[vlc-devel] [PATCH] contrib: gnutls: fix win32/winstore patches
Steve Lhomme
robux4 at ycbcr.xyz
Mon May 18 16:28:38 CEST 2020
From: Steve Lhomme <robux4 at videolabs.io>
GNUTLS 3.6.7 now uses the proper certification API.
We can also use ncrypt in UWP builds.
---
...ermine-if-the-Vista-APIs-can-be-link.patch | 46 ++++
...ect-static-linking-of-ncrypt-win32-i.patch | 74 +++++++
...-instead-of-wincrypt-on-Vista-for-ra.patch | 124 +++++++++++
...n32-allow-using-ncrypt-in-UWP-builds.patch | 61 ++++++
...ct-wincrypt-hash-calls-to-bcrypt-cal.patch | 204 ++++++++++++++++++
contrib/src/gnutls/gnutls-glib-win8.patch | 19 ++
contrib/src/gnutls/gnutls-glib-winstore.patch | 58 +++++
contrib/src/gnutls/gnutls-win32.patch | 21 --
contrib/src/gnutls/rules.mak | 14 +-
9 files changed, 598 insertions(+), 23 deletions(-)
create mode 100644 contrib/src/gnutls/0001-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
create mode 100644 contrib/src/gnutls/0002-configure.ac-select-static-linking-of-ncrypt-win32-i.patch
create mode 100644 contrib/src/gnutls/0003-win32-use-bcrypt-instead-of-wincrypt-on-Vista-for-ra.patch
create mode 100644 contrib/src/gnutls/0004-win32-allow-using-ncrypt-in-UWP-builds.patch
create mode 100644 contrib/src/gnutls/0005-WIP-win32-redirect-wincrypt-hash-calls-to-bcrypt-cal.patch
create mode 100644 contrib/src/gnutls/gnutls-glib-win8.patch
create mode 100644 contrib/src/gnutls/gnutls-glib-winstore.patch
delete mode 100644 contrib/src/gnutls/gnutls-win32.patch
diff --git a/contrib/src/gnutls/0001-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch b/contrib/src/gnutls/0001-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
new file mode 100644
index 000000000000..0c3fb0fde3f6
--- /dev/null
+++ b/contrib/src/gnutls/0001-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
@@ -0,0 +1,46 @@
+From 8a51453123c49260a820e7db53ce361a2cc8b9d2 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 29 Apr 2020 10:03:50 +0200
+Subject: [PATCH 1/5] configure.ac: determine if the Vista APIs can be linked
+ statically
+
+If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
+the build. We can assume that the minimum platform the code will run on is
+Vista [1]
+
+In that case there's no need to call API's (ncrypt) dynamically when it can be
+done statically.
+
+[1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
+---
+ configure.ac | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index b686726d1..e81988dc8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -111,6 +111,7 @@ AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+
+ dnl Detect windows build
+ use_accel=yes
++have_vista_dynamic=yes
+ case "$host" in
+ *android*)
+ have_android=yes
+@@ -119,6 +120,12 @@ case "$host" in
+ *mingw32* | *mingw64*)
+ have_win=yes
+ AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
++ AC_PREPROC_IFELSE([AC_LANG_PROGRAM(
++ [[#include <windows.h>
++ #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
++ # error Vista APIs allowed statically
++ #endif
++ ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no])
+ ;;
+ *darwin*)
+ have_macosx=yes
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0002-configure.ac-select-static-linking-of-ncrypt-win32-i.patch b/contrib/src/gnutls/0002-configure.ac-select-static-linking-of-ncrypt-win32-i.patch
new file mode 100644
index 000000000000..bbbf3690e615
--- /dev/null
+++ b/contrib/src/gnutls/0002-configure.ac-select-static-linking-of-ncrypt-win32-i.patch
@@ -0,0 +1,74 @@
+From 6457fddd9c900f90ac7d826bf4edf106881f3bb9 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 29 Apr 2020 10:11:16 +0200
+Subject: [PATCH 2/5] configure.ac: select static linking of ncrypt (win32) in
+ the configure script
+
+For builds targeting Vista or higher there's no reason to use it dynamically.
+
+In windows store builds LoadLibrary is not allowed (only LoadPackagedLibrary to
+load DLLs contained in the app package), so it's better not use dynamic loading
+when possible.
+---
+ configure.ac | 10 ++++++++++
+ lib/gnutls.pc.in | 2 +-
+ lib/system/keys-win.c | 3 +--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e81988dc8..d4dc0eb75 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -126,6 +126,16 @@ case "$host" in
+ # error Vista APIs allowed statically
+ #endif
+ ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no])
++ AC_ARG_ENABLE(dyn_ncrypt,
++ AS_HELP_STRING([--enable-dyn-ncrypt], [use ncrypt dynamically]),
++ enable_dyn_ncrypt=$enableval, enable_dyn_ncrypt=$have_vista_dynamic
++ )
++ if test "x$enable_dyn_ncrypt" = "xyes"; then
++ AC_DEFINE([DYN_NCRYPT], 1, [Dynamic use of ncrypt API (win32)])
++ else
++ LIBNCRYPT="-lncrypt"
++ fi
++ AC_SUBST([LIBNCRYPT])
+ ;;
+ *darwin*)
+ have_macosx=yes
+diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
+index ffad3e168..f5d950b10 100644
+--- a/lib/gnutls.pc.in
++++ b/lib/gnutls.pc.in
+@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
+ URL: https://www.gnutls.org/
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@
++Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@ @LIBNCRYPT@
+ @GNUTLS_REQUIRES_PRIVATE@
+ Cflags: -I${includedir}
+diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
+index 678a668e4..5843a840f 100644
+--- a/lib/system/keys-win.c
++++ b/lib/system/keys-win.c
+@@ -26,6 +26,7 @@
+ #define _WIN32_WINNT 0x600
+ #endif
+
++#include <config.h>
+ #include "gnutls_int.h"
+ #include "errors.h"
+ #include <gnutls/gnutls.h>
+@@ -45,8 +46,6 @@
+ #include <winbase.h>
+ #include <winapifamily.h>
+
+-#define DYN_NCRYPT
+-
+ #ifdef __MINGW32__
+ # include <_mingw.h>
+ # ifdef __MINGW64_VERSION_MAJOR
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0003-win32-use-bcrypt-instead-of-wincrypt-on-Vista-for-ra.patch b/contrib/src/gnutls/0003-win32-use-bcrypt-instead-of-wincrypt-on-Vista-for-ra.patch
new file mode 100644
index 000000000000..a42a06eaed4a
--- /dev/null
+++ b/contrib/src/gnutls/0003-win32-use-bcrypt-instead-of-wincrypt-on-Vista-for-ra.patch
@@ -0,0 +1,124 @@
+From 9687c5b7cbf1f4485450ea7c5c22ff4c2390ee38 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 29 Apr 2020 10:32:08 +0200
+Subject: [PATCH 3/5] win32: use bcrypt instead of wincrypt on Vista+ for
+ random numbers
+
+wincrypt is a deprecated API [1] that is forbidden in UWP builds.
+
+Rewrite the wincrypt calls in bcrypt.
+
+https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
+---
+ configure.ac | 12 ++++++++++++
+ lib/gnutls.pc.in | 2 +-
+ lib/nettle/sysrng-windows.c | 27 +++++++++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index d4dc0eb75..f0aa90623 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -545,6 +545,18 @@ fi
+
+ AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
+
++AC_ARG_ENABLE(bcrypt,
++AS_HELP_STRING([--enable-bcrypt],
++ [use bcrypt for random generator on Windows (otherwise wincrypt)]),
++ use_win_bcrypt=$enableval, use_win_bcrypt=no)
++if test "x$have_vista_dynamic" = "xno"; then
++ if test "x$use_win_bcrypt" != xno; then
++ AC_CHECK_TYPES([BCRYPT_ALG_HANDLE],[LIBBCRYPT="-lbcrypt"],[],[#include <windows.h>
++ #include <bcrypt.h>])
++ fi
++fi
++AC_SUBST([LIBBCRYPT])
++
+ AC_ARG_ENABLE(non-suiteb-curves,
+ AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
+ enable_non_suiteb=$enableval, enable_non_suiteb=yes)
+diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
+index f5d950b10..897eb0579 100644
+--- a/lib/gnutls.pc.in
++++ b/lib/gnutls.pc.in
+@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
+ URL: https://www.gnutls.org/
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@ @LIBNCRYPT@
++Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@ @LIBNCRYPT@ @LIBBCRYPT@
+ @GNUTLS_REQUIRES_PRIVATE@
+ Cflags: -I${includedir}
+
+diff --git a/lib/nettle/sysrng-windows.c b/lib/nettle/sysrng-windows.c
+index 9d38e67ec..9c0fc641a 100644
+--- a/lib/nettle/sysrng-windows.c
++++ b/lib/nettle/sysrng-windows.c
+@@ -46,18 +46,33 @@
+ */
+
+ #include <windows.h>
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++#include <bcrypt.h>
++#else
+ #include <wincrypt.h>
++#endif
+
+ get_entropy_func _rnd_get_system_entropy = NULL;
+
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++static BCRYPT_ALG_HANDLE device_fd = 0;
++#else
+ static HCRYPTPROV device_fd = 0;
++#endif
+
+ static
+ int _rnd_get_system_entropy_win32(void* rnd, size_t size)
+ {
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++ NTSTATUS err = BCryptGenRandom(device_fd, rnd, size, 0);
++ if (!BCRYPT_SUCCESS(err)) {
++ _gnutls_debug_log("Error in BCryptGenRandom: %ld\n",
++ err);
++#else
+ if (!CryptGenRandom(device_fd, (DWORD) size, rnd)) {
+ _gnutls_debug_log("Error in CryptGenRandom: %d\n",
+ (int)GetLastError());
++#endif
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+@@ -71,11 +86,19 @@ int _rnd_system_entropy_check(void)
+
+ int _rnd_system_entropy_init(void)
+ {
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++ NTSTATUS err = BCryptOpenAlgorithmProvider
++ (&device_fd, BCRYPT_RNG_ALGORITHM, NULL, 0);
++ if (!BCRYPT_SUCCESS(err)) {
++ _gnutls_debug_log
++ ("error in BCryptOpenAlgorithmProvider!\n");
++#else
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
+ _gnutls_debug_log
+ ("error in CryptAcquireContext!\n");
++#endif
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+@@ -85,5 +108,9 @@ int _rnd_system_entropy_init(void)
+
+ void _rnd_system_entropy_deinit(void)
+ {
++#ifdef HAVE_BCRYPT_ALG_HANDLE
++ BCryptCloseAlgorithmProvider(device_fd, 0);
++#else
+ CryptReleaseContext(device_fd, 0);
++#endif
+ }
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0004-win32-allow-using-ncrypt-in-UWP-builds.patch b/contrib/src/gnutls/0004-win32-allow-using-ncrypt-in-UWP-builds.patch
new file mode 100644
index 000000000000..0d49920c44d1
--- /dev/null
+++ b/contrib/src/gnutls/0004-win32-allow-using-ncrypt-in-UWP-builds.patch
@@ -0,0 +1,61 @@
+From 04ac8bd283c42da3c8e55c023789a37e8980c9d7 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Thu, 30 Apr 2020 07:32:41 +0200
+Subject: [PATCH 4/5] win32: allow using ncrypt in UWP builds
+
+The API is not forbidden anymore in windows 10.
+
+The case where the provider is not found and wincrypt needs to be used is not
+supported in UWP apps yet.
+
+https://docs.microsoft.com/en-us/uwp/win32-and-com/win32-apis#apis-from-ncryptdll
+---
+ lib/system/keys-win.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
+index 5843a840f..e3e0cc5a1 100644
+--- a/lib/system/keys-win.c
++++ b/lib/system/keys-win.c
+@@ -612,9 +612,9 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
+ -*/
+ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ {
+-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && _WIN32_WINNT < 0x0A00 /*win10*/
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+-#else
++#else /* !WINAPI_PARTITION_APP || _WIN32_WINNT_WIN10 */
+ uint8_t id[MAX_WID_SIZE];
+ HCERTSTORE store = NULL;
+ size_t id_size;
+@@ -752,6 +752,9 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ goto cleanup;
+ }
+ } else {
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
++#else /* !WINAPI_PARTITION_APP */
+ /* this should be CAPI */
+ _gnutls_debug_log
+ ("error in opening CNG keystore: %x from %ls\n", (int)r,
+@@ -844,6 +847,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ gnutls_assert();
+ goto cleanup;
+ }
++#endif /* !WINAPI_PARTITION_APP */
+ }
+ ret = 0;
+ cleanup:
+@@ -864,7 +868,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+
+ CertCloseStore(store, 0);
+ return ret;
+-#endif
++#endif /* !WINAPI_PARTITION_APP || _WIN32_WINNT_WIN10 */
+ }
+
+ int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0005-WIP-win32-redirect-wincrypt-hash-calls-to-bcrypt-cal.patch b/contrib/src/gnutls/0005-WIP-win32-redirect-wincrypt-hash-calls-to-bcrypt-cal.patch
new file mode 100644
index 000000000000..e76eba24cd1c
--- /dev/null
+++ b/contrib/src/gnutls/0005-WIP-win32-redirect-wincrypt-hash-calls-to-bcrypt-cal.patch
@@ -0,0 +1,204 @@
+From 2141d8397b3ccc9ccf69f3310672762808b173cf Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Thu, 30 Apr 2020 07:35:39 +0200
+Subject: [PATCH 5/5] WIP win32: redirect wincrypt hash calls to bcrypt calls
+
+Only supported for builds targeting Vista+.
+---
+ lib/system/keys-win.c | 130 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 122 insertions(+), 8 deletions(-)
+
+diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
+index e3e0cc5a1..8b1e136e3 100644
+--- a/lib/system/keys-win.c
++++ b/lib/system/keys-win.c
+@@ -43,6 +43,119 @@
+ #endif
+
+ #include <wincrypt.h>
++#ifndef HAVE_BCRYPT_ALG_HANDLE
++typedef HCRYPTPROV GNUTLS_HCRYPTPROV_;
++typedef HCRYPTHASH GNUTLS_HCRYPTHASH_;
++typedef HCRYPTKEY GNUTLS_HCRYPTKEY_;
++#define Gnutls_CryptReleaseContext(h,d) CryptReleaseContext(h,d)
++#else /* HAVE_BCRYPT_ALG_HANDLE */
++/* rewrite wincrypt calls into bcrypt calls */
++# include <bcrypt.h>
++typedef struct {
++ BCRYPT_ALG_HANDLE hh;
++} GNUTLS_HCRYPTPROV_;
++typedef struct {
++ BCRYPT_HASH_HANDLE hHash;
++ BCRYPT_KEY_HANDLE hKey; // TODO
++ UCHAR hashObject[MAX_HASH_SIZE];
++ DWORD hashSize;
++ PUCHAR pMessageDigest;
++ DWORD sMessageDigest; // TODO
++} GNUTLS_HCRYPTHASH_;
++typedef BCRYPT_KEY_HANDLE GNUTLS_HCRYPTKEY_;
++
++static BOOL CryptCreateHash(GNUTLS_HCRYPTPROV_ hProv, ALG_ID Algid, BCRYPT_KEY_HANDLE hKey, DWORD dwFlags, GNUTLS_HCRYPTHASH_ *phHash)
++{
++ NTSTATUS ret;
++ LPCWSTR pAlgo;
++ ULONG cbResult;
++ NTSTATUS ret;
++
++ switch (Algid)
++ {
++ case CALG_MD5: pAlgo = BCRYPT_MD5_ALGORITHM; break;
++ case CALG_SHA1: pAlgo = BCRYPT_SHA1_ALGORITHM; break;
++ case CALG_SHA_256: pAlgo = BCRYPT_SHA256_ALGORITHM; break;
++ case CALG_SHA_384: pAlgo = BCRYPT_SHA384_ALGORITHM; break;
++ case CALG_SHA_512: pAlgo = BCRYPT_SHA512_ALGORITHM; break;
++ case CALG_SSL3_SHAMD5: pAlgo = BCRYPT_MD5_ALGORITHM; break;
++ case CALG_RSA_SIGN: pAlgo = BCRYPT_RSA_SIGN_ALGORITHM; break; /* not supported ? */
++ case CALG_DSS_SIGN: pAlgo = BCRYPT_DSA_ALGORITHM; break;
++ default: return FALSE;
++ }
++ ret = BCryptOpenAlgorithmProvider(&hProv->hh, pAlgo, NULL, 0);
++ if (!BCRYPT_SUCCESS(ret))
++ return FALSE;
++
++ ret = BCryptGetProperty(hProv->hh, BCRYPT_OBJECT_LENGTH, &phHash->hashSize, sizeof(phHash->hashSize), &cbResult, 0);
++ if (!BCRYPT_SUCCESS(ret))
++ goto fail;
++
++ if (phHash->hashSize > sizeof(phHash->hashObject))
++ goto fail;
++
++ ret = BCryptCreateHash(hProv->hh, phHash->hHash, phHash->hashObject, phHash->hashSize, NULL, 0, 0);
++ if (!BCRYPT_SUCCESS(ret))
++ goto fail;
++
++ phHash->pMessageDigest = NULL;
++ phHash->sMessageDigest = NULL;
++ return BCRYPT_SUCCESS(ret);
++fail:
++ BCryptCloseAlgorithmProvider(hProv->hh);
++ return FALSE;
++}
++
++static BOOL CryptSetHashParam(GNUTLS_HCRYPTHASH_ hHash, DWORD dwParam, PUCHAR pbData, DWORD dwFlags)
++{
++ if (dwParam != HP_HASHVAL)
++ return FALSE;
++ memcpy(hHash->hashObject, pbData, phHash->hashSize);
++ return TRUE;
++}
++
++static BOOL CryptGetHashParam(GNUTLS_HCRYPTHASH_ hHash, DWORD dwParam, PUCHAR pbData, DWORD *pdwDataLen, DWORD dwFlags)
++{
++ if (dwParam != HP_HASHSIZE || *pdwDataLen != sizeof(DWORD))
++ return FALSE;
++ *pdwDataLen = phHash->hashSize;
++ return TRUE;
++}
++
++static BOOL CryptSignHash(GNUTLS_HCRYPTHASH_ hHash, DWORD dwKeySpec, LPCTSTR sDescription, DWORD dwFlags, BYTE *pbSignature, DWORD *pdwSigLen)
++{
++ ULONG cbResult;
++ (void)szDescription; (void) dwFlags;
++ if (pdwSigLen == NULL)
++ return FALSE;
++ NTSTATUS ret = BCryptSignHash(hHash->hKey, NULL, hHash->pMessageDigest, hHash->sMessageDigest, pbSignature, *pdwSigLen, &cbResult);
++ *pdwSigLen = cbResult;
++ return BCRYPT_SUCCESS(ret);
++}
++
++static BOOL CryptDestroyHash(GNUTLS_HCRYPTHASH_ hHash)
++{
++ NTSTATUS ret = BCryptDestroyHash(hHash->hHash);
++ return BCRYPT_SUCCESS(ret);
++}
++
++static BOOL Gnutls_CryptReleaseContext(GNUTLS_HCRYPTPROV_ hProv, DWORD dwFlags)
++{
++ NTSTATUS ret = BCryptCloseAlgorithmProvider(hProv->hh, dwFlags);
++ return BCRYPT_SUCCESS(ret);
++}
++
++static BOOL CryptDecrypt(GNUTLS_HCRYPTPROV_ hKey, GNUTLS_HCRYPTHASH_ hHash, BOOL Final, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
++{
++#if 1 /* TODO */
++ return FALSE;
++#else
++ NTSTATUS ret = BCryptDecrypt(hKey, );
++ return BCRYPT_SUCCESS(ret);
++#endif
++}
++#endif /* HAVE_BCRYPT_ALG_HANDLE */
++
+ #include <winbase.h>
+ #include <winapifamily.h>
+
+@@ -110,7 +223,7 @@ struct system_key_iter_st {
+
+ typedef struct priv_st {
+ DWORD dwKeySpec; /* CAPI key */
+- HCRYPTPROV hCryptProv; /* CAPI keystore */
++ GNUTLS_HCRYPTPROV_ hCryptProv; /* CAPI keystore */
+ NCRYPT_KEY_HANDLE nc; /* CNG Keystore */
+ gnutls_pk_algorithm_t pk;
+ gnutls_sign_algorithm_t sign_algo;
+@@ -253,7 +366,7 @@ int capi_sign(gnutls_privkey_t key, void *userdata,
+ {
+ priv_st *priv = (priv_st *) userdata;
+ ALG_ID Algid;
+- HCRYPTHASH hHash = NULL;
++ GNUTLS_HCRYPTHASH_ hHash = NULL;
+ uint8_t digest[MAX_HASH_SIZE];
+ unsigned int digest_size;
+ gnutls_digest_algorithm_t algo;
+@@ -421,7 +534,7 @@ static
+ void capi_deinit(gnutls_privkey_t key, void *userdata)
+ {
+ priv_st *priv = (priv_st *) userdata;
+- CryptReleaseContext(priv->hCryptProv, 0);
++ Gnutls_CryptReleaseContext(priv->hCryptProv, 0);
+ gnutls_free(priv);
+ }
+
+@@ -622,7 +735,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ CRYPT_HASH_BLOB blob;
+ CRYPT_KEY_PROV_INFO *kpi = NULL;
+ NCRYPT_KEY_HANDLE nc = NULL;
+- HCRYPTPROV hCryptProv = NULL;
++ GNUTLS_HCRYPTPROV_ hCryptProv = NULL;
+ NCRYPT_PROV_HANDLE sctx = NULL;
+ DWORD kpi_size;
+ SECURITY_STATUS r;
+@@ -752,9 +865,10 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ goto cleanup;
+ }
+ } else {
+-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && !defined(HAVE_BCRYPT_ALG_HANDLE)
++ /* TODO */
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+-#else /* !WINAPI_PARTITION_APP */
++#else /* !WINAPI_PARTITION_APP || HAVE_BCRYPT_ALG_HANDLE */
+ /* this should be CAPI */
+ _gnutls_debug_log
+ ("error in opening CNG keystore: %x from %ls\n", (int)r,
+@@ -847,7 +961,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ gnutls_assert();
+ goto cleanup;
+ }
+-#endif /* !WINAPI_PARTITION_APP */
++#endif /* !WINAPI_PARTITION_APP || HAVE_BCRYPT_ALG_HANDLE */
+ }
+ ret = 0;
+ cleanup:
+@@ -855,7 +969,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ if (nc != 0)
+ pNCryptFreeObject(nc);
+ if (hCryptProv != 0)
+- CryptReleaseContext(hCryptProv, 0);
++ Gnutls_CryptReleaseContext(hCryptProv, 0);
+ gnutls_free(priv);
+ }
+ if (sctx != 0)
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/gnutls-glib-win8.patch b/contrib/src/gnutls/gnutls-glib-win8.patch
new file mode 100644
index 000000000000..ee448f4b750f
--- /dev/null
+++ b/contrib/src/gnutls/gnutls-glib-win8.patch
@@ -0,0 +1,19 @@
+--- gnutls/gl/gettimeofday.c.win8 2020-04-29 11:11:57.088504900 +0200
++++ gnutls/gl/gettimeofday.c 2020-04-29 11:12:45.608217800 +0200
+@@ -45,12 +45,16 @@ static BOOL initialized = FALSE;
+ static void
+ initialize (void)
+ {
++#if _WIN32_WINNT >= _WIN32_WINNT_WIN8
++ GetSystemTimePreciseAsFileTimeFunc = GetSystemTimePreciseAsFileTime;
++#else // !_WIN32_WINNT_WIN8
+ HMODULE kernel32 = LoadLibrary ("kernel32.dll");
+ if (kernel32 != NULL)
+ {
+ GetSystemTimePreciseAsFileTimeFunc =
+ (GetSystemTimePreciseAsFileTimeFuncType) GetProcAddress (kernel32, "GetSystemTimePreciseAsFileTime");
+ }
++#endif // !_WIN32_WINNT_WIN8
+ initialized = TRUE;
+ }
+
diff --git a/contrib/src/gnutls/gnutls-glib-winstore.patch b/contrib/src/gnutls/gnutls-glib-winstore.patch
new file mode 100644
index 000000000000..8a56c71c1143
--- /dev/null
+++ b/contrib/src/gnutls/gnutls-glib-winstore.patch
@@ -0,0 +1,58 @@
+--- gnutls/gl/stat-w32.c.winstore 2020-05-15 08:03:05.774476300 +0200
++++ gnutls/gl/stat-w32.c 2020-05-15 07:58:02.361981500 +0200
+@@ -52,15 +52,27 @@ static GetFileInformationByHandleExFuncT
+ #endif
+ /* GetFinalPathNameByHandle was introduced only in Windows Vista. */
+ typedef DWORD (WINAPI * GetFinalPathNameByHandleFuncType) (HANDLE hFile,
+- LPTSTR lpFilePath,
++ LPSTR lpFilePath,
+ DWORD lenFilePath,
+ DWORD dwFlags);
+ static GetFinalPathNameByHandleFuncType GetFinalPathNameByHandleFunc = NULL;
+ static BOOL initialized = FALSE;
+
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++// not defined in some mingw versions
++WINBASEAPI DWORD WINAPI GetFinalPathNameByHandleA (HANDLE hFile, LPSTR lpszFilePath, DWORD cchFilePath, DWORD dwFlags);
++#endif
++
+ static void
+ initialize (void)
+ {
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++ /* LoadLibrary not allowed but the functions are available directly */
++#if _GL_WINDOWS_STAT_INODES == 2
++ GetFileInformationByHandleExFunc = GetFileInformationByHandleEx;
++#endif
++ GetFinalPathNameByHandleFunc = GetFinalPathNameByHandleA;
++#else /* !WINAPI_PARTITION_APP */
+ HMODULE kernel32 = LoadLibrary ("kernel32.dll");
+ if (kernel32 != NULL)
+ {
+@@ -71,6 +83,7 @@ initialize (void)
+ GetFinalPathNameByHandleFunc =
+ (GetFinalPathNameByHandleFuncType) GetProcAddress (kernel32, "GetFinalPathNameByHandleA");
+ }
++#endif /* WINAPI_PARTITION_APP */
+ initialized = TRUE;
+ }
+
+@@ -135,6 +148,10 @@ _gl_fstat_by_handle (HANDLE h, const cha
+ if (!initialized)
+ initialize ();
+
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++ errno = EACCES;
++ return -1;
++#else /* WINAPI_PARTITION_APP */
+ /* st_mode can be determined through
+ GetFileAttributesEx
+ <https://msdn.microsoft.com/en-us/library/aa364946.aspx>
+@@ -342,6 +359,7 @@ _gl_fstat_by_handle (HANDLE h, const cha
+ #endif
+
+ return 0;
++#endif /* !WINAPI_PARTITION_APP */
+ }
+ else if (type == FILE_TYPE_CHAR || type == FILE_TYPE_PIPE)
+ {
diff --git a/contrib/src/gnutls/gnutls-win32.patch b/contrib/src/gnutls/gnutls-win32.patch
deleted file mode 100644
index d851d9d7fb3a..000000000000
--- a/contrib/src/gnutls/gnutls-win32.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- gnutls.old/lib/includes/gnutls/gnutls.h.in 2016-07-01 22:44:49.319398504 +0200
-+++ gnutls/lib/includes/gnutls/gnutls.h.in 2016-07-01 22:48:00.515407625 +0200
-@@ -68,7 +68,7 @@
- #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
-
- #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
--# define _SYM_EXPORT __declspec(dllimport)
-+# define _SYM_EXPORT
- #else
- # define _SYM_EXPORT
- #endif
---- gnutls-3.5.16/lib/gnutls.pc.in.orig 2017-12-26 16:20:40.969104489 +0100
-+++ gnutls-3.5.16/lib/gnutls.pc.in 2017-12-26 16:22:53.817108430 +0100
-@@ -19,6 +19,6 @@
- URL: http://www.gnutls.org/
- Version: @VERSION@
- Libs: -L${libdir} -lgnutls
--Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@
-+Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ -lcrypt32 @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@
- @GNUTLS_REQUIRES_PRIVATE@
- Cflags: -I${includedir}
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index b5febd479ffb..af7d87a11377 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -23,13 +23,19 @@ gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls
$(UNPACK)
$(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-static.patch
ifdef HAVE_WIN32
- $(APPLY) $(SRC)/gnutls/gnutls-win32.patch
+ $(APPLY) $(SRC)/gnutls/gnutls-glib-win8.patch
+ $(APPLY) $(SRC)/gnutls/gnutls-glib-winstore.patch
+ $(APPLY) $(SRC)/gnutls/0001-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
+ $(APPLY) $(SRC)/gnutls/0002-configure.ac-select-static-linking-of-ncrypt-win32-i.patch
+ $(APPLY) $(SRC)/gnutls/0003-win32-use-bcrypt-instead-of-wincrypt-on-Vista-for-ra.patch
+ $(APPLY) $(SRC)/gnutls/0004-win32-allow-using-ncrypt-in-UWP-builds.patch
+ # $(APPLY) $(SRC)/gnutls/0005-WIP-win32-redirect-wincrypt-hash-calls-to-bcrypt-cal.patch
endif
ifdef HAVE_ANDROID
$(APPLY) $(SRC)/gnutls/no-create-time-h.patch
endif
$(call pkg_static,"lib/gnutls.pc.in")
- $(UPDATE_AUTOCONFIG)
+ $(UPDATE_AUTOCONFIG) && cd $(UNPACK_DIR) && rm -rf aclocal.m4
$(MOVE)
GNUTLS_CONF := \
@@ -56,6 +62,7 @@ ifdef HAVE_ANDROID
GNUTLS_ENV += gl_cv_header_working_stdint_h=yes
endif
ifdef HAVE_WINSTORE
+ GNUTLS_CONF += --enable-bcrypt
ifeq ($(ARCH),x86_64)
GNUTLS_CONF += --disable-hardware-acceleration
endif
@@ -73,6 +80,9 @@ ifdef HAVE_NACL
endif
.gnutls: gnutls
+# ifdef HAVE_WIN32
+# $(RECONF)
+# endif
cd $< && $(GNUTLS_ENV) ./configure $(GNUTLS_CONF)
cd $< && $(MAKE) -C gl install
cd $< && $(MAKE) -C lib install
--
2.26.2
More information about the vlc-devel
mailing list