From 185292a06b369115e573ba18f6b067e54bfc5313 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Sun, 2 Apr 2023 03:24:16 +0000
Subject: [PATCH] build: make `HAVE_LIBCRYPT32` local to `wincng.c`

libssh2 uses `wincrypt.h` aka the `crypt32` Windows system library
for the function `CryptDecodeObjectEx()` [1]. This function has been
available for Win32 (and UWP/WinRT apps) for a long while. Even old
MinGW supports it, and also Watcom 1.9, of the rare/old compilers
I checked.

CMake had it permanently enabled, while it also did an extra check
for the header to add the lib to the lib list. Autotools did the
detection proper. Other builds had it permanently enabled.

It seems safe to assume this function/header/lib is available in all
environments we support.

In this patch we simplify by deleting these detections and feature
flags from all build tools.

Keep the feature flag internal to `wincng.h`, and for extra safety add
the new macro `LIBSSH2_WINCNG_DISABLE_WINCRYPT` do disable it via
custom `CPPFLAGS`.

WinCNG's other requirement is `bcrypt`. That also has been universally
available for a long time. Here the only known outlier is old/legacy
MinGW, which is missing support.

[1] https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobjectex

Closes #916
---
 CMakeLists.txt                | 14 ++------------
 Makefile.WinCNG.inc           |  2 +-
 acinclude.m4                  |  7 ++-----
 os400/libssh2_config.h        |  3 ---
 src/libssh2_config_cmake.h.in |  3 ---
 src/wincng.c                  |  6 +++++-
 win32/libssh2_config.h        |  1 -
 7 files changed, 10 insertions(+), 26 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6f0d5c8d..cfe63b18 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -338,18 +338,8 @@ if(CRYPTO_BACKEND STREQUAL "WinCNG" OR NOT CRYPTO_BACKEND)
     set(CRYPTO_BACKEND_DEFINE "LIBSSH2_WINCNG")
     set(CRYPTO_BACKEND_INCLUDE_DIR "")
 
-    set(HAVE_LIBCRYPT32 TRUE)
-    list(APPEND LIBRARIES bcrypt)
-    list(APPEND PC_LIBS -lbcrypt)
-
-    # Reading keys from files is optional and depends on Wincrypt
-    check_include_files("windows.h;wincrypt.h" HAVE_WINCRYPT_H)
-
-    if(HAVE_WINCRYPT_H)
-      list(APPEND LIBRARIES crypt32)
-      list(APPEND PC_LIBS -lcrypt32)
-    endif()
-
+    list(APPEND LIBRARIES crypt32 bcrypt)
+    list(APPEND PC_LIBS -lcrypt32 -lbcrypt)
   elseif(${SPECIFIC_CRYPTO_REQUIREMENT} STREQUAL ${REQUIRED})
     message(FATAL_ERROR "WinCNG not available")
   endif()
diff --git a/Makefile.WinCNG.inc b/Makefile.WinCNG.inc
index bbcb82bf..09e41096 100644
--- a/Makefile.WinCNG.inc
+++ b/Makefile.WinCNG.inc
@@ -1,3 +1,3 @@
 CRYPTO_CSOURCES = wincng.c
 CRYPTO_HHEADERS = wincng.h
-CRYPTO_LTLIBS = $(LTLIBBCRYPT) $(LTLIBCRYPT32)
+CRYPTO_LTLIBS = $(LTLIBBCRYPT)
diff --git a/acinclude.m4 b/acinclude.m4
index 130ac8bb..85de8c14 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -449,10 +449,8 @@ m4_case([$1],
 [wincng], [
   # Look for Windows Cryptography API: Next Generation
 
-  LIBSSH2_LIB_HAVE_LINKFLAGS([crypt32], [], [
-    #include <windows.h>
-    #include <wincrypt.h>
-  ])
+  LIBS="$LIBS -lcrypt32"
+
   LIBSSH2_LIB_HAVE_LINKFLAGS([bcrypt], [], [
     #include <windows.h>
     #include <bcrypt.h>
@@ -504,4 +502,3 @@ AC_HELP_STRING([--disable-werror],[Disable compiler warnings as errors]),
     CFLAGS="$CFLAGS -Werror"
   fi
 ])
-
diff --git a/os400/libssh2_config.h b/os400/libssh2_config.h
index 1c07d1f2..f3bf725d 100644
--- a/os400/libssh2_config.h
+++ b/os400/libssh2_config.h
@@ -77,9 +77,6 @@
 /* use Ioctlsocket() for non-blocking sockets */
 #undef HAVE_IOCTLSOCKET_CASE
 
-/* Define if you have the crypt32 library. */
-#undef HAVE_LIBCRYPT32
-
 /* Define if you have the gcrypt library. */
 #undef HAVE_LIBGCRYPT
 
diff --git a/src/libssh2_config_cmake.h.in b/src/libssh2_config_cmake.h.in
index 2bca1e4a..ccace656 100644
--- a/src/libssh2_config_cmake.h.in
+++ b/src/libssh2_config_cmake.h.in
@@ -50,9 +50,6 @@
 #cmakedefine HAVE_ARPA_INET_H
 #cmakedefine HAVE_NETINET_IN_H
 
-/* Libraries */
-#cmakedefine HAVE_LIBCRYPT32
-
 /* Types */
 #cmakedefine HAVE_LONGLONG
 
diff --git a/src/wincng.c b/src/wincng.c
index e17ae454..46a29d85 100644
--- a/src/wincng.c
+++ b/src/wincng.c
@@ -48,6 +48,10 @@
 #define _WIN32_WINNT 0x0600
 #endif
 
+#if !defined(LIBSSH2_WINCNG_DISABLE_WINCRYPT) && !defined(HAVE_LIBCRYPT32)
+#define HAVE_LIBCRYPT32
+#endif
+
 /* specify the required libraries for dependencies using MSVC */
 #ifdef _MSC_VER
 #pragma comment(lib, "bcrypt.lib")
@@ -63,7 +67,7 @@
 #include <stdlib.h>
 
 #ifdef HAVE_LIBCRYPT32
-#include <wincrypt.h>
+#include <wincrypt.h>  /* for CryptDecodeObjectEx() */
 #endif
 
 #define PEM_RSA_HEADER "-----BEGIN RSA PRIVATE KEY-----"
diff --git a/win32/libssh2_config.h b/win32/libssh2_config.h
index da4af839..371ae634 100644
--- a/win32/libssh2_config.h
+++ b/win32/libssh2_config.h
@@ -9,7 +9,6 @@
 #define _CRT_SECURE_NO_DEPRECATE 1
 #endif
 
-#define HAVE_LIBCRYPT32
 #define HAVE_IOCTLSOCKET
 #define HAVE_SELECT
 #define HAVE_SNPRINTF