rand: use BCryptGenRandom() in UWP builds

Also: - fix build configuration to correctly set Win10 target in the mingw-w64 CI build, to enable the `BCryptGenRandom()` prototype in v6+ SDK headers. Ref: https://learn.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom Issue raised by Codex Security Closes #20983
2026-04-14 18:31:42 +03:00 · 2026-03-18 14:13:07 +01:00 · 2026-03-18 14:13:07 +01:00 · d986b89c88
commit d986b89c88
parent 41aaac61e2
2 changed files with 8 additions and 15 deletions
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -309,7 +309,7 @@ jobs:
          TFLAGS: '${{ matrix.tflags }}'
        run: |
          if [ "${MATRIX_TEST}" = 'uwp' ]; then
-            CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP'
+            CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP -D_WIN32_WINNT=0x0a00'
            if [[ "${MATRIX_ENV}" != 'clang'* ]]; then
              specs="$(realpath gcc-specs-uwp)"
              gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}"
@ -325,7 +325,7 @@ jobs:
                options='-DCMAKE_C_COMPILER=gcc'
              fi
              [ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON'
-              [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0'
+              [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore'
              [ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON'
              [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF'
              cmake -B "bld${_chkprefill}" -G Ninja ${options} \
--- a/lib/rand.c
+++ b/lib/rand.c
@ -34,30 +34,23 @@
 #include "escape.h"

 #ifdef _WIN32
-
-#ifndef CURL_WINDOWS_UWP
-#  include <bcrypt.h>
-#  ifdef _MSC_VER
+#include <bcrypt.h>
+#ifdef _MSC_VER
 #  pragma comment(lib, "bcrypt.lib")
-#  endif
-#  ifndef STATUS_SUCCESS
-#  define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-#  endif
+#endif
+#ifndef STATUS_SUCCESS
+#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
 #endif

 CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
 {
  memset(entropy, 0, length);

-#ifndef CURL_WINDOWS_UWP
  if(BCryptGenRandom(NULL, entropy, (ULONG)length,
                     BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS)
    return CURLE_FAILED_INIT;

  return CURLE_OK;
-#else
-  return CURLE_NOT_BUILT_IN;
-#endif
 }
 #endif