Update On Mon Jan 20 19:32:49 CET 2025

shadowsocks-libev/src/aead.c

@@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen, c, clen, c + mlen, tlen);
+#else
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                              m, mlen, c, mlen + tlen, clen, tlen);
+#endif
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+#else
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                              m, mlen, p, mlen - tlen, plen, tlen);
+#endif
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key)
     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
     memset(cipher, 0, sizeof(cipher_t));
 
-    if (method >= CHACHA20POLY1305IETF) {
-        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
-        cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
-    } else {
-        cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
-    }
-
-    if (cipher->info == NULL && cipher->key_len == 0) {
+    if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) {
         LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]);
         FATAL("Cannot initialize cipher");
     }

shadowsocks-libev/src/crypto.c

@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else

shadowsocks-libev/src/crypto.h

@@ -97,7 +97,6 @@ typedef struct buffer {
 typedef struct {
     int method;
     int skey;
-    cipher_kt_t *info;
     size_t nonce_len;
     size_t key_len;
     size_t tag_len;

shadowsocks-libev/src/stream.c

@@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
     return 0;
 }
 
-int
-cipher_nonce_size(const cipher_t *cipher)
-{
-    if (cipher == NULL) {
-        return 0;
-    }
-    return cipher->info->iv_size;
-}
-
-int
-cipher_key_size(const cipher_t *cipher)
-{
-    /*
-     * Semi-API changes (technically public, morally prnonceate)
-     * Renamed a few headers to include _internal in the name. Those headers are
-     * not supposed to be included by users.
-     * Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
-     * Changed pk_info_t into an opaque structure.
-     * Changed cipher_base_t into an opaque structure.
-     */
-    if (cipher == NULL) {
-        return 0;
-    }
-    /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
-}
-
 const cipher_kt_t *
 stream_get_cipher_type(int method)
 {
@@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key)
     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
     memset(cipher, 0, sizeof(cipher_t));
 
-    if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
-        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
-        cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
-    } else {
-        cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
-    }
-
-    if (cipher->info == NULL && cipher->key_len == 0) {
+    if (method < SALSA20 && stream_get_cipher_type(method) == NULL) {
         LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]);
         FATAL("Cannot initialize cipher");
     }
 
     if (key != NULL)
-        cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher));
+        cipher->key_len = crypto_parse_key(key, cipher->key,
+                                           supported_stream_ciphers_key_size[method]);
     else
-        cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher));
+        cipher->key_len = crypto_derive_key(pass, cipher->key,
+                                            supported_stream_ciphers_key_size[method]);
 
     if (cipher->key_len == 0) {
         FATAL("Cannot generate key and NONCE");
     }
-    if (method == RC4_MD5) {
-        cipher->nonce_len = 16;
-    } else {
-        cipher->nonce_len = cipher_nonce_size(cipher);
-    }
+    cipher->nonce_len = supported_stream_ciphers_nonce_size[method];
     cipher->method = method;
 
     return cipher;