Page History

...

Compliant Solution (Windows)

The CryptGenRandomThe BCryptGenRandom() function function does not run the risk of not being properly seeded because its arguments serve as seeders:

Code Block

bgColor	#ccccff
lang	c

#include <stdio.h>
#include <Windows.h>
#include <Bcrypt.h>
#include <wincrypt<Ntstatus.h>
#include <stdio<Wincrypt.h>
 
void func(void) {
  HCRYPTPROV hCryptProvBCRYPT_ALG_HANDLE hAlgorithm = NULL;
  long rand_buf;
  /*PUCHAR ExamplepbBuffer of instantiating the CSP */
  if (CryptAcquireContext(&hCryptProv, NULL, NULL,= (PUCHAR) &rand_buf;
  ULONG cbBuffer                       PROV_RSA_FULL, 0)) {= sizeof(rand_buf);
  ULONG dwFlags printf("CryptAcquireContext succeeded.\n")= BCRYPT_USE_SYSTEM_PREFERRED_RNG;
  } else {
    printf("Error during CryptAcquireContext!\n")NTSTATUS status;
  }

  for (unsigned int i = 0; i < 10; ++i) {
    ifstatus = BCryptGenRandom(!CryptGenRandom(hCryptProvhAlgorithm, sizeof(rand_buf),
  pbBuffer, cbBuffer, dwFlags);
    if (status                 (BYTE *)&rand_buf)== STATUS_SUCCESS) {
      printf("Error\n"%ld, ", rand_buf);
    } else {
       printf("%ld, ", rand_buf);/* Handle Error */
    }
  }
}

The output is as follows:

Code Block

1st run: -1597837311683378946, 9061306821957231690, -13080318861933176011, 1048837407-1745403355, -931041900883473417, -658114613882992405, -1709220953169629816, -10196972891824800038, 1802206541899851668,
         406505841,1702784647, 
2nd run: 885904119-58750553, -6873795561921870721, -17822968541973269161, 14437019161512649964, -624291047673518452, 2049692692234003619, -9904515631622633366, 1312389688, -1423078042125631172, 12570792112067680022,
         897185104,
3rd run: 190598304-189899579, -15374094641220698973, 1594174739752205360, -4244019161826365616, -197515347479310867, 8269129271430950090, 1705549595-283206168, -1515331215941773185, 474951399129633665,
         1982500583, 543448789,

Risk Assessment

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC32-C	Medium	Likely	Low	P18	L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported, but no explicit checker

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-MSC32

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

HARDCODED.SEED
MISC.CRYPTO.TIMESEED

Hardcoded Seed in PRNG
Predictable Seed in PRNG

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-msc32-c

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C5031

C++5036

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CERT.MSC.SEED_RANDOM

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

2460, 2461, 2760

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder

R2016a

_V
	Polyspace Bug Finder_V

CERT C: Rule MSC32-C

Checks for:

Deterministic random output from constant seed

,

Predictable random output from predictable seed

Seeding routine uses a constant seed making the output deterministic

Seeding routine uses a predictable seed making the output predictable

PRQA QA-C 9.15031

Rule fully covered.

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-MSC32-d

Properly seed pseudorandom number generators

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
CERT C Secure Coding Standard	MSC30-C. Do not use the rand() function for generating pseudorandom numbers

SEI

Prior to 2018-01-12: CERT: Unspecified Relationship

CERT C

++ Coding Standard

MSC51-CPP. Ensure your random number generator is properly seeded

MITRE CWE

Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11	CWE-327, Use of a Broken or Risky Cryptographic Algorithm	2017-05-16: CERT: Rule subset of CWE
CWE 2.11	CWE-330, Use of Insufficiently Random Values	2017-06-28: CERT: Rule subset of CWE
CWE 2.11	CWE-331, Insufficient Entropy	2017-06-28: CERT: Exact

CERT-CWE Mapping Notes

Key here for mapping notes

CWE

...

-327 and MSC32-C

Intersection( MSC30-C, MSC32-C) = Ø

MSC32-C says to properly seed pseudorandom number generators. For example, if you call rand(), make sure to seed it properly by calling srand() first. So far, we haven’t found any calls to rand().

Failure to seed a PRNG causes it to produce reproducible (hence insecure) series of random numbers.

CWE-327 = Union( MSC32-C, list) where list =

Invocation of broken/risky crypto algorithms that are not properly seeded

CWE-330 and MSC32-C

Independent( MSC30-C, MSC32-C, CON33-C)

CWE-330 = Union( MSC30-C, MSC32-C, CON33-C, list) where list = other improper use or creation of random values. (EG the would qualify)

MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.

Bibliography

[MSDN]

"

CryptGenRandom

BCryptGenRandom() Function"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 89

New Version Current

Key

Compliant Solution (Windows)

Risk Assessment

Automated Detection

Related Vulnerabilities

Related Guidelines

CERT-CWE Mapping Notes

CWE

-327 and MSC32-C

CWE-330 and MSC32-C

Bibliography