tdf#159519 libxmlsec: avoid linking function not existent in Windows 7

xsec_xmlsec.dll is linked to libxmlsec-mscng.dll, which is
linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on
Windows 7.

Use GetProcAddress() to retrieve BCryptKeyDerivation at runtime; the
function is not used by LibreOffice.

(regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b)

Change-Id: I0c0c94ee0cdfd48ae7506d9dfb51fcaf8289d460
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163709
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

2 files changed, 53 insertions, 0 deletions

diff --git a/external/xmlsec/BCryptKeyDerivation.patch.1 b/external/xmlsec/BCryptKeyDerivation.patch.1
new file mode 100644
index 000000000000..3747915f87d2
--- /dev/null
+++ b/external/xmlsec/BCryptKeyDerivation.patch.1
@@ -0,0 +1,51 @@
+tdf#159519 Windows 7 does not have BCryptKeyDerivation
+
+It just occurred to me that these functions would of course not be called
+by LibreOffice so this is untested.
+
+--- xmlsec/src/mscng/pbkdf2.c.orig	2024-02-21 19:02:56.539534152 +0100
++++ xmlsec/src/mscng/pbkdf2.c	2024-02-21 19:01:03.282270354 +0100
+@@ -318,7 +318,20 @@
+     }
+ 
+     /* generate the output key */
++#if 1 // _WIN32_WINNT <= 0x0601
++    typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)(
++        BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG);
++    HMODULE hBCrypt = GetModuleHandle("bcrypt.dll");
++    BCryptKeyDerivationPtr pBCryptKeyDerivation =
++        (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation");
++    if(NULL == pBCryptKeyDerivation) {
++        xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status);
++        goto done;
++    }
++    status = (*pBCryptKeyDerivation)(
++#else
+     status = BCryptKeyDerivation(
++#endif
+         hKey,
+         &paramsPBKDF2,
+         pbOut,
+--- xmlsec/src/mscng/concatkdf.c.orig	2024-02-21 19:02:37.962490885 +0100
++++ xmlsec/src/mscng/concatkdf.c	2024-02-21 19:01:37.961351134 +0100
+@@ -318,7 +318,20 @@
+     }
+ 
+     /* generate the output key */
++#if 1 // _WIN32_WINNT <= 0x0601
++    typedef NTSTATUS (WINAPI * BCryptKeyDerivationPtr)(
++        BCRYPT_KEY_HANDLE, BCryptBufferDesc *, PUCHAR, ULONG, ULONG *, ULONG);
++    HMODULE hBCrypt = GetModuleHandle("bcrypt.dll");
++    BCryptKeyDerivationPtr pBCryptKeyDerivation =
++        (BCryptKeyDerivationPtr) GetProcAddress(hBCrypt, "BCryptKeyDerivation");
++    if(NULL == pBCryptKeyDerivation) {
++        xmlSecMSCngNtError("BCryptKeyDerivation", NULL, status);
++        goto done;
++    }
++    status = (*pBCryptKeyDerivation)(
++#else
+     status = BCryptKeyDerivation(
++#endif
+         hKey,
+         &paramsCONCATKDF2,
+         pbOut,
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 51d4f013bc0a..ad7b4b57c5f3 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -10,6 +10,8 @@
 xmlsec_patches :=
 # Remove this when Ubuntu 20.04 is EOL in 2025.
 xmlsec_patches += old-nss.patch.1
+# Remove this when Windows 7 is no longer supported
+xmlsec_patches += BCryptKeyDerivation.patch.1
 # Backport of https://github.com/lsh123/xmlsec/pull/754
 xmlsec_patches += xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1