...
On Windows platforms, the BcryptGenRandomBCryptGenRandom() function can be used to generate cryptographically strong random numbers. The Microsoft Developer Network BCryptGenRandom() reference [MSDN] states:
The default random number provider implements an algorithm for generating random numbers that complies with the NIST SP800-90 standard, specifically the CTR_DRBG portion of that standard.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <Windows.h>
#include <bcrypt.h>
#include <stdio.h>
#pragma comment(lib, "Bcrypt")
|
...
void func(void) { BCRYPT_ALG_HANDLE Prov; int Buffer; if (!BCRYPT_SUCCESS( BCryptOpenAlgorithmProvider(&Prov, BCRYPT_RNG_ALGORITHM, NULL, 0))) { /* handle error */ } if (!BCRYPT_SUCCESS(BCryptGenRandom(Prov, (PUCHAR) (&Buffer), sizeof(Buffer), 0))) { /* handle error */ } printf("Random number: %d\n", Buffer); BCryptCloseAlgorithmProvider(Prov, 0); } |
Risk Assessment
The use of the rand() function can result in predictable random numbers.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
MSC30-C | Medium | Unlikely | Yes | NoLow | P6P4 | L2L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| _V
| stdlib-use-rand | Fully checked | |||||||||||
| Axivion Bauhaus Suite |
| CertC-MSC30 | Supported, but no explicit checker|||||||||||||
| Clang |
| cert-msc30-c | Checked by clang-tidy | ||||||||||||
| CodeSonar |
| BADFUNC.RANDOM.RAND | Use of rand | ||||||||||||
| Compass/ROSE | |||||||||||||||
| Coverity |
| DONTCALL | Implemented - weak support | ||||||||||||
| Cppcheck Premium |
| premium-cert-msc30-c | |||||||||||||
| CC2.MSC30 | Fully implemented | |||||||||||||
| Helix QAC |
| C5022 C++5029 | |||||||||||||
| Klocwork |
| CERT.MSC.STD_RAND_CALL | |||||||||||||
| LDRA tool suite |
| 44 S | Enhanced enforcement | ||||||||||||
| Parasoft C/C++test |
| CERT_C-MSC30-a | Do not use the rand() function for generating pseudorandom numbers | ||||||||||||
| PC-lint Plus |
| 586 | Fully supported | ||||||||||||
| Polyspace Bug Finder |
| Vulnerable CERT C: Rule MSC30-C | Checks for vulnerable pseudo-random number generator | Using a cryptographically weak pseudo-random number generator | PRQA QA-C | ||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | (rule fully covered) | ||||||||||||
| RuleChecker |
| stdlib-use-rand | Fully checked | ||||||||||||
| Security Reviewer - Static Reviewer |
| RTOS_07 | 5022Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here for mapping notes
CWE-327 and MSC30-C
- CWE-327 forbids “broken or risky cryptographic algorithms” but does not specify what constitutes such an algo.
- Per CERT judgement, rand() qualifies, so:
- CWE-327 = Union( MSC30-C, list) where list =
- Invocation of broken/risky crypto algorithms besides rand()
CWE-338 and MSC30-C
CWE-338 = Union( MSC30-C, list) where list =
- Use of a weak PRNG besides standard C rand().
CWE-330 and MSC30-C
Independent( MSC30-C, MSC32-C, CON33-C)
...
MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.
CWE-676 and MSC30-C
- Independent( ENV33-C, CON33-C, STR31-C, EXP33-C, MSC30-C, ERR34-C)
- MSC30-C implies that rand() is dangerous.
- CWE-676 = Union( MSC30-C, list) where list =
- Invocation of other dangerous functions, besides rand().
Bibliography
...