE
CWE 2.11CWE-331, Insufficient Entropy2017-06-28: CERT: Exact

CERT-CWE Mapping Notes

Key here for mapping notes

CWE

...

-327 and MSC32-C


  • Intersection( MSC30-C, MSC32-C) = Ø



  • MSC32-C says to properly seed pseudorandom number generators. For example, if you call rand(), make sure to seed it properly by calling srand() first. So far, we haven’t found any calls to rand().



  • Failure to seed a PRNG causes it to produce reproducible (hence insecure) series of random numbers.



  • CWE-327 = Union( MSC32-C, list) where list =



  • Invocation of broken/risky crypto algorithms that are not properly seeded




CWE-330 and MSC32-C

Independent( MSC30-C, MSC32-C, CON33-C)

CWE-330 = Union( MSC30-C, MSC32-C, CON33-C, list) where list = other improper use or creation of random values. (EG the would qualify)

MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.

Bibliography

 


...

Image Modified Image Modified Image Modified