From 71c30b31f34f181c02410612e51e1c03ee4f311f Mon Sep 17 00:00:00 2001 From: Linus Yang Date: Mon, 11 Nov 2013 16:49:34 +0800 Subject: [PATCH] Fix MinGW PolarSSL build and update readme --- README.md | 30 +++++++++++++++++++++++++++--- configure | 2 +- configure.ac | 2 +- src/encrypt.c | 19 ++++++++++++++++--- src/encrypt.h | 4 ++++ src/utils.c | 2 +- 6 files changed, 50 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ae795032..d26e37b3 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ Features Shadowsocks-libev is writen in pure C and only depends on [libev](http://software.schmorp.de/pkg/libev.html) and -[openssl](http://www.openssl.org/). +[openssl](http://www.openssl.org/) or [polarssl](https://polarssl.org/). In normal usage, the memory consumption is about 600KB and the CPU utilization is no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, @@ -64,6 +64,10 @@ no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU Installation ------------ +__Note__: Default crypto library is OpenSSL. To build against PolarSSL, +specify `--with-crypto-library=polarssl` and `--with-polarssl=/path/to/polarssl` +when running `./configure`. + ### Linux For Unix-like systems, especially Debian-based systems, @@ -129,9 +133,11 @@ make V=99 package/shadowsocks-libev/openwrt/compile For Windows, use either MinGW (msys) or Cygwin to build. At the moment, only `ss-local` is supported to build against MinGW (msys). -If you are using MinGW (msys), please download OpenSSL source tarball +If you are using MinGW (msys), please download OpenSSL or PolarSSL source tarball to the home directory of msys, and build it like this (may take a few minutes): +* OpenSSL + ```bash tar zxf openssl-1.0.1e.tar.gz cd openssl-1.0.1e @@ -139,14 +145,32 @@ cd openssl-1.0.1e make && make install ``` +* PolarSSL + +```bash +tar zxf polarssl-1.3.2-gpl.tgz +cd polarssl-1.3.2 +make lib WINDOWS=1 +make install DESTDIR="$HOME/prebuilt" +``` + Then, build the binary using the commands below, and all `.exe` files will be built at `$HOME/ss/bin`: +* OpenSSL + ```bash ./configure --prefix="$HOME/ss" --with-openssl="$HOME/prebuilt" make && make install ``` +* PolarSSL + +```bash +./configure --prefix="$HOME/ss" --with-crypto-library=polarssl --with-polarssl=$HOME/prebuilt +make && make install +``` + Usage ----- @@ -156,7 +180,7 @@ usage: ss-[local|redir|server] -s host name or ip address of your remote server -p port number of your remote server - -l > port number of your local server + -l port number of your local server -k password of your remote server [-m ] encrypt method, supporting table, rc4, diff --git a/configure b/configure index 0a472de2..e048b227 100755 --- a/configure +++ b/configure @@ -12740,7 +12740,7 @@ fi case $host in *-mingw*) - LIBS="$LIBS -lgdi32 -lws2_32" + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" ;; *) ;; diff --git a/configure.ac b/configure.ac index c8331f93..e301f65e 100755 --- a/configure.ac +++ b/configure.ac @@ -37,7 +37,7 @@ m4_include([libev/libev.m4]) dnl Add library for mingw case $host in *-mingw*) - LIBS="$LIBS -lgdi32 -lws2_32" + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" ;; *) ;; diff --git a/src/encrypt.c b/src/encrypt.c index 417db3e0..c11587d6 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -3,19 +3,26 @@ #endif #include + #if defined(USE_CRYPTO_OPENSSL) + #include #include + #elif defined(USE_CRYPTO_POLARSSL) + #include #include #include +#include #define CIPHER_UNSUPPORTED "unsupported" + #endif #include #ifdef _WIN32 #include +#include #else #include #endif @@ -371,7 +378,9 @@ int rand_bytes(uint8_t *output, int len) #endif entropy_init(&ec); if (ctr_drbg_init(&cd_ctx, entropy_func, &ec, (const unsigned char *) rand_buffer.buffer, 8) != 0) { +#if POLARSSL_VERSION_NUMBER >= 0x01030000 entropy_free(&ec); +#endif FATAL("Failed to initialize random generator"); } rand_initialised = 1; @@ -460,9 +469,6 @@ void cipher_context_init(cipher_ctx_t *evp, int method, int enc) if (cipher_init_ctx(evp, cipher) != 0) { FATAL("Cannot initialize PolarSSL cipher context"); } - if (method > RC4) { - cipher_set_padding_mode(evp, POLARSSL_PADDING_PKCS7); - } #endif } @@ -485,6 +491,7 @@ void cipher_context_set_iv(cipher_ctx_t *evp, uint8_t *iv, size_t iv_len, int en cipher_free_ctx(evp); FATAL("Cannot set PolarSSL cipher key"); } +#if POLARSSL_VERSION_NUMBER >= 0x01030000 if (cipher_set_iv(evp, iv, iv_len) != 0) { cipher_free_ctx(evp); FATAL("Cannot set PolarSSL cipher IV"); @@ -493,6 +500,12 @@ void cipher_context_set_iv(cipher_ctx_t *evp, uint8_t *iv, size_t iv_len, int en cipher_free_ctx(evp); FATAL("Cannot finalize PolarSSL cipher context"); } +#else + if(cipher_reset(evp, iv) != 0) { + cipher_free_ctx(evp); + FATAL("Cannot set PolarSSL cipher IV"); + } +#endif #endif #ifdef DEBUG dump("IV", iv); diff --git a/src/encrypt.h b/src/encrypt.h index 202b6553..c940a9f9 100644 --- a/src/encrypt.h +++ b/src/encrypt.h @@ -22,6 +22,7 @@ #include #if defined(USE_CRYPTO_OPENSSL) + #include typedef EVP_CIPHER cipher_kt_t; typedef EVP_CIPHER_CTX cipher_ctx_t; @@ -29,7 +30,9 @@ typedef EVP_MD digest_type_t; #define MAX_KEY_LENGTH EVP_MAX_KEY_LENGTH #define MAX_IV_LENGTH EVP_MAX_IV_LENGTH #define MAX_MD_SIZE EVP_MAX_MD_SIZE + #elif defined(USE_CRYPTO_POLARSSL) + #include #include typedef cipher_info_t cipher_kt_t; @@ -38,6 +41,7 @@ typedef md_info_t digest_type_t; #define MAX_KEY_LENGTH 64 #define MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH #define MAX_MD_SIZE POLARSSL_MD_MAX_SIZE + #endif #ifdef HAVE_STDINT_H diff --git a/src/utils.c b/src/utils.c index a575d90f..61c24279 100644 --- a/src/utils.c +++ b/src/utils.c @@ -83,7 +83,7 @@ void usage() printf(" ss-[local|redir|server]\n"); printf(" -s host name or ip address of your remote server\n"); printf(" -p port number of your remote server\n"); - printf(" -l > port number of your local server\n"); + printf(" -l port number of your local server\n"); printf(" -k password of your remote server\n"); printf("\n"); printf(" [-m ] encrypt method, supporting table, rc4,\n");