diff --git a/shadowsocks-libev/Makefile b/shadowsocks-libev/Makefile index 1df3a0835..0647c8f81 100644 --- a/shadowsocks-libev/Makefile +++ b/shadowsocks-libev/Makefile @@ -14,11 +14,14 @@ include $(TOPDIR)/rules.mk # PKG_NAME:=shadowsocks-libev PKG_VERSION:=3.3.5 -PKG_RELEASE:=12 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION) -PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488 +PKG_RELEASE:=13 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git +PKG_SOURCE_DATE:=2022-11-30 +PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254 +PKG_MIRROR_HASH:=6ff973af37c20cf0430f106d360b94b8b91df6dd8d7be3908ee84b5a86c3319f +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz PKG_MAINTAINER:=Yousong Zhou diff --git a/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch b/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch new file mode 100644 index 000000000..6dc1c5692 --- /dev/null +++ b/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch @@ -0,0 +1,152 @@ +From 8be7a7cb00b9540e9be05d409191b0bc1ba424f0 Mon Sep 17 00:00:00 2001 +From: notsure2 +Date: Mon, 11 Dec 2023 09:15:47 +0200 +Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on + the listening socket not the accepted socket. + +--- + src/local.c | 16 ++++++++-------- + src/redir.c | 16 ++++++++-------- + src/server.c | 16 ++++++++-------- + src/tunnel.c | 16 ++++++++-------- + 4 files changed, 32 insertions(+), 32 deletions(-) + +diff --git a/src/local.c b/src/local.c +index fa1ca7b..51f62c4 100644 +--- a/src/local.c ++++ b/src/local.c +@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const char *port) + } + } + ++ if (tcp_incoming_sndbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); ++ } ++ ++ if (tcp_incoming_rcvbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); ++ } ++ + s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); + if (s == 0) { + /* We managed to bind successfully! */ +@@ -1406,14 +1414,6 @@ accept_cb(EV_P_ ev_io *w, int revents) + setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); + #endif + +- if (tcp_incoming_sndbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); +- } +- +- if (tcp_incoming_rcvbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); +- } +- + server_t *server = new_server(serverfd); + server->listener = listener; + +diff --git a/src/redir.c b/src/redir.c +index d36fe3f..86b7238 100644 +--- a/src/redir.c ++++ b/src/redir.c +@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const char *port) + LOGI("tcp tproxy mode enabled"); + } + ++ if (tcp_incoming_sndbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); ++ } ++ ++ if (tcp_incoming_rcvbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); ++ } ++ + s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); + if (s == 0) { + /* We managed to bind successfully! */ +@@ -759,14 +767,6 @@ accept_cb(EV_P_ ev_io *w, int revents) + setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); + #endif + +- if (tcp_incoming_sndbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); +- } +- +- if (tcp_incoming_rcvbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); +- } +- + int index = rand() % listener->remote_num; + struct sockaddr *remote_addr = listener->remote_addr[index]; + +diff --git a/src/server.c b/src/server.c +index 73b6599..ef347a5 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -620,6 +620,14 @@ create_and_bind(const char *host, const char *port, int mptcp) + } + } + ++ if (tcp_incoming_sndbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); ++ } ++ ++ if (tcp_incoming_rcvbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); ++ } ++ + // Enable out-of-tree mptcp + if (mptcp == 1) { + int i = 0; +@@ -1769,14 +1777,6 @@ accept_cb(EV_P_ ev_io *w, int revents) + setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); + #endif + +- if (tcp_incoming_sndbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); +- } +- +- if (tcp_incoming_rcvbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); +- } +- + setnonblocking(serverfd); + + server_t *server = new_server(serverfd, listener); +diff --git a/src/tunnel.c b/src/tunnel.c +index 99ed412..9f0dd57 100644 +--- a/src/tunnel.c ++++ b/src/tunnel.c +@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const char *port) + } + } + ++ if (tcp_incoming_sndbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); ++ } ++ ++ if (tcp_incoming_rcvbuf > 0) { ++ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); ++ } ++ + s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); + if (s == 0) { + /* We managed to bind successfully! */ +@@ -725,14 +733,6 @@ accept_cb(EV_P_ ev_io *w, int revents) + setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); + #endif + +- if (tcp_incoming_sndbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); +- } +- +- if (tcp_incoming_rcvbuf > 0) { +- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); +- } +- + int index = rand() % listener->remote_num; + struct sockaddr *remote_addr = listener->remote_addr[index]; + +-- +2.39.5 + diff --git a/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch b/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch deleted file mode 100644 index 7ec24650a..000000000 --- a/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch +++ /dev/null @@ -1,200 +0,0 @@ -From c2bdb9847e374331a4f1c8fcd3d93e0b57d4c6fc Mon Sep 17 00:00:00 2001 -From: Zxl hhyccc -Date: Sun, 7 Jul 2024 17:08:27 +0800 -Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -*** The added patch is available in 'mbedtls 3.6 version'. - -*** fix *clen += tlen; may cause potential bounds error. - -Co-authored-by: Lu jicong -Signed-off-by: Zxl hhyccc ---- - m4/mbedtls.m4 | 20 +++++++++++++++++++ - src/aead.c | 17 ++++++++++++++++ - src/crypto.c | 2 +- - src/stream.c | 17 ++++++++++++++++ - - 4 files changed, 55 insertions(+), 1 deletion(-) - ---- a/m4/mbedtls.m4 -+++ b/m4/mbedtls.m4 -@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_CIPHER_MODE_CFB -@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_ARC4_C -@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_BLOWFISH_C -@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_CAMELLIA_C ---- a/src/aead.c -+++ b/src/aead.c -@@ -178,9 +178,14 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, - case AES192GCM: - case AES128GCM: - -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen, c, clen, c + mlen, tlen); - *clen += tlen; -+#else -+ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, -+ m, mlen, c, mlen + tlen, clen, tlen); -+#endif - break; - case CHACHA20POLY1305IETF: - err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen, -@@ -226,8 +231,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, - // Otherwise, just use the mbedTLS one with crappy AES-NI. - case AES192GCM: - case AES128GCM: -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen - tlen, p, plen, m + mlen - tlen, tlen); -+#else -+ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, -+ m, mlen, p, mlen - tlen, plen, tlen); -+#endif - break; - case CHACHA20POLY1305IETF: - err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, -@@ -724,9 +734,26 @@ aead_key_init(int method, const char *pass, const char *key) - if (method >= CHACHA20POLY1305IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; -+#else -+ cipher->info->private_base_idx = 0; -+ -+#ifdef MBEDTLS_KEY_BITLEN_SHIFT -+ cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT; -+#else -+ cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8; -+#endif -+ -+#ifdef MBEDTLS_IV_SIZE_SHIFT -+ cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT; -+#else -+ cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method]; -+#endif -+ -+#endif - } else { - cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); - } ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) - if (md == NULL) { - md = m; - } --#if MBEDTLS_VERSION_NUMBER >= 0x02070000 -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 - if (mbedtls_md5_ret(d, n, md) != 0) - FATAL("Failed to calculate MD5"); - #else ---- a/src/stream.c -+++ b/src/stream.c -@@ -174,7 +174,11 @@ cipher_nonce_size(const cipher_t *cipher) - if (cipher == NULL) { - return 0; - } -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - return cipher->info->iv_size; -+#else -+ return (int)mbedtls_cipher_info_get_iv_size(cipher->info); -+#endif - } - - int -@@ -192,7 +196,11 @@ cipher_key_size(const cipher_t *cipher) - return 0; - } - /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - return cipher->info->key_bitlen / 8; -+#else -+ return (int)mbedtls_cipher_info_get_key_bitlen(cipher->info) / 8; -+#endif - } - - const cipher_kt_t * -@@ -645,9 +653,26 @@ stream_key_init(int method, const char *pass, const char *key) - if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; -+#else -+ cipher->info->private_base_idx = 0; -+ -+#ifdef MBEDTLS_KEY_BITLEN_SHIFT -+ cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT; -+#else -+ cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8; -+#endif -+ -+#ifdef MBEDTLS_IV_SIZE_SHIFT -+ cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT; -+#else -+ cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method]; -+#endif -+ -+#endif - } else { - cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); - } --- -2.17.1 diff --git a/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch b/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch new file mode 100644 index 000000000..9616ee9e4 --- /dev/null +++ b/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch @@ -0,0 +1,232 @@ +From 2b33e8e6778db08624dbf8ec6fe1e8f7b1a4bee8 Mon Sep 17 00:00:00 2001 +From: Lu jicong +Date: Fri, 10 Jan 2025 22:05:31 +0800 +Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue + +Fix mbedtls 3.6 compatibility + +Co-authored-by: Zxl hhyccc +Signed-off-by: Lu jicong +--- + m4/mbedtls.m4 | 20 ++++++++++++++++++++ + src/aead.c | 23 +++++++++++------------ + src/crypto.c | 2 +- + src/crypto.h | 1 - + src/stream.c | 51 ++++++--------------------------------------------- + 5 files changed, 38 insertions(+), 59 deletions(-) + +diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4 +index 2c478b9..a795790 100644 +--- a/m4/mbedtls.m4 ++++ b/m4/mbedtls.m4 +@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ ++#include ++#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ++#include ++#else + #include ++#endif + ]], + [[ + #ifndef MBEDTLS_CIPHER_MODE_CFB +@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ ++#include ++#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ++#include ++#else + #include ++#endif + ]], + [[ + #ifndef MBEDTLS_ARC4_C +@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ ++#include ++#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ++#include ++#else + #include ++#endif + ]], + [[ + #ifndef MBEDTLS_BLOWFISH_C +@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ ++#include ++#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ++#include ++#else + #include ++#endif + ]], + [[ + #ifndef MBEDTLS_CAMELLIA_C +diff --git a/src/aead.c b/src/aead.c +index 358ec93..73349da 100644 +--- a/src/aead.c ++++ b/src/aead.c +@@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, + // Otherwise, just use the mbedTLS one with crappy AES-NI. + case AES192GCM: + case AES128GCM: +- ++#if MBEDTLS_VERSION_NUMBER < 0x03000000 + err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, clen, c + mlen, tlen); ++#else ++ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, ++ m, mlen, c, mlen + tlen, clen, tlen); ++#endif + *clen += tlen; + break; + case CHACHA20POLY1305IETF: +@@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, + // Otherwise, just use the mbedTLS one with crappy AES-NI. + case AES192GCM: + case AES128GCM: ++#if MBEDTLS_VERSION_NUMBER < 0x03000000 + err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen - tlen, p, plen, m + mlen - tlen, tlen); ++#else ++ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, ++ m, mlen, p, mlen - tlen, plen, tlen); ++#endif + break; + case CHACHA20POLY1305IETF: + err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, +@@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key) + cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); + memset(cipher, 0, sizeof(cipher_t)); + +- if (method >= CHACHA20POLY1305IETF) { +- cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); +- cipher->info = cipher_info; +- cipher->info->base = NULL; +- cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; +- cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; +- } else { +- cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); +- } +- +- if (cipher->info == NULL && cipher->key_len == 0) { ++ if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) { + LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]); + FATAL("Cannot initialize cipher"); + } +diff --git a/src/crypto.c b/src/crypto.c +index b44d867..76c426b 100644 +--- a/src/crypto.c ++++ b/src/crypto.c +@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) + if (md == NULL) { + md = m; + } +-#if MBEDTLS_VERSION_NUMBER >= 0x02070000 ++#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 + if (mbedtls_md5_ret(d, n, md) != 0) + FATAL("Failed to calculate MD5"); + #else +diff --git a/src/crypto.h b/src/crypto.h +index 1791551..7070793 100644 +--- a/src/crypto.h ++++ b/src/crypto.h +@@ -97,7 +97,6 @@ typedef struct buffer { + typedef struct { + int method; + int skey; +- cipher_kt_t *info; + size_t nonce_len; + size_t key_len; + size_t tag_len; +diff --git a/src/stream.c b/src/stream.c +index 35d9050..b2e2cea 100644 +--- a/src/stream.c ++++ b/src/stream.c +@@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, + return 0; + } + +-int +-cipher_nonce_size(const cipher_t *cipher) +-{ +- if (cipher == NULL) { +- return 0; +- } +- return cipher->info->iv_size; +-} +- +-int +-cipher_key_size(const cipher_t *cipher) +-{ +- /* +- * Semi-API changes (technically public, morally prnonceate) +- * Renamed a few headers to include _internal in the name. Those headers are +- * not supposed to be included by users. +- * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). +- * Changed pk_info_t into an opaque structure. +- * Changed cipher_base_t into an opaque structure. +- */ +- if (cipher == NULL) { +- return 0; +- } +- /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ +- return cipher->info->key_bitlen / 8; +-} +- + const cipher_kt_t * + stream_get_cipher_type(int method) + { +@@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key) + cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); + memset(cipher, 0, sizeof(cipher_t)); + +- if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { +- cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); +- cipher->info = cipher_info; +- cipher->info->base = NULL; +- cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; +- cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; +- } else { +- cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); +- } +- +- if (cipher->info == NULL && cipher->key_len == 0) { ++ if (method < SALSA20 && stream_get_cipher_type(method) == NULL) { + LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]); + FATAL("Cannot initialize cipher"); + } + + if (key != NULL) +- cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher)); ++ cipher->key_len = crypto_parse_key(key, cipher->key, ++ supported_stream_ciphers_key_size[method]); + else +- cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher)); ++ cipher->key_len = crypto_derive_key(pass, cipher->key, ++ supported_stream_ciphers_key_size[method]); + + if (cipher->key_len == 0) { + FATAL("Cannot generate key and NONCE"); + } +- if (method == RC4_MD5) { +- cipher->nonce_len = 16; +- } else { +- cipher->nonce_len = cipher_nonce_size(cipher); +- } ++ cipher->nonce_len = supported_stream_ciphers_nonce_size[method]; + cipher->method = method; + + return cipher; +-- +2.39.5 +