From d986b89c88f35d909ac39c52ae7718ea2b8f50c5 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Wed, 18 Mar 2026 14:13:07 +0100
Subject: [PATCH] rand: use `BCryptGenRandom()` in UWP builds

Also:
- fix build configuration to correctly set Win10 target in the mingw-w64
  CI build, to enable the `BCryptGenRandom()` prototype in v6+ SDK
  headers.

Ref: https://learn.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom

Issue raised by Codex Security

Closes #20983
---
 .github/workflows/windows.yml |  4 ++--
 lib/rand.c                    | 19 ++++++-------------
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index fd7ca881a9..c2c56c0abf 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -309,7 +309,7 @@ jobs:
           TFLAGS: '${{ matrix.tflags }}'
         run: |
           if [ "${MATRIX_TEST}" = 'uwp' ]; then
-            CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP'
+            CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP -D_WIN32_WINNT=0x0a00'
             if [[ "${MATRIX_ENV}" != 'clang'* ]]; then
               specs="$(realpath gcc-specs-uwp)"
               gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}"
@@ -325,7 +325,7 @@ jobs:
                 options='-DCMAKE_C_COMPILER=gcc'
               fi
               [ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON'
-              [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0'
+              [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore'
               [ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON'
               [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF'
               cmake -B "bld${_chkprefill}" -G Ninja ${options} \
diff --git a/lib/rand.c b/lib/rand.c
index 4232e819e1..8defe9bd11 100644
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -34,30 +34,23 @@
 #include "escape.h"
 
 #ifdef _WIN32
-
-#ifndef CURL_WINDOWS_UWP
-#  include <bcrypt.h>
-#  ifdef _MSC_VER
-#    pragma comment(lib, "bcrypt.lib")
-#  endif
-#  ifndef STATUS_SUCCESS
-#  define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-#  endif
+#include <bcrypt.h>
+#ifdef _MSC_VER
+#  pragma comment(lib, "bcrypt.lib")
+#endif
+#ifndef STATUS_SUCCESS
+#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
 #endif
 
 CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
 {
   memset(entropy, 0, length);
 
-#ifndef CURL_WINDOWS_UWP
   if(BCryptGenRandom(NULL, entropy, (ULONG)length,
                      BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS)
     return CURLE_FAILED_INIT;
 
   return CURLE_OK;
-#else
-  return CURLE_NOT_BUILT_IN;
-#endif
 }
 #endif