Page History

...

Compliant Solution (Windows)

The BcryptGenRandomBCryptGenRandom() function does not run the risk of not being properly seeded because its arguments serve as seeders:

...

Seeding routine uses a predictable seed making the output predictable

Seeding routine uses a constant seed making the output deterministic

CERT_C-MSC32-a
CERT_C-MSC32-b
CERT_C-MSC32-cAvoid functions which use random numbers from standard C library
Do not use the rand() function for generating pseudorandom numbers
Standard random number generators should not be used to generate randomness for security reasons
5031

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported, but no explicit checker

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-MSC32

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

HARDCODED.SEED
MISC.CRYPTO.TIMESEED

Hardcoded Seed in PRNG
Predictable Seed in PRNG

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-msc32-c

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C5031

C++5036

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CERT.MSC.SEED_RANDOM

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

2460, 2461, 2760

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule MSC32-C

Checks for:

Deterministic random output from constant seed
Predictable random output from predictable seed

Rule fully covered.

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-MSC32-d

Properly seed pseudorandom number generators

PRQA QA-C

9.1

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Space shortcuts

Page tree

Versions Compared

Old Version 98

New Version Current

Key

Compliant Solution (Windows)

Related Vulnerabilities