mirthlesslk
commented
2 months ago 那个请教一下,官方nftable的话要特别配置才能用吗?
Open copycodetest opened 2 months ago
mirthlesslk
commented
2 months ago 那个请教一下,官方nftable的话要特别配置才能用吗?
ted-zheng
commented
2 months ago 一周前编译还一点问题没有。今天拉取了最新的源码报错“shadowsocks-libev failed to build”,信息如下: 2024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: [/workdir/openwrt/include/toplevel.mk:233: world] Error 22024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: [/workdir/openwrt/include/toplevel.mk:233: world] Error 2
.config没有变过
我也出一样的问题了,解决了的话说一下怎么解决的。
Aggrandiz
commented
2 months ago make[3] -C package/utils/f2fs-tools compile ERROR: package/feeds/packages/shadowsocks-libev failed to build. make[3] -C package/utils/f2fs-tools compile make -r world: build failed. Please re-run make with -j1 V=s or V=sc for a higher verbosity level to see what's going on make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 1
报错
Aggrandiz
commented
2 months ago configure: error: MBEDTLS_CIPHER_MODE_CFB required make[3]: [Makefile:130: /workdir/openwrt/build_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' time: package/feeds/packages/shadowsocks-libev/compile#13.92#0.54#15.27 ERROR: package/feeds/packages/shadowsocks-libev failed to build. make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 make[2]: Leaving directory '/workdir/openwrt' make[1]: [package/Makefile:123: /workdir/openwrt/staging_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/stamp/.package_compile] Error 2 make[1]: Leaving directory '/workdir/openwrt' make: [/workdir/openwrt/include/toplevel.mk:233: world] Error 2
zxlhhyccc
commented
2 months ago 官方master分支?
Aggrandiz
commented
2 months ago 官方master分支?
/immortalwrt/immortalwrt
zxlhhyccc
commented
2 months ago /immortalwrt/immortalwrt
看报错提示,你配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。
copycodetest
commented
2 months ago 官方master分支?
是的 我用的是官方master
zxlhhyccc
commented
2 months ago @Aggrandiz 配置了MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗?
zxlhhyccc
commented
2 months ago 是的 我用的是官方master
配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖,问题引起的是mbedtls更新到3.6.0版本。
Aggrandiz
commented
2 months ago /immortalwrt/immortalwrt
看报错提示,你配置一下
MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。
谢谢我试试
Aggrandiz
commented
2 months ago @Aggrandiz 配置了
MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗?
明天搞
zxlhhyccc
commented
2 months ago 谢谢我试试
如果不行,把Makefile里的:
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488改成:
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2试试!
zxlhhyccc
commented
2 months ago @copycodetest 可以了吗?
ted-zheng
commented
2 months ago checking whether ln -s works... yes checking whether make sets $(MAKE)... (cached) yes checking for thread local storage (TLS) class... __thread checking for mbedtls_cipher_setup in -lmbedcrypto... yes checking whether mbedtls supports Cipher Feedback mode or not... configure: error: MBEDTLS_CIPHER_MODE_CFB required make[3]: [Makefile:130: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev' time: package/feeds/packages/shadowsocks-libev/compile#8.19#2.29#11.09 ERROR: package/feeds/packages/shadowsocks-libev failed to build. make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 make[2]: Leaving directory '/home/udb/openwrt' make[1]: [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 make[1]: Leaving directory '/home/udb/openwrt' make: [/home/udb/openwrt/include/toplevel.mk:233:world] 错误 2
ted-zheng
commented
2 months ago 谢谢我试试
如果不行,把
Makefile里的:PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION) PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488改成:
PKG_SOURCE_PROTO:=git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254 PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2试试!
make[3]: [Makefile:132: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev' time: package/feeds/packages/shadowsocks-libev/compile#11.22#3.41#24.41 ERROR: package/feeds/packages/shadowsocks-libev failed to build. make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 make[2]: Leaving directory '/home/udb/openwrt' make[1]: [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 make[1]: Leaving directory '/home/udb/openwrt' make: [/home/udb/openwrt/include/toplevel.mk:233:world] 错误 2
Aggrandiz
commented
2 months ago mbedtls 降低版本即可
copycodetest
commented
2 months ago mbedtls 降低版本即可
你好,请问下具体该如何降低版本?
zxlhhyccc
commented
2 months ago 你好,请问下具体该如何降低版本?
https://github.com/openwrt/openwrt/commit/adc29202c2044ad039f2904b822c6a6fe84ac984
官方3.60版本取消了mbedtls_aead_cipher_decrypt和mbedtls_cipher_auth_encrypt导致!
zxlhhyccc
commented
2 months ago 打了下面的补丁:
diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
index 2c478b9..e85be4b 100644
--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_CAMELLIA_C
diff --git a/src/crypto.c b/src/crypto.c
index b44d867..3e76aff 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -104,7 +104,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
md = m;
}
#if MBEDTLS_VERSION_NUMBER >= 0x02070000
- if (mbedtls_md5_ret(d, n, md) != 0)
+ if (mbedtls_md5(d, n, md) != 0)
FATAL("Failed to calculate MD5");
#else
mbedtls_md5(d, n, md);
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,7 +178,7 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
case AES192GCM:
case AES128GCM:
- err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen, c, clen, c + mlen, tlen);
*clen += tlen;
break;
@@ -226,7 +226,7 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
// Otherwise, just use the mbedTLS one with crappy AES-NI.
case AES192GCM:
case AES128GCM:
- err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
break;
case CHACHA20POLY1305IETF:现在卡在这里了:
o './'`aead.c
aead.c: In function 'aead_cipher_encrypt':
aead.c:182:55: error: passing argument 9 of 'mbedtls_cipher_auth_encrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
182 | m, mlen, c, clen, c + mlen, tlen);
| ^~~~
| |
| size_t * {aka long unsigned int *}
In file included from crypto.h:43,
from aead.h:26,
from aead.c:39:
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1110:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
1110 | unsigned char *output, size_t output_len,
| ~~~~~~~^~~~~~~~~~
aead.c:182:63: error: passing argument 10 of 'mbedtls_cipher_auth_encrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
182 | m, mlen, c, clen, c + mlen, tlen);
| ~~^~~~~~
| |
| uint8_t * {aka unsigned char *}
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1111:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
1111 | size_t *olen, size_t tag_len);
| ~~~~~~~~^~~~
aead.c: In function 'aead_cipher_decrypt':
aead.c:230:62: error: passing argument 9 of 'mbedtls_cipher_auth_decrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
230 | m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
| ^~~~
| |
| size_t * {aka long unsigned int *}
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1166:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
1166 | unsigned char *output, size_t output_len,
| ~~~~~~~^~~~~~~~~~
aead.c:230:77: error: passing argument 10 of 'mbedtls_cipher_auth_decrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
230 | m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
| ~~~~~~~~~^~~~~~
| |
| uint8_t * {aka unsigned char *}
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1167:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
1167 | size_t *olen, size_t tag_len);
| ~~~~~~~~^~~~
aead.c: In function 'aead_key_init':
aead.c:727:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'base'
727 | cipher->info->base = NULL;
| ^~
aead.c:728:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'key_bitlen'
728 | cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
| ^~
aead.c:729:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'iv_size'
729 | cipher->info->iv_size = supported_aead_ciphers_nonce_size[method];
| ^~
cc1: all warnings being treated as errors
Makefile:1162: recipe for target 'ss_local-aead.o' failed
make[5]: *** [ss_local-aead.o] Error 1
make[5]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5/src'
Makefile:490: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5'
Makefile:399: recipe for target 'all' failed
make[3]: *** [all] Error 2这个101-fix-mbedtls3.6-build.patch补丁能编译通过,有谁测试一下是否可用?
--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
]],
[[
#ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
if (md == NULL) {
md = m;
}
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
if (mbedtls_md5_ret(d, n, md) != 0)
FATAL("Failed to calculate MD5");
#else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
case AES192GCM:
case AES128GCM:
- err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
- m, mlen, c, clen, c + mlen, tlen);
+ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+ m, mlen, c, *clen, clen, tlen);
*clen += tlen;
break;
case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
// Otherwise, just use the mbedTLS one with crappy AES-NI.
case AES192GCM:
case AES128GCM:
- err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
- m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+ m, mlen - tlen, p, *plen, plen - tlen, tlen);
break;
case CHACHA20POLY1305IETF:
err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
if (method >= CHACHA20POLY1305IETF) {
cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
cipher->info = cipher_info;
- cipher->info->base = NULL;
- cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
- cipher->info->iv_size = supported_aead_ciphers_nonce_size[method];
+ cipher->info->private_base_idx = 0;
+ cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+ cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method];
} else {
cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
}
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
if (cipher == NULL) {
return 0;
}
- return cipher->info->iv_size;
+ return cipher->info->private_iv_size;
}
int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
return 0;
}
/* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
- return cipher->info->key_bitlen / 8;
+ return cipher->info->private_key_bitlen / 8;
}
const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
cipher->info = cipher_info;
- cipher->info->base = NULL;
- cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
- cipher->info->iv_size = supported_stream_ciphers_nonce_size[method];
+ cipher->info->private_base_idx = 0;
+ cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+ cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method];
} else {
cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
}
hcym
commented
1 month ago 降级的编译使用正常,
zxlhhyccc
commented
1 month ago 降级的编译使用正常
这个补丁目的是测试不降级情况下是否可用。。。
OldCoding
commented
1 month ago 降级的编译使用正常
这个补丁目的是测试不降级情况下是否可用。。。
这个补丁要放在什么位置?
zxlhhyccc
commented
1 month ago 在编译包中有patches文件夹,把补丁放进去即可。
hcym
commented
1 month ago 编译不过,还是替换降价的好用,这么久了master也没修,都不用吗?
zxlhhyccc
commented
1 month ago 编译不过,还是替换降价的好用,这么久了master也没修,都不用吗?
怎么可能编译不过,你肯定哪里错了!
dd-bpir3
commented
1 month ago 这个
101-fix-mbedtls3.6-build.patch补丁能编译通过,有谁测试一下是否可用?--- a/m4/mbedtls.m4 +++ b/m4/mbedtls.m4 @@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_CIPHER_MODE_CFB @@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_ARC4_C @@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_BLOWFISH_C @@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_CAMELLIA_C --- a/src/crypto.c +++ b/src/crypto.c @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) if (md == NULL) { md = m; } -#if MBEDTLS_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 if (mbedtls_md5_ret(d, n, md) != 0) FATAL("Failed to calculate MD5"); #else --- a/src/aead.c +++ b/src/aead.c @@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, case AES192GCM: case AES128GCM: - err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen, c, clen, c + mlen, tlen); + err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, *clen, c + mlen, tlen); *clen += tlen; break; case CHACHA20POLY1305IETF: @@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: - err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen - tlen, p, plen, m + mlen - tlen, tlen); + err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen - tlen, p, *plen, plen - tlen, tlen); break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, @@ -724,9 +724,9 @@ aead_key_init(int method, const char if (method >= CHACHA20POLY1305IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; + cipher->info->private_base_idx = 0; + cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8; + cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method]; } else { cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); } --- a/src/stream.c +++ b/src/stream.c @@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher) if (cipher == NULL) { return 0; } - return cipher->info->iv_size; + return cipher->info->private_iv_size; } int @@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher) return 0; } /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ - return cipher->info->key_bitlen / 8; + return cipher->info->private_key_bitlen / 8; } const cipher_kt_t * @@ -645,9 +645,9 @@ stream_key_init(int method, const char if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; + cipher->info->private_base_idx = 0; + cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8; + cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method]; } else { cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); }这个
101-fix-mbedtls3.6-build.patch补丁能编译通过,有谁测试一下是否可用?--- a/m4/mbedtls.m4 +++ b/m4/mbedtls.m4 @@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_CIPHER_MODE_CFB @@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_ARC4_C @@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_BLOWFISH_C @@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ -#include <mbedtls/config.h> +#include <mbedtls/mbedtls_config.h> ]], [[ #ifndef MBEDTLS_CAMELLIA_C --- a/src/crypto.c +++ b/src/crypto.c @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) if (md == NULL) { md = m; } -#if MBEDTLS_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 if (mbedtls_md5_ret(d, n, md) != 0) FATAL("Failed to calculate MD5"); #else --- a/src/aead.c +++ b/src/aead.c @@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, case AES192GCM: case AES128GCM: - err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen, c, clen, c + mlen, tlen); + err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, *clen, c + mlen, tlen); *clen += tlen; break; case CHACHA20POLY1305IETF: @@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: - err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen - tlen, p, plen, m + mlen - tlen, tlen); + err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen - tlen, p, *plen, plen - tlen, tlen); break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, @@ -724,9 +724,9 @@ aead_key_init(int method, const char if (method >= CHACHA20POLY1305IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; + cipher->info->private_base_idx = 0; + cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8; + cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method]; } else { cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); } --- a/src/stream.c +++ b/src/stream.c @@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher) if (cipher == NULL) { return 0; } - return cipher->info->iv_size; + return cipher->info->private_iv_size; } int @@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher) return 0; } /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ - return cipher->info->key_bitlen / 8; + return cipher->info->private_key_bitlen / 8; } const cipher_kt_t * @@ -645,9 +645,9 @@ stream_key_init(int method, const char if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; + cipher->info->private_base_idx = 0; + cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8; + cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method]; } else { cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); }
大佬本人小白这补丁怎么打,能详细说下吗?
dd-bpir3
commented
1 month ago mbedtls 降低版本即可
大佬能详细说下吗?小白一枚
OldCoding
commented
1 month ago mbedtls 降低版本即可
大佬能详细说下吗?小白一枚
把源码中package/libs/目录下以下三个文件夹用lede源码中的替换 mbedtls ustream-ssl uclient
hcym
commented
1 month ago 我就替换了一个,用的官方2305的,也可以
zxlhhyccc
commented
1 month ago 把源码中package/libs/目录下以下三个文件夹用lede源码中的替换 mbedtls ustream-ssl uclient
降级就没意义了!
OldCoding
commented
1 month ago 把源码中package/libs/目录下以下三个文件夹用lede源码中的替换 mbedtls ustream-ssl uclient
降级就没意义了!
但你这个补丁我弄不好,还是报错
ted-zheng
commented
1 month ago 我是直接把ss和ssr都去掉了,不编译进去,不用SS节点就行了,没影响。
zxlhhyccc
commented
1 month ago 但你这个补丁我弄不好,还是报错
已修改补丁。
OldCoding
commented
1 month ago 但你这个补丁我弄不好,还是报错
已修改补丁。
编译成功了,没有报错
zxlhhyccc
commented
1 month ago 编译成功了,没有报错
能用吗?如果能用我将提交PR。。。。
OldCoding
commented
1 month ago 编译成功了,没有报错
能用吗?如果能用我将提交PR。。。。
只测试vmess节点能正常运行,由于没有ss以及其他类型节点,其他协议就没有测试了
evan618
commented
1 week ago 有办法解决吗,我也卡这里了。只能降级吗
一周前编译还一点问题没有。今天拉取了最新的源码报错“shadowsocks-libev failed to build”,信息如下: 2024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: [/workdir/openwrt/include/toplevel.mk:233: world] Error 22024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: [/workdir/openwrt/include/toplevel.mk:233: world] Error 2
.config没有变过