windows: reduce/stop loading DLLs at runtime

[vszakats]

• replace dynamic InitSecurityInterface() call with early binding and
  link secur32 system DLL.
  The library and function are available in all supported curl Windows
  targets, meaning WinXP or newer. Add small hack for mingw32ce to
  make it build.

• detect and use if_nametoindex() on Windows when available. Link
  iphlpapi system DLL. Requires targeting Vista or newer.
  Replacing the dynamic call and the pre-load optimization for lib3026.

Suggested-by: Jay Satiro

---

• rebase on lib3026: drop DLL pre-load perf mitigation for old mingw #17414 once merged.
• rebase on windows: fix builds targeting WinXP, test it in CI #17415 once merged.
• rebase on GHA/windows: run tests in a WinXP build #17426 once merged.

[jay]

Also, do we need to dynamically load any of these libraries anymore, I have a Windows XP VM and I see them there, and some of them look really old I don't know how anyone would not have them at this point, the only thing that might be an issue is Windows CE which is being deprecated so I think maybe we can link to these libraries

curl/lib/curl_sspi.c

Lines 81 to 93 in 1c31498

	/* If security interface is not yet initialized try to do this */
	if(!Curl_hSecDll) {
	/* Security Service Provider Interface (SSPI) functions are located in
	* security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
	* have both these DLLs (security.dll forwards calls to secur32.dll) */
	/* Load SSPI dll into the address space of the calling process */
	if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
	Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
	else
	Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
	if(!Curl_hSecDll)
	return CURLE_FAILED_INIT;

$ git grep Curl_load_library
lib/curl_sspi.c:      Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
lib/curl_sspi.c:      Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
lib/system_win32.c:  s_hIpHlpApiDll = Curl_load_library(TEXT("iphlpapi.dll"));

[vszakats]

Also, do we need to dynamically load any of these libraries anymore, I have a Windows XP VM and I see them there, and some of them look really old I don't know how anyone would not have them at this point, the only thing that might be an issue is Windows CE which is being deprecated so I think maybe we can link to these libraries

curl/lib/curl_sspi.c

Lines 81 to 93 in 1c31498

	/* If security interface is not yet initialized try to do this */
	if(!Curl_hSecDll) {
	/* Security Service Provider Interface (SSPI) functions are located in
	* security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
	* have both these DLLs (security.dll forwards calls to secur32.dll) */
	/* Load SSPI dll into the address space of the calling process */
	if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
	Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
	else
	Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
	if(!Curl_hSecDll)
	return CURLE_FAILED_INIT;

$ git grep Curl_load_library
lib/curl_sspi.c:      Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
lib/curl_sspi.c:      Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
lib/system_win32.c:  s_hIpHlpApiDll = Curl_load_library(TEXT("iphlpapi.dll"));

As per a quick local search WinCE doesn't have security.dll, but that's
only loaded for WinNT 4.0 and newer, meaning it's never hit in WinCE builds.
That said, maybe this should not be a runtime check, because curl requires
WinXP as a minimum. At build time it can fall back to secur32.dll for WinCE.

Another thing to check is if these DLLs do actually export the functions
looked up, on all supported OS versions, i.e. InitSecurityInterface in
secur32 and if_nametoindex in iphlpapi. In many (most?) cases this
pattern is used to make binaries run seamlessly on older OS versions where
symbols may be absent.

[vszakats]

MS docs say that InitSecurityInterface is there since XP, so that's fine to make a static call:
https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initsecurityinterfacea

if_nametoindex was introduced in Vista:
https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-if_nametoindex

[vszakats]

The lib3026 load library calls were added in 856b133 #9412
to fix slow test runs. The commit says it's for legacy mingw. We no longer support that, but
the PR thread seems to suggest this applies to all MinGW. (possibly to all Windows builds regardless
of compiler.)

It pre-loads the DLLs to avoid Windows loading them on each curl_global_init() call, which is done
for all 100 threads in this test.

One call is gone in this PR by making the SSPI call non-dynamic.

To avoid the other one, an option is to make it a non-dynamic call when building for Vista or upper,
which would make this test fast on modern envs, including CI. It'd allow dropping the pre-load.
(edit: but that'd just add complexity, with almost zero advantage. edit2: it actually doesn't, because
the codepath was already present.)

[vszakats]

On a thorough re-read of #9412, the issue experienced (and mitigated via DLL pre-load)
was very slow execution of test3026 (meaning 15+ minutes), and only seen on old mingw,
which curl no longer supports. In current CI, with supported compilers, this test takes
a fraction of a second.

Attempt to address in #17414.

[vszakats]

@jay: Transformed this PR based on your suggestion to avoid loading DLLs dynamically
where possible. This means dropping the secur32 load, because XP has those
and that's the minimum curl requires. For the iphlpapi the dynamic call is necessary
when targeting pre-Vista, but for Vista and newer this PR now binds the DLL at link time
and drops the dynamic call. It also allowed to make the DLL load function static and omit
it from Vista+ builds. I've also added a WinXP build test to build the dynamic
codepath (though without running tests at this time).