BCryptGenRandom function (bcrypt.h)

The BCryptGenRandom function generates a random number.


NTSTATUS BCryptGenRandom(
  [in, out] BCRYPT_ALG_HANDLE hAlgorithm,
  [in, out] PUCHAR            pbBuffer,
  [in]      ULONG             cbBuffer,
  [in]      ULONG             dwFlags


[in, out] hAlgorithm

The handle of an algorithm provider created by using the BCryptOpenAlgorithmProvider function. The algorithm that was specified when the provider was created must support the random number generator interface.

[in, out] pbBuffer

The address of a buffer that receives the random number. The size of this buffer is specified by the cbBuffer parameter.

[in] cbBuffer

The size, in bytes, of the pbBuffer buffer.

[in] dwFlags

A set of flags that modify the behavior of this function. This parameter can be zero or the following value.

Value Meaning
This function will use the number in the pbBuffer buffer as additional entropy for the random number. If this flag is not specified, this function will use a random number for the entropy.

Windows 8 and later:  This flag is ignored in Windows 8 and later.

Use the system-preferred random number generator algorithm. The hAlgorithm parameter must be NULL.

BCRYPT_USE_SYSTEM_PREFERRED_RNG is only supported at PASSIVE_LEVEL IRQL. For more information, see Remarks.

Windows Vista:  This flag is not supported without SP2.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code Description
The function was successful.
The handle in the hAlgorithm parameter is not valid.
One or more parameters are not valid.


The default random number provider implements an algorithm for generating random numbers that complies with the NIST SP800-90 standard, specifically the CTR_DRBG portion of that standard.

Windows Vista:  Prior to Windows Vista with Service Pack 1 (SP1) the default random number provider implements an algorithm for generating random numbers that complies with the FIPS 186-2 standard.

Depending on what processor modes a provider supports, BCryptGenRandom can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hAlgorithm parameter must have been opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptGenRandom function must refer to nonpaged (or locked) memory.Windows Vista:  The Microsoft provider does not support calling at DISPATCH_LEVEL.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server 2008 and Windows Vista:  To call this function in kernel mode, use Ksecdd.lib.


Minimum supported client Windows Vista [desktop apps | UWP apps]
Minimum supported server Windows Server 2008 [desktop apps | UWP apps]
Target Platform Windows
Header bcrypt.h
Library Bcrypt.lib
DLL Bcrypt.dll