...
Compliant Solution (Windows)
The BcryptGenRandomBCryptGenRandom() function does not run the risk of not being properly seeded because its arguments serve as seeders:
...
Tool | Version | Checker | Description | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | ||||||||||||||
| Axivion Bauhaus Suite |
| CertC-MSC32 | ||||||||||||||
| CodeSonar |
| HARDCODED.SEED | Hardcoded Seed in PRNG | |||||||||||||
| Cppcheck Premium |
| premium-cert-msc32-c | Fully implemented | |||||||||||||
| Helix QAC |
| C5031 C++5036 | ||||||||||||||
| Klocwork |
| CERT.MSC.SEED_RANDOM | ||||||||||||||
| PC-lint Plus |
| 2460, 2461, 2760 | Fully supported | |||||||||||||
| Polyspace Bug Finder |
| Checks for:
| Rule fully covered. | |||||||||||||
| Parasoft C/C++test |
| CERT_C-MSC32-aCERT_C-MSC32-d | Avoid functions which use random numbers from standard C libraryProperly seed pseudorandom number generators | PRQA QA-C | 9.1 | 5031 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.
Bibliography
| [MSDN] | " CryptGenRandom |
...