BCryptGenRandom function

12/05/2018
2 minutes to read

The BCryptGenRandom function generates a random number.

Syntax

NTSTATUS BCryptGenRandom(
  BCRYPT_ALG_HANDLE hAlgorithm,
  PUCHAR            pbBuffer,
  ULONG             cbBuffer,
  ULONG             dwFlags
);

Parameters

hAlgorithm

The handle of an algorithm provider created by using the BCryptOpenAlgorithmProvider function. The algorithm that was specified when the provider was created must support the random number generator interface.

pbBuffer

The address of a buffer that receives the random number. The size of this buffer is specified by the cbBuffer parameter.

cbBuffer

The size, in bytes, of the pbBuffer buffer.

dwFlags

A set of flags that modify the behavior of this function. This parameter can be zero or the following value.

Value	Meaning
BCRYPT_RNG_USE_ENTROPY_IN_BUFFER 0x00000001	This function will use the number in the pbBuffer buffer as additional entropy for the random number. If this flag is not specified, this function will use a random number for the entropy. Windows 8 and later: This flag is ignored in Windows 8 and later.
BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002	Use the system-preferred random number generator algorithm. The hAlgorithm parameter must be NULL. BCRYPT_USE_SYSTEM_PREFERRED_RNG is only supported at PASSIVE_LEVEL IRQL. For more information, see Remarks. Windows Vista: This flag is not supported.

Value

Meaning

BCRYPT_RNG_USE_ENTROPY_IN_BUFFER
0x00000001

This function will use the number in the pbBuffer buffer as additional entropy for the random number. If this flag is not specified, this function will use a random number for the entropy.

Windows 8 and later: This flag is ignored in Windows 8 and later.

BCRYPT_USE_SYSTEM_PREFERRED_RNG
0x00000002

Use the system-preferred random number generator algorithm. The hAlgorithm parameter must be NULL.

BCRYPT_USE_SYSTEM_PREFERRED_RNG is only supported at PASSIVE_LEVEL IRQL. For more information, see Remarks.

Windows Vista: This flag is not supported.

Return Value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code	Description
STATUS_SUCCESS	The function was successful.
STATUS_INVALID_HANDLE	The handle in the hAlgorithm parameter is not valid.
STATUS_INVALID_PARAMETER	One or more parameters are not valid.

Remarks

The default random number provider implements an algorithm for generating random numbers that complies with the NIST SP800-90 standard, specifically the CTR_DRBG portion of that standard.

Windows Vista: Prior to Windows Vista with Service Pack 1 (SP1) the default random number provider implements an algorithm for generating random numbers that complies with the FIPS 186-2 standard.

Depending on what processor modes a provider supports, BCryptGenRandom can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hAlgorithm parameter must have been opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptGenRandom function must refer to nonpaged (or locked) memory.Windows Vista: The Microsoft provider does not support calling at DISPATCH_LEVEL.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server 2008 and Windows Vista: To call this function in kernel mode, use Ksecdd.lib.

Requirements


Minimum supported client	Windows Vista [desktop apps \| UWP apps]
Minimum supported server	Windows Server 2008 [desktop apps \| UWP apps]
Target Platform	Windows
Header	bcrypt.h
Library	Bcrypt.lib
DLL	Bcrypt.dll