* Revert GnuTLS back to openssl, since GnuTLS is too hard to get working on

  Windows

2 files changed, 102 insertions, 37 deletions

diff --git a/src/general.c b/src/general.c
index 8f9996a..9904e5a 100644
--- a/src/general.c
+++ b/src/general.c
@@ -25,10 +25,13 @@
  ************************************************************************** **/
 
 #include <ctype.h>
-#include <errno.h> // For gcrypt, which should include it itself
-#include <gcrypt.h>
+#include <openssl/crypto.h>
+#define OPENSSL_THREAD_DEFINES
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_THREADS
+#error "Threading support required in OpenSSL library, but not provided"
+#endif
 #include <pthread.h>
-#include <stdlib.h> // For gcrypt, which should include it itself
 #include <string.h>
 #include "request.h"
 #include "simplexml.h"
@@ -36,8 +39,71 @@
 
 static int initializeCountG = 0;
 
-// libgcrypt macro which generates boilerplate for using pthreads
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+typedef pthread_mutex_t CRYPTO_dynlock_value;
+
+static pthread_mutex_t *pLocksG;
+
+
+static unsigned long id_callback()
+{
+    return (unsigned long) pthread_self();
+}
+
+
+static void locking_callback(int mode, int index, const char *file, int line)
+{
+    if (mode & CRYPTO_LOCK) {
+        pthread_mutex_lock(&(pLocksG[index]));
+    }
+    else {
+        pthread_mutex_unlock(&(pLocksG[index]));
+    }
+}
+
+
+static struct CRYPTO_dynlock_value *dynlock_create(const char *file, int line)
+{
+    pthread_mutex_t *ret = (pthread_mutex_t *) malloc(sizeof(pthread_mutex_t));
+    pthread_mutex_init(ret, 0);
+    return (struct CRYPTO_dynlock_value *) ret;
+}
+
+
+static void dynlock_lock(int mode, struct CRYPTO_dynlock_value *pLock,
+                         const char *file, int line)
+{
+    if (mode & CRYPTO_LOCK) {
+        pthread_mutex_lock((pthread_mutex_t *) pLock);
+    }
+    else {
+        pthread_mutex_unlock((pthread_mutex_t *) pLock);
+    }
+}
+
+
+static void dynlock_destroy(struct CRYPTO_dynlock_value *pLock,
+                            const char *file, int line)
+{
+    pthread_mutex_destroy((pthread_mutex_t *) pLock);
+    free(pLock);
+}
+
+
+static void deinitialize_locks()
+{
+    CRYPTO_set_dynlock_destroy_callback(NULL);
+    CRYPTO_set_dynlock_lock_callback(NULL);
+    CRYPTO_set_dynlock_create_callback(NULL);
+    CRYPTO_set_locking_callback(NULL);
+    CRYPTO_set_id_callback(NULL);
+
+    int count = CRYPTO_num_locks();
+    for (int i = 0; i < count; i++) {
+        pthread_mutex_destroy(&(pLocksG[i]));
+    }
+
+    free(pLocksG);
+}
 
 
 S3Status S3_initialize(const char *userAgentInfo, int flags)
@@ -46,13 +112,31 @@ S3Status S3_initialize(const char *userAgentInfo, int flags)
         return S3StatusOK;
     }
 
-    if (flags & S3_INIT_GCRYPT) {
-        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-        gcry_control(GCRYCTL_DISABLE_SECMEM);
-        gcry_check_version(0);
+    /* As required by the openssl library for thread support */
+    int count = CRYPTO_num_locks(), i;
+    
+    if (!(pLocksG = 
+          (pthread_mutex_t *) malloc(count * sizeof(pthread_mutex_t)))) {
+        return S3StatusOutOfMemory;
+    }
+
+    for (i = 0; i < count; i++) {
+        pthread_mutex_init(&(pLocksG[i]), 0);
     }
 
-    return request_api_initialize(userAgentInfo, flags);
+    CRYPTO_set_id_callback(&id_callback);
+    CRYPTO_set_locking_callback(&locking_callback);
+    CRYPTO_set_dynlock_create_callback(dynlock_create);
+    CRYPTO_set_dynlock_lock_callback(dynlock_lock);
+    CRYPTO_set_dynlock_destroy_callback(dynlock_destroy);
+
+    S3Status status = request_api_initialize(userAgentInfo, flags);
+    if (status != S3StatusOK) {
+        deinitialize_locks();
+        return status;
+    }
+
+    return S3StatusOK;
 }
 
 
@@ -63,6 +147,8 @@ void S3_deinitialize()
     }
 
     request_api_deinitialize();
+
+    deinitialize_locks();
 }
 
 const char *S3_get_status_name(S3Status status)
diff --git a/src/request.c b/src/request.c
index 4249243..293c97a 100644
--- a/src/request.c
+++ b/src/request.c
@@ -25,7 +25,7 @@
  ************************************************************************** **/
 
 #include <ctype.h>
-#include <gcrypt.h>
+#include <openssl/hmac.h>
 #include <pthread.h>
 #include <stdlib.h>
 #include <string.h>
@@ -705,39 +705,18 @@ static S3Status compose_auth_header(const RequestParams *params,
 
     signbuf_append("%s", values->canonicalizedResource);
 
-    // Generate a SHA-1 of the signbuf
+    // Generate an HMAC-SHA-1 of the signbuf
 
-    // Message Digest handle
-    gcry_md_hd_t mdh;
+    unsigned int md_len;
+    unsigned char md[EVP_MAX_MD_SIZE];
 
-    // "Open" the Message Digest Handle - SHA-1 with HMAC feature
-    if (gcry_md_open
-        (&mdh, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) {
-        return S3StatusInternalError;
-    }
-
-    // Set the key that will be used with the HMAC feature
-    if (gcry_md_setkey
-        (mdh, params->secretAccessKey, 
-         strlen(params->secretAccessKey)) != GPG_ERR_NO_ERROR) {
-        gcry_md_close(mdh);
-        return S3StatusInternalError;
-    }
-
-    // Specify the signbuf data to compute SHA-1 of
-    gcry_md_write(mdh, signbuf, len);
-
-    // Get the results
-    unsigned int md_len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-    unsigned char *md = gcry_md_read(mdh, GCRY_MD_SHA1);
+    HMAC(EVP_sha1(), params->secretAccessKey, strlen(params->secretAccessKey),
+         (unsigned char *) signbuf, len, md, &md_len);
 
     // Now base-64 encode the results
     unsigned char b64[((md_len + 1) * 4) / 3];
     int b64Len = base64Encode(md, md_len, b64);
 
-    // Be sure to release the Message Digest handle
-    gcry_md_close(mdh);
-
     snprintf(values->authorizationHeader, sizeof(values->authorizationHeader),
              "Authorization: AWS %s:%.*s", params->accessKeyId, b64Len, b64);