[gnutls-devel] Building a MinGW port of GnuTLS 3.4.15

Eli Zaretskii eliz at gnu.org
Tue Oct 4 13:09:38 CEST 2016 

I've built and tested this version natively on MS-Windows using
mingw.org's MinGW tools.  I've bumped into some issues which I'd like
to report here:

1. There are relatively many compilation warnings, triggered by the
   warning options passed to the compiler.  I think most of the
   warnings are not Windows-specific.  I wonder if all of these
   switches are appropriate for production builds.  Some examples
   of the warnings include:

   . unused variables
   . comparison between signed and unsigned
   . stack frame size is larger than 2048 bytes (why such a low limit,
     when on modern platforms a program's stack size is something like
     2MB?)
   . mismatch in signedness between prototype and actual arguments
   . "cannot optimize loop, the loop counter may overflow"
   . use of visibility attribute, which non-ELF binaries don't
     support, in x86-common.c

2. system-keys-win.c was written using features that are available
   with the MinGW64 toolchain, but not with mingw.org's one.  I needed
   to add the missing stuff by hand; see the patch below.

3. libgnutls fails to link due to unresolved external rpl_fseek:

       CCLD     libgnutls.la
     opencdk/.libs/libminiopencdk.a(armor.o): In function `armor_decode':
     d:\gnu\gnutls-3.4.15\lib\opencdk/armor.c:232: undefined reference to `rpl_fseek'

     opencdk/.libs/libminiopencdk.a(stream.o): In function `cdk_stream_seek':
     d:\gnu\gnutls-3.4.15\lib\opencdk/stream.c:1081: undefined reference to `rpl_fseek'

   I reported this for 3.3.11 back in Dec 2014.

4. certuniqueid.c in the test suite uses %zd, which is not supported
   by the Windows runtime.

5. Test programs fail to run because they don't find the libgnutls
   shared library (which was not installed yet).  I fixed that by
   manually adding the directories with the DLLs to PATH, but I think
   the test suite should do that, because if a previous version of the
   same DLL is installed, the tests will silently use it instead of
   the one in the source tree, which might cause incorrect results and
   subtle failures.

6. "make install-strip" installs the *.def files in the ${prefix}/bin
   directory, whereas it should install them in ${prefix}/lib, I
   think.

7. The *.def file for the produced libgnutls-openssl-27.dll is
    libgnutls-openssl-30.def, for some reason.  Which version number
    is correct for libgnutls-openssl, 27 or 30?

8. benchmark.c doesn't declare the MS-Windows variant of alarm_handler
   'static', which causes a warning converted to error by the compiler
   switches, and stops the compilation.

9. certtool-cfg.c doesn't include the Gnulib-provided arpa/inet.h
   header, which triggers warnings about inet_pton missing a
   declaration.

10.The Gnulib stdio.h header declares all the functions of the *printf
   family using the __gnu_printf__ attribute, which then causes bogus
   warnings about %I64u format in certtool-cfg.c.  I already saw this
   in another package and reported to Gnulib here:

     https://lists.gnu.org/archive/html/bug-gnulib/2016-06/msg00018.html

   Paul Eggert replied here:

     https://lists.gnu.org/archive/html/bug-gnulib/2016-06/msg00021.html

   saying that packages need to use the printf-posix module to resolve
   this issue.

11.tests/utils.c lacks the 'sleep' function, which is needed for
   MinGW, as the Windows runtime lacks it.

HTH, and thanks for developing GnuTLS.

Here's the patch to build system-keys-win.c with mingw.org's tools:

--- ./lib/system-keys-win.c~0	2015-11-21 12:34:26.000000000 +0200
+++ ./lib/system-keys-win.c	2016-10-02 18:18:00.859375000 +0300
@@ -46,7 +46,32 @@
 
 #define DYN_NCRYPT
 
-#include <ncrypt.h>
+#ifdef __MINGW32__
+# include <_mingw.h>
+# ifdef __MINGW64_VERSION_MAJOR
+/* MinGW64 */
+#  include <ncrypt.h>
+# else
+/* mingw.org's MinGW */
+# include <security.h>
+# define BCRYPT_PAD_PKCS1 0x00000002
+# define BCRYPT_RSA_ALGORITHM L"RSA"
+# define BCRYPT_DSA_ALGORITHM L"DSA"
+# define BCRYPT_SHA1_ALGORITHM L"SHA1"
+# define BCRYPT_SHA256_ALGORITHM L"SHA256"
+# define BCRYPT_SHA384_ALGORITHM L"SHA384"
+# define BCRYPT_SHA512_ALGORITHM L"SHA512"
+# define BCRYPT_ECDSA_P256_ALGORITHM L"ECDSA_P256"
+# define BCRYPT_ECDSA_P384_ALGORITHM L"ECDSA_P384"
+# define BCRYPT_ECDSA_P521_ALGORITHM L"ECDSA_P521"
+  typedef ULONG_PTR NCRYPT_HANDLE;
+  typedef ULONG_PTR NCRYPT_PROV_HANDLE;
+  typedef ULONG_PTR NCRYPT_KEY_HANDLE;
+  typedef struct _BCRYPT_PKCS1_PADDING_INFO {
+    LPCWSTR pszAlgId;
+  } BCRYPT_PKCS1_PADDING_INFO;
+# endif
+#endif
 
 // MinGW headers may not have these defines
 #ifndef NCRYPT_SHA1_ALGORITHM

More information about the Gnutls-devel mailing list