From e0fa7550c0458a95ea5ca011e1d8c405c18b0f1d Mon Sep 17 00:00:00 2001
From: Steve Lhomme <robux4@ycbcr.xyz>
Date: Wed, 27 May 2020 21:13:43 +0000
Subject: configure.ac: determine if the Vista APIs can be linked statically

If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
the build. We can assume that the minimum platform the code will run on is
Vista [1]

In that case there's no need to call API's (ncrypt) dynamically when it can be
done statically.

[1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt

Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
---
 .gitlab-ci.yml        | 36 ++++++++++++++++++++++++++++++++++++
 configure.ac          | 17 +++++++++++++++++
 lib/gnutls.pc.in      |  2 +-
 lib/system/keys-win.c |  8 +++++---
 4 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ccc4eddfa1..5ce88f2662 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -390,6 +390,42 @@ MinGW64.DLLs:
       - win64-build/
   retry: 1
 
+MinGW64.Vista+:
+  stage: stage1-testing
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+  script:
+  - ./bootstrap
+  - export CC="ccache x86_64-w64-mingw32-gcc"
+ # Target Vista instead of XP, currently the default in mingw
+  - export CPPFLAGS="-D_WIN32_WINT=0x600"
+  - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
+  - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
+  - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register
+  - mkdir -p build
+  - cd build
+  - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc
+  # generate the certtool autogen file to check whether later compilation will modify it
+  - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak
+  - mingw64-make -j$BUILDJOBS
+  - mingw64-make -j$CHECKJOBS -C tests check
+  - cd ..
+  # since we use --enable-local-libopts the generated files must equal the .bak
+  - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false
+  tags:
+  - shared
+  - docker
+  - linux
+  except:
+  - tags
+  artifacts:
+    expire_in: 1 week
+    when: on_failure
+    paths:
+      - build/*.log
+      - build/tests/*.log
+      - build/tests/*/*.log
+  retry: 1
+
 MinGW64:
   stage: stage1-testing
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
diff --git a/configure.ac b/configure.ac
index 3413a3dc99..9ea53b7344 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,7 @@ AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
 
 dnl Detect windows build
 use_accel=yes
+have_vista_dynamic=yes
 case "$host" in
   *android*)
     have_android=yes
@@ -121,6 +122,22 @@ case "$host" in
     AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
     LIB_CRYPT32="-lcrypt32"
     AC_SUBST([LIB_CRYPT32])
+    AC_PREPROC_IFELSE([AC_LANG_PROGRAM(
+      [[#include <windows.h>
+       #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
+       # error Vista APIs allowed statically
+       #endif
+      ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no])
+    AC_ARG_ENABLE(dyn_ncrypt,
+      AS_HELP_STRING([--enable-dyn-ncrypt], [use ncrypt dynamically]),
+      enable_dyn_ncrypt=$enableval, enable_dyn_ncrypt=$have_vista_dynamic
+    )
+    if test "x$enable_dyn_ncrypt" = "xyes"; then
+      AC_DEFINE([DYN_NCRYPT], 1, [Dynamic use of ncrypt API (win32)])
+    else
+      LIBNCRYPT="-lncrypt"
+    fi
+    AC_SUBST([LIBNCRYPT])
   ;;
   *darwin*)
     have_macosx=yes
diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
index 46a1eb5d85..15d3ab057c 100644
--- a/lib/gnutls.pc.in
+++ b/lib/gnutls.pc.in
@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
 URL: https://www.gnutls.org/
 Version: @VERSION@
 Libs: -L${libdir} -lgnutls
-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@
+Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@
 @GNUTLS_REQUIRES_PRIVATE@
 Cflags: -I${includedir}
diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
index 678a668e49..767e377040 100644
--- a/lib/system/keys-win.c
+++ b/lib/system/keys-win.c
@@ -26,6 +26,7 @@
 #define _WIN32_WINNT 0x600
 #endif
 
+#include <config.h>
 #include "gnutls_int.h"
 #include "errors.h"
 #include <gnutls/gnutls.h>
@@ -45,8 +46,6 @@
 #include <winbase.h>
 #include <winapifamily.h>
 
-#define DYN_NCRYPT
-
 #ifdef __MINGW32__
 # include <_mingw.h>
 # ifdef __MINGW64_VERSION_MAJOR
@@ -1487,13 +1486,16 @@ int _gnutls_system_key_init(void)
 		ret = GNUTLS_E_CRYPTO_INIT_FAILED;
 		goto fail;
 	}
-#endif
 	ncrypt_init = 1;
 
 	return 0;
  fail:
 	FreeLibrary(ncrypt_lib);
 	return ret;
+#else
+    ncrypt_init = 1;
+    return 0;
+#endif
 }
 
 void _gnutls_system_key_deinit(void)
-- 
cgit v1.2.1