Fix MinGW PolarSSL build and update readme

README.md

@@ -55,7 +55,7 @@ Features
 
 Shadowsocks-libev is writen in pure C and only depends on
 [libev](http://software.schmorp.de/pkg/libev.html) and 
-[openssl](http://www.openssl.org/).
+[openssl](http://www.openssl.org/) or [polarssl](https://polarssl.org/).
 
 In normal usage, the memory consumption is about 600KB and the CPU utilization is 
 no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, 
@@ -64,6 +64,10 @@ no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU
 Installation
 ------------
 
+__Note__: Default crypto library is OpenSSL. To build against PolarSSL,
+specify `--with-crypto-library=polarssl` and  `--with-polarssl=/path/to/polarssl`
+when running `./configure`.
+
 ### Linux
 
 For Unix-like systems, especially Debian-based systems, 
@@ -129,9 +133,11 @@ make V=99 package/shadowsocks-libev/openwrt/compile
 For Windows, use either MinGW (msys) or Cygwin to build.
 At the moment, only `ss-local` is supported to build against MinGW (msys).
 
-If you are using MinGW (msys), please download OpenSSL source tarball
+If you are using MinGW (msys), please download OpenSSL or PolarSSL source tarball
 to the home directory of msys, and build it like this (may take a few minutes):
 
+* OpenSSL
+
 ```bash
 tar zxf openssl-1.0.1e.tar.gz
 cd openssl-1.0.1e
@@ -139,14 +145,32 @@ cd openssl-1.0.1e
 make && make install
 ```
 
+* PolarSSL
+
+```bash
+tar zxf polarssl-1.3.2-gpl.tgz
+cd polarssl-1.3.2
+make lib WINDOWS=1
+make install DESTDIR="$HOME/prebuilt"
+```
+
 Then, build the binary using the commands below, and all `.exe` files 
 will be built at `$HOME/ss/bin`:
 
+* OpenSSL
+
 ```bash
 ./configure --prefix="$HOME/ss" --with-openssl="$HOME/prebuilt"
 make && make install
 ```
 
+* PolarSSL
+
+```bash
+./configure --prefix="$HOME/ss" --with-crypto-library=polarssl --with-polarssl=$HOME/prebuilt
+make && make install
+```
+
 Usage
 -----
 
@@ -156,7 +180,7 @@ usage:
 ss-[local|redir|server]
       -s <server_host>           host name or ip address of your remote server
       -p <server_port>           port number of your remote server
-      -l <local_port>>           port number of your local server
+      -l <local_port>            port number of your local server
       -k <password>              password of your remote server
 
       [-m <encrypt_method>]      encrypt method, supporting table, rc4,

configure

@@ -12740,7 +12740,7 @@ fi
 
 case $host in
   *-mingw*)
-    LIBS="$LIBS -lgdi32 -lws2_32"
+    LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
     ;;
   *)
     ;;

configure.ac

@@ -37,7 +37,7 @@ m4_include([libev/libev.m4])
 dnl Add library for mingw
 case $host in
   *-mingw*)
-    LIBS="$LIBS -lgdi32 -lws2_32"
+    LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
     ;;
   *)
     ;;

src/encrypt.c

@@ -3,19 +3,26 @@
 #endif
 
 #include <stdint.h>
+
 #if defined(USE_CRYPTO_OPENSSL)
+
 #include <openssl/md5.h>
 #include <openssl/rand.h>
+
 #elif defined(USE_CRYPTO_POLARSSL)
+
 #include <polarssl/md5.h>
 #include <polarssl/entropy.h>
 #include <polarssl/ctr_drbg.h>
+#include <polarssl/version.h>
 #define CIPHER_UNSUPPORTED "unsupported"
+
 #endif
 
 #include <time.h>
 #ifdef _WIN32
 #include <windows.h>
+#include <wincrypt.h>
 #else
 #include <stdio.h>
 #endif
@@ -371,7 +378,9 @@ int rand_bytes(uint8_t *output, int len)
 #endif
         entropy_init(&ec);
         if (ctr_drbg_init(&cd_ctx, entropy_func, &ec, (const unsigned char *) rand_buffer.buffer, 8) != 0) {
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
             entropy_free(&ec);
+#endif
             FATAL("Failed to initialize random generator");
         }
         rand_initialised = 1;
@@ -460,9 +469,6 @@ void cipher_context_init(cipher_ctx_t *evp, int method, int enc)
     if (cipher_init_ctx(evp, cipher) != 0) {
         FATAL("Cannot initialize PolarSSL cipher context");
     }
-    if (method > RC4) {
-        cipher_set_padding_mode(evp, POLARSSL_PADDING_PKCS7);
-    }
 #endif
 }
 
@@ -485,6 +491,7 @@ void cipher_context_set_iv(cipher_ctx_t *evp, uint8_t *iv, size_t iv_len, int en
         cipher_free_ctx(evp);
         FATAL("Cannot set PolarSSL cipher key");
     }
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
     if (cipher_set_iv(evp, iv, iv_len) != 0) {
         cipher_free_ctx(evp);
         FATAL("Cannot set PolarSSL cipher IV");
@@ -493,6 +500,12 @@ void cipher_context_set_iv(cipher_ctx_t *evp, uint8_t *iv, size_t iv_len, int en
         cipher_free_ctx(evp);
         FATAL("Cannot finalize PolarSSL cipher context");
     }
+#else
+    if(cipher_reset(evp, iv) != 0) {
+        cipher_free_ctx(evp);
+        FATAL("Cannot set PolarSSL cipher IV");
+    }
+#endif
 #endif
 #ifdef DEBUG
     dump("IV", iv);

src/encrypt.h

@@ -22,6 +22,7 @@
 #include <stdio.h>
 
 #if defined(USE_CRYPTO_OPENSSL)
+
 #include <openssl/evp.h>
 typedef EVP_CIPHER cipher_kt_t;
 typedef EVP_CIPHER_CTX cipher_ctx_t;
@@ -29,7 +30,9 @@ typedef EVP_MD digest_type_t;
 #define MAX_KEY_LENGTH EVP_MAX_KEY_LENGTH
 #define MAX_IV_LENGTH EVP_MAX_IV_LENGTH
 #define MAX_MD_SIZE EVP_MAX_MD_SIZE
+
 #elif defined(USE_CRYPTO_POLARSSL)
+
 #include <polarssl/cipher.h>
 #include <polarssl/md.h>
 typedef cipher_info_t cipher_kt_t;
@@ -38,6 +41,7 @@ typedef md_info_t digest_type_t;
 #define MAX_KEY_LENGTH 64
 #define MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH
 #define MAX_MD_SIZE POLARSSL_MD_MAX_SIZE
+
 #endif
 
 #ifdef HAVE_STDINT_H

src/utils.c

@@ -83,7 +83,7 @@ void usage()
     printf("    ss-[local|redir|server]\n");
     printf("          -s <server_host>           host name or ip address of your remote server\n");       
     printf("          -p <server_port>           port number of your remote server\n");
-    printf("          -l <local_port>>           port number of your local server\n");
+    printf("          -l <local_port>            port number of your local server\n");
     printf("          -k <password>              password of your remote server\n");
     printf("\n");
     printf("          [-m <encrypt_method>]      encrypt method, supporting table, rc4,\n");