[vlc-commits] [Git][videolan/vlc][master] 2 commits: contrib: mingw64: allow RtlSecureZeroMemory in UWP builds

Steve Lhomme (@robUx4) gitlab at videolan.org
Thu Aug 10 12:02:17 UTC 2023 


Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
81bf1169 by Steve Lhomme at 2023-08-10T11:07:21+00:00
contrib: mingw64: allow RtlSecureZeroMemory in UWP builds

- - - - -
e8af0221 by Steve Lhomme at 2023-08-10T11:07:21+00:00
contrib: gnutls: allow SecureZeroMemory

This is possible now that RtlSecureZeroMemory is allowed.

Partial revert of a4841494fd974ec2c6208bc77f0f0c90dc5aebaf.

- - - - -


5 changed files:

- − contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
- contrib/src/gnutls/rules.mak
- + contrib/src/mingw64/0018-headers-allow-RtlSecureZeroMemory-in-all-targets.patch
- + contrib/src/mingw64/0019-headers-use-inline-version-of-RtlSecureZeroMemory-fo.patch
- contrib/src/mingw64/rules.mak


Changes:

=====================================
contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch deleted
=====================================
@@ -1,43 +0,0 @@
-From 3c950e27a8d20603f100bf21d402f74355a495c1 Mon Sep 17 00:00:00 2001
-From: Steve Lhomme <robux4 at ycbcr.xyz>
-Date: Mon, 8 Jun 2020 16:07:59 +0200
-Subject: [PATCH] explicit_bzero: Do not call SecureZeroMemory on UWP builds
-
-The call is forbidden:
-https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
-
-It's considered a legacy API and is implemented as an always inline function.
-
-There is no good replacement API that is available in UWP.
-
-Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
----
- gnutls/gl/explicit_bzero.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git gnutls/gl/explicit_bzero.c gnutls/gl/explicit_bzero.c
-index b1df418e5..3b8cc4ea4 100644
---- gnutls/gl/explicit_bzero.c
-+++ gnutls/gl/explicit_bzero.c
-@@ -35,6 +35,9 @@
- #if defined _WIN32 && !defined __CYGWIN__
- # define  WIN32_LEAN_AND_MEAN
- # include <windows.h>
-+# if !defined WINAPI_FAMILY || WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
-+#  define USE_SECURE_ZERO_MEMORY
-+# endif
- #endif
- 
- #if _LIBC
-@@ -48,7 +51,7 @@
- void
- explicit_bzero (void *s, size_t len)
- {
--#if defined _WIN32 && !defined __CYGWIN__
-+#if defined USE_SECURE_ZERO_MEMORY
-   (void) SecureZeroMemory (s, len);
- #elif HAVE_EXPLICIT_MEMSET
-   explicit_memset (s, '\0', len);
--- 
-2.26.0.windows.1
-


=====================================
contrib/src/gnutls/rules.mak
=====================================
@@ -35,9 +35,6 @@ gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls
 	# backport gnulib patch
 	$(APPLY) $(SRC)/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
 
-	# forbidden RtlSecureZeroMemory call in winstore builds
-	$(APPLY) $(SRC)/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
-
 	# disable the dllimport in static linking (pkg-config --static doesn't handle Cflags.private)
 	sed -i.orig -e s/"_SYM_EXPORT __declspec(dllimport)"/"_SYM_EXPORT"/g $(UNPACK_DIR)/lib/includes/gnutls/gnutls.h.in
 
@@ -78,7 +75,7 @@ GNUTLS_CONF := \
 
 DEPS_gnutls = nettle $(DEPS_nettle)
 ifdef HAVE_WINSTORE
-# gnulib uses GetFileInformationByHandle
+# gnulib uses GetFileInformationByHandle / SecureZeroMemory
 DEPS_gnutls += alloweduwp $(DEPS_alloweduwp)
 endif
 


=====================================
contrib/src/mingw64/0018-headers-allow-RtlSecureZeroMemory-in-all-targets.patch
=====================================
@@ -0,0 +1,67 @@
+From 600b99cc479aa3086ab51c52e333671bab89bbb7 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 9 Aug 2023 08:35:59 +0200
+Subject: [PATCH 18/19] headers: allow RtlSecureZeroMemory in all targets
+
+It's usually an inline function doing native CPU calls. It's also unrestricted
+in the Windows SDK since Windows 8, as well as SecureZeroMemory.
+---
+ mingw-w64-headers/include/winnt.h | 35 ++++++++++++++++---------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h
+index 257efdc1b..a49dd6ab8 100644
+--- a/mingw-w64-headers/include/winnt.h
++++ b/mingw-w64-headers/include/winnt.h
+@@ -8928,6 +8928,24 @@ typedef DWORD (WINAPI *PRTL_RUN_ONCE_INIT_FN)(PRTL_RUN_ONCE, PVOID, PVOID *);
+ #define HEAP_MAXIMUM_TAG 0x0FFF
+ #define HEAP_PSEUDO_TAG_FLAG 0x8000
+ #define HEAP_TAG_SHIFT 18
++
++    PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt);
++
++#if !defined (__CRT__NO_INLINE) && !defined (__WIDL__)
++    __CRT_INLINE PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt) {
++      volatile char *vptr =(volatile char *)ptr;
++#ifdef __x86_64
++      __stosb((PBYTE)((DWORD64)vptr),0,cnt);
++#else
++      while(cnt) {
++	*vptr++ = 0;
++	cnt--;
++      }
++#endif /* __x86_64 */
++      return ptr;
++    }
++#endif /* !__CRT__NO_INLINE // !__WIDL__ */
++
+ /* Let this macro fail for non-desktop mode.  AFAIU this should be better an inline-function ... */
+ #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+ #define HEAP_MAKE_TAG_FLAGS(b,o) ((DWORD)((b) + ((o) << 18)))
+@@ -8983,23 +9001,6 @@ typedef DWORD (WINAPI *PRTL_RUN_ONCE_INIT_FN)(PRTL_RUN_ONCE, PVOID, PVOID *);
+ #define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
+ #define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
+ 
+-    PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt);
+-
+-#if !defined (__CRT__NO_INLINE) && !defined (__WIDL__)
+-    __CRT_INLINE PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt) {
+-      volatile char *vptr =(volatile char *)ptr;
+-#ifdef __x86_64
+-      __stosb((PBYTE)((DWORD64)vptr),0,cnt);
+-#else
+-      while(cnt) {
+-	*vptr++ = 0;
+-	cnt--;
+-      }
+-#endif /* __x86_64 */
+-      return ptr;
+-    }
+-#endif /* !__CRT__NO_INLINE // !__WIDL__ */
+-
+     typedef struct _MESSAGE_RESOURCE_ENTRY {
+       WORD Length;
+       WORD Flags;
+-- 
+2.37.3.windows.1
+


=====================================
contrib/src/mingw64/0019-headers-use-inline-version-of-RtlSecureZeroMemory-fo.patch
=====================================
@@ -0,0 +1,46 @@
+From e810b0d5c51842a1cda4376dad7209458ad8fee0 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 9 Aug 2023 10:57:25 +0200
+Subject: [PATCH 19/19] headers: use inline version of RtlSecureZeroMemory for
+ UCRT builds
+
+There's an intrinsic version in the kernel32 library. But it's not supposed
+to be used with UCRT builds.
+
+RtlSecureZeroMemory is not found in -O0 + UCRT builds without this fix.
+
+In the Windows SDK it's a forced inline version no matter what.
+(and there's an ARM version)
+---
+ mingw-w64-headers/include/winnt.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h
+index a49dd6ab8..7bd6d4bfe 100644
+--- a/mingw-w64-headers/include/winnt.h
++++ b/mingw-w64-headers/include/winnt.h
+@@ -8929,10 +8929,8 @@ typedef DWORD (WINAPI *PRTL_RUN_ONCE_INIT_FN)(PRTL_RUN_ONCE, PVOID, PVOID *);
+ #define HEAP_PSEUDO_TAG_FLAG 0x8000
+ #define HEAP_TAG_SHIFT 18
+ 
+-    PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt);
+-
+-#if !defined (__CRT__NO_INLINE) && !defined (__WIDL__)
+-    __CRT_INLINE PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt) {
++#if (!defined (__CRT__NO_INLINE) || defined(_UCRT)) && !defined (__WIDL__)
++    __forceinline PVOID RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt) {
+       volatile char *vptr =(volatile char *)ptr;
+ #ifdef __x86_64
+       __stosb((PBYTE)((DWORD64)vptr),0,cnt);
+@@ -8944,6 +8942,8 @@ typedef DWORD (WINAPI *PRTL_RUN_ONCE_INIT_FN)(PRTL_RUN_ONCE, PVOID, PVOID *);
+ #endif /* __x86_64 */
+       return ptr;
+     }
++#else // intrinsic in kernel32
++    PVOID WINAPI RtlSecureZeroMemory(PVOID ptr,SIZE_T cnt);
+ #endif /* !__CRT__NO_INLINE // !__WIDL__ */
+ 
+ /* Let this macro fail for non-desktop mode.  AFAIU this should be better an inline-function ... */
+-- 
+2.37.3.windows.1
+


=====================================
contrib/src/mingw64/rules.mak
=====================================
@@ -73,6 +73,8 @@ mingw64: mingw-w64-v$(MINGW64_VERSION).tar.bz2 .sum-mingw64
 	$(APPLY) $(SRC)/mingw64/0015-headers-enabled-LoadLibraryEx-flags-in-Win10-19H1-UW.patch
 	$(APPLY) $(SRC)/mingw64/0016-headers-Allow-SetDllDirectoryW-A-API-in-Win10-19H1-U.patch
 	$(APPLY) $(SRC)/mingw64/0017-headers-allow-FORMAT_MESSAGE_ALLOCATE_BUFFER-in-UWP.patch
+	$(APPLY) $(SRC)/mingw64/0018-headers-allow-RtlSecureZeroMemory-in-all-targets.patch
+	$(APPLY) $(SRC)/mingw64/0019-headers-use-inline-version-of-RtlSecureZeroMemory-fo.patch
 	$(APPLY) $(SRC)/mingw64/0001-headers-allow-CryptAcquireContext-in-Win10-RS4-UWP-b.patch
 	$(APPLY) $(SRC)/mingw64/0002-headers-allow-CryptGenRandom-in-Win10-19H1-UWP-build.patch
 	$(APPLY) $(SRC)/mingw64/0003-headers-allow-more-wincrypt-API-s-in-Win10-RS4-UWP-b.patch
@@ -172,6 +174,7 @@ endif
 	install $</mingw-w64-headers/include/winreg.h       "$(PREFIX)/include"
 	install $</mingw-w64-headers/include/handleapi.h    "$(PREFIX)/include"
 	install $</mingw-w64-headers/include/wincrypt.h     "$(PREFIX)/include"
+	install $</mingw-w64-headers/include/winnt.h        "$(PREFIX)/include"
 
 	# Trick mingw-w64 into just building libwindowsapp.a
 	$(MAKEBUILDDIR)



View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/7e75cb6e49eeca66418fbe219476d970a1030134...e8af0221767591b35c81561b8308f5051e594055

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/7e75cb6e49eeca66418fbe219476d970a1030134...e8af0221767591b35c81561b8308f5051e594055
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance

More information about the vlc-commits mailing list