用最新版的openwrt官方源码编译时候报错 about helloworld HOT 40 OPEN

在编译包中有patches文件夹，把补丁放进去即可。

from helloworld.

那个请教一下，官方nftable的话要特别配置才能用吗？

from helloworld.

一周前编译还一点问题没有。今天拉取了最新的源码报错“shadowsocks-libev failed to build”，信息如下： 2024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 22024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 2

.config没有变过

我也出一样的问题了，解决了的话说一下怎么解决的。

from helloworld.

make[3] -C package/utils/f2fs-tools compile
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[3] -C package/utils/f2fs-tools compile
make -r world: build failed. Please re-run make with -j1 V=s or V=sc for a higher verbosity level to see what's going on
make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 1

报错

from helloworld.

configure: error: MBEDTLS_CIPHER_MODE_CFB required
make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#13.92#0.54#15.27
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/workdir/openwrt'
make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/workdir/openwrt'
make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 2

from helloworld.

官方master分支？

from helloworld.

官方master分支？

/immortalwrt/immortalwrt

from helloworld.

/immortalwrt/immortalwrt

看报错提示，你配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。

from helloworld.

官方master分支？

是的 我用的是官方master

from helloworld.

@Aggrandiz 配置了MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗？

from helloworld.

是的 我用的是官方master

配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖，问题引起的是mbedtls更新到3.6.0版本。

from helloworld.

/immortalwrt/immortalwrt

看报错提示，你配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。

谢谢我试试

from helloworld.

@Aggrandiz 配置了MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗？

明天搞

from helloworld.

谢谢我试试

如果不行，把Makefile里的：

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
```
**改成：**
```
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2

试试！

from helloworld.

@copycodetest 可以了吗？

from helloworld.

checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for thread local storage (TLS) class... __thread
checking for mbedtls_cipher_setup in -lmbedcrypto... yes
checking whether mbedtls supports Cipher Feedback mode or not... configure: error: MBEDTLS_CIPHER_MODE_CFB required
make[3]: *** [Makefile:130: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#8.19#2.29#11.09
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/home/udb/openwrt'
make[1]: *** [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/udb/openwrt'
make: *** [/home/udb/openwrt/include/toplevel.mk:233：world] 错误 2

from helloworld.

谢谢我试试

如果不行，把Makefile里的：

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488

改成：

PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2

试试！

make[3]: *** [Makefile:132: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#11.22#3.41#24.41
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/home/udb/openwrt'
make[1]: *** [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/udb/openwrt'
make: *** [/home/udb/openwrt/include/toplevel.mk:233：world] 错误 2

from helloworld.

mbedtls 降低版本即可

from helloworld.

mbedtls 降低版本即可

你好，请问下具体该如何降低版本？

from helloworld.

你好，请问下具体该如何降低版本？

openwrt/openwrt@adc2920

官方3.60版本取消了mbedtls_aead_cipher_decrypt和mbedtls_cipher_auth_encrypt导致！

from helloworld.

打了下面的补丁：

diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
index 2c478b9..e85be4b 100644
--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
diff --git a/src/crypto.c b/src/crypto.c
index b44d867..3e76aff 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -104,7 +104,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
         md = m;
     }
 #if MBEDTLS_VERSION_NUMBER >= 0x02070000
-    if (mbedtls_md5_ret(d, n, md) != 0)
+    if (mbedtls_md5(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
     mbedtls_md5(d, n, md);
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,7 +178,7 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen, c, clen, c + mlen, tlen);
         *clen += tlen;
         break;
@@ -226,7 +226,7 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:

现在卡在这里了：

o './'`aead.c
aead.c: In function 'aead_cipher_encrypt':
aead.c:182:55: error: passing argument 9 of 'mbedtls_cipher_auth_encrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
  182 |                                           m, mlen, c, clen, c + mlen, tlen);
      |                                                       ^~~~
      |                                                       |
      |                                                       size_t * {aka long unsigned int *}
In file included from crypto.h:43,
                 from aead.h:26,
                 from aead.c:39:
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1110:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
 1110 |                                unsigned char *output, size_t output_len,
      |                                                       ~~~~~~~^~~~~~~~~~

aead.c:182:63: error: passing argument 10 of 'mbedtls_cipher_auth_encrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
  182 |                                          m, mlen, c, clen, c + mlen, tlen);
      |                                                            ~~^~~~~~
      |                                                              |
      |                                                              uint8_t * {aka unsigned char *}

/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1111:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
 1111 |                                     size_t *olen, size_t tag_len);
      |                                     ~~~~~~~~^~~~
aead.c: In function 'aead_cipher_decrypt':
aead.c:230:62: error: passing argument 9 of 'mbedtls_cipher_auth_decrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
  230 |                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
      |                                                              ^~~~
      |                                                              |
      |                                                              size_t * {aka long unsigned int *}
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1166:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
 1166 |                                unsigned char *output, size_t output_len,
      |                                                       ~~~~~~~^~~~~~~~~~

aead.c:230:77: error: passing argument 10 of 'mbedtls_cipher_auth_decrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
  230 |                            m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
      |                                                     ~~~~~~~~~^~~~~~
      |                                                              |
      |                                                              uint8_t * {aka unsigned char *}

/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1167:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
 1167 |                                     size_t *olen, size_t tag_len);
      |                                     ~~~~~~~~^~~~
aead.c: In function 'aead_key_init':
aead.c:727:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'base'
  727 |         cipher->info->base       = NULL;
      |                     ^~
aead.c:728:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'key_bitlen'
  728 |         cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
      |                     ^~
aead.c:729:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'iv_size'
  729 |         cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
      |                     ^~
cc1: all warnings being treated as errors
Makefile:1162: recipe for target 'ss_local-aead.o' failed
make[5]: *** [ss_local-aead.o] Error 1
make[5]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5/src'
Makefile:490: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5'
Makefile:399: recipe for target 'all' failed
make[3]: *** [all] Error 2

from helloworld.

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, clen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

from helloworld.

降级的编译使用正常，

from helloworld.

降级的编译使用正常

这个补丁目的是测试不降级情况下是否可用。。。

from helloworld.

降级的编译使用正常

这个补丁目的是测试不降级情况下是否可用。。。

这个补丁要放在什么位置？

from helloworld.

编译不过，还是替换降价的好用，这么久了master也没修，都不用吗？

from helloworld.

编译不过，还是替换降价的好用，这么久了master也没修，都不用吗？

怎么可能编译不过，你肯定哪里错了！

from helloworld.

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, c + mlen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, c + mlen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

大佬本人小白这补丁怎么打，能详细说下吗？

from helloworld.

mbedtls 降低版本即可

大佬能详细说下吗？小白一枚

from helloworld.

mbedtls 降低版本即可

大佬能详细说下吗？小白一枚

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

from helloworld.

我就替换了一个，用的官方2305的，也可以

from helloworld.

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

降级就没意义了！

from helloworld.

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

降级就没意义了！

但你这个补丁我弄不好，还是报错

from helloworld.

我是直接把ss和ssr都去掉了，不编译进去，不用SS节点就行了，没影响。

from helloworld.

但你这个补丁我弄不好，还是报错

已修改补丁。

from helloworld.