用最新版的openwrt官方源码编译时候报错 #1462

copycodetest · 2024-05-01T04:44:25Z

一周前编译还一点问题没有。今天拉取了最新的源码报错“shadowsocks-libev failed to build”，信息如下：
2024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes
2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread
2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes
2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required
2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev'
2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79
2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build.
2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt'
2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt'
2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 22024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes
2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread
2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes
2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required
2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev'
2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79
2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build.
2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt'
2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt'
2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 2

.config没有变过

mirthlesslk · 2024-05-01T06:01:00Z

那个请教一下，官方nftable的话要特别配置才能用吗？

ted-zheng · 2024-05-01T11:46:55Z

一周前编译还一点问题没有。今天拉取了最新的源码报错“shadowsocks-libev failed to build”，信息如下： 2024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 22024-05-01T04:33:34.2150424Z checking whether make sets $(MAKE)... (cached) yes 2024-05-01T04:33:34.2272966Z checking for thread local storage (TLS) class... __thread 2024-05-01T04:33:34.2813498Z checking for mbedtls_cipher_setup in -lmbedcrypto... yes 2024-05-01T04:33:34.2962204Z configure: error: MBEDTLS_CIPHER_MODE_CFB required 2024-05-01T04:33:34.3306893Z make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1 2024-05-01T04:33:34.3308493Z checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev' 2024-05-01T04:33:34.3316655Z time: package/feeds/packages/shadowsocks-libev/compile#13.88#1.17#15.79 2024-05-01T04:33:34.3319930Z ERROR: package/feeds/packages/shadowsocks-libev failed to build. 2024-05-01T04:33:34.3323491Z make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1 2024-05-01T04:33:34.3329302Z make[2]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3335820Z make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2 2024-05-01T04:33:34.3341011Z make[1]: Leaving directory '/workdir/openwrt' 2024-05-01T04:33:34.3349834Z make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 2

.config没有变过

我也出一样的问题了，解决了的话说一下怎么解决的。

Aggrandiz · 2024-05-01T13:27:41Z

make[3] -C package/utils/f2fs-tools compile
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[3] -C package/utils/f2fs-tools compile
make -r world: build failed. Please re-run make with -j1 V=s or V=sc for a higher verbosity level to see what's going on
make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 1

报错

Aggrandiz · 2024-05-01T13:30:14Z

configure: error: MBEDTLS_CIPHER_MODE_CFB required
make[3]: *** [Makefile:130: /workdir/openwrt/build_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
checking whether mbedtls supports Cipher Feedback mode or not... make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#13.92#0.54#15.27
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/workdir/openwrt'
make[1]: *** [package/Makefile:123: /workdir/openwrt/staging_dir/target-arm_cortex-a5+neon-vfpv4_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/workdir/openwrt'
make: *** [/workdir/openwrt/include/toplevel.mk:233: world] Error 2

zxlhhyccc · 2024-05-01T14:05:52Z

官方master分支？

Aggrandiz · 2024-05-01T14:07:57Z

官方master分支？

/immortalwrt/immortalwrt

zxlhhyccc · 2024-05-01T14:09:45Z

/immortalwrt/immortalwrt

看报错提示，你配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。

copycodetest · 2024-05-01T14:17:42Z

官方master分支？

是的我用的是官方master

zxlhhyccc · 2024-05-01T14:25:41Z

@Aggrandiz 配置了MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗？

zxlhhyccc · 2024-05-01T14:27:56Z

是的我用的是官方master

配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖，问题引起的是mbedtls更新到3.6.0版本。

Aggrandiz · 2024-05-01T14:29:54Z

/immortalwrt/immortalwrt

看报错提示，你配置一下MBEDTLS_CIPHER_MODE_CFB=y试试。。。。貌似是要有这个依赖。

谢谢我试试

Aggrandiz · 2024-05-01T14:30:11Z

@Aggrandiz 配置了MBEDTLS_CIPHER_MODE_CFB=y问题解决了吗？

明天搞

zxlhhyccc · 2024-05-01T14:35:46Z

谢谢我试试

如果不行，把Makefile里的：

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
```
**改成：**
```
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2

试试！

zxlhhyccc · 2024-05-01T14:52:45Z

@copycodetest 可以了吗？

ted-zheng · 2024-05-01T15:09:33Z

checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for thread local storage (TLS) class... __thread
checking for mbedtls_cipher_setup in -lmbedcrypto... yes
checking whether mbedtls supports Cipher Feedback mode or not... configure: error: MBEDTLS_CIPHER_MODE_CFB required
make[3]: *** [Makefile:130: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#8.19#2.29#11.09
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/home/udb/openwrt'
make[1]: *** [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/udb/openwrt'
make: *** [/home/udb/openwrt/include/toplevel.mk:233：world] 错误 2

ted-zheng · 2024-05-01T15:44:55Z

谢谢我试试

如果不行，把Makefile里的：

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488

改成：

PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
PKG_MIRROR_HASH:=fdcd84cadd5b0b9162b2e81c4ce8e135d944e735a8c5bb79d349627df6ca76c2

试试！

make[3]: *** [Makefile:132: /home/udb/openwrt/build_dir/target-x86_64_musl/shadowsocks-libev-3.3.5/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
make[3]: Leaving directory '/home/udb/openwrt/feeds/packages/net/shadowsocks-libev'
time: package/feeds/packages/shadowsocks-libev/compile#11.22#3.41#24.41
ERROR: package/feeds/packages/shadowsocks-libev failed to build.
make[2]: *** [package/Makefile:129: package/feeds/packages/shadowsocks-libev/compile] Error 1
make[2]: Leaving directory '/home/udb/openwrt'
make[1]: *** [package/Makefile:123: /home/udb/openwrt/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/udb/openwrt'
make: *** [/home/udb/openwrt/include/toplevel.mk:233：world] 错误 2

Aggrandiz · 2024-05-02T00:00:02Z

mbedtls 降低版本即可

copycodetest · 2024-05-02T06:12:43Z

mbedtls 降低版本即可

你好，请问下具体该如何降低版本？

zxlhhyccc · 2024-05-02T07:05:41Z

你好，请问下具体该如何降低版本？

openwrt/openwrt@adc2920

官方3.60版本取消了mbedtls_aead_cipher_decrypt和mbedtls_cipher_auth_encrypt导致！

zxlhhyccc · 2024-05-02T14:51:51Z

打了下面的补丁：

diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
index 2c478b9..e85be4b 100644
--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
diff --git a/src/crypto.c b/src/crypto.c
index b44d867..3e76aff 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -104,7 +104,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
         md = m;
     }
 #if MBEDTLS_VERSION_NUMBER >= 0x02070000
-    if (mbedtls_md5_ret(d, n, md) != 0)
+    if (mbedtls_md5(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
     mbedtls_md5(d, n, md);
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,7 +178,7 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen, c, clen, c + mlen, tlen);
         *clen += tlen;
         break;
@@ -226,7 +226,7 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:

现在卡在这里了：

o './'`aead.c
aead.c: In function 'aead_cipher_encrypt':
aead.c:182:55: error: passing argument 9 of 'mbedtls_cipher_auth_encrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
  182 |                                           m, mlen, c, clen, c + mlen, tlen);
      |                                                       ^~~~
      |                                                       |
      |                                                       size_t * {aka long unsigned int *}
In file included from crypto.h:43,
                 from aead.h:26,
                 from aead.c:39:
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1110:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
 1110 |                                unsigned char *output, size_t output_len,
      |                                                       ~~~~~~~^~~~~~~~~~

aead.c:182:63: error: passing argument 10 of 'mbedtls_cipher_auth_encrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
  182 |                                          m, mlen, c, clen, c + mlen, tlen);
      |                                                            ~~^~~~~~
      |                                                              |
      |                                                              uint8_t * {aka unsigned char *}

/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1111:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
 1111 |                                     size_t *olen, size_t tag_len);
      |                                     ~~~~~~~~^~~~
aead.c: In function 'aead_cipher_decrypt':
aead.c:230:62: error: passing argument 9 of 'mbedtls_cipher_auth_decrypt_ext' makes integer from pointer without a cast [-Werror=int-conversion]
  230 |                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
      |                                                              ^~~~
      |                                                              |
      |                                                              size_t * {aka long unsigned int *}
/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1166:67: note: expected 'size_t' {aka 'long unsigned int'} but argument is of type 'size_t *' {aka 'long unsigned int *'}
 1166 |                                unsigned char *output, size_t output_len,
      |                                                       ~~~~~~~^~~~~~~~~~

aead.c:230:77: error: passing argument 10 of 'mbedtls_cipher_auth_decrypt_ext' from incompatible pointer type [-Werror=incompatible-pointer-types]
  230 |                            m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
      |                                                     ~~~~~~~~~^~~~~~
      |                                                              |
      |                                                              uint8_t * {aka unsigned char *}

/home/lin/ax6-6.1/staging_dir/target-aarch64_cortex-a53_musl/usr/include/mbedtls/cipher.h:1167:45: note: expected 'size_t *' {aka 'long unsigned int *'} but argument is of type 'uint8_t *' {aka 'unsigned char *'}
 1167 |                                     size_t *olen, size_t tag_len);
      |                                     ~~~~~~~~^~~~
aead.c: In function 'aead_key_init':
aead.c:727:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'base'
  727 |         cipher->info->base       = NULL;
      |                     ^~
aead.c:728:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'key_bitlen'
  728 |         cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
      |                     ^~
aead.c:729:21: error: 'cipher_kt_t' {aka 'mbedtls_cipher_info_t'} has no member named 'iv_size'
  729 |         cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
      |                     ^~
cc1: all warnings being treated as errors
Makefile:1162: recipe for target 'ss_local-aead.o' failed
make[5]: *** [ss_local-aead.o] Error 1
make[5]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5/src'
Makefile:490: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/home/lin/ax6-6.1/build_dir/target-aarch64_cortex-a53_musl/shadowsocks-libev-3.3.5'
Makefile:399: recipe for target 'all' failed
make[3]: *** [all] Error 2

zxlhhyccc · 2024-05-04T16:40:04Z

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, clen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

hcym · 2024-05-05T21:53:29Z

降级的编译使用正常，

zxlhhyccc · 2024-05-06T05:04:41Z

降级的编译使用正常

这个补丁目的是测试不降级情况下是否可用。。。

OldCoding · 2024-05-13T13:10:16Z

降级的编译使用正常

这个补丁目的是测试不降级情况下是否可用。。。

这个补丁要放在什么位置？

zxlhhyccc · 2024-05-13T13:36:17Z

在编译包中有patches文件夹，把补丁放进去即可。

hcym · 2024-05-14T03:09:08Z

编译不过，还是替换降价的好用，这么久了master也没修，都不用吗？

zxlhhyccc · 2024-05-14T13:27:05Z

编译不过，还是替换降价的好用，这么久了master也没修，都不用吗？

怎么可能编译不过，你肯定哪里错了！

dd-bpir3 · 2024-05-15T05:26:40Z

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, c + mlen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

这个101-fix-mbedtls3.6-build.patch补丁能编译通过，有谁测试一下是否可用？

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +48,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +64,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +80,7 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,8 +178,8 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
-        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen, c, clen, c + mlen, tlen);
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen, c, *clen, c + mlen, tlen);
         *clen += tlen;
         break;
     case CHACHA20POLY1305IETF:
@@ -226,8 +226,8 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                          m, mlen - tlen, p, *plen, plen - tlen, tlen);
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +724,9 @@ aead_key_init(int method, const char
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,7 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
-    return cipher->info->iv_size;
+    return cipher->info->private_iv_size;
 }
 
 int
@@ -192,7 +192,7 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-    return cipher->info->key_bitlen / 8;
+    return cipher->info->private_key_bitlen / 8;
 }
 
 const cipher_kt_t *
@@ -645,9 +645,9 @@ stream_key_init(int method, const char
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
-        cipher->info->base       = NULL;
-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+        cipher->info->private_base_idx       = 0;
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

大佬本人小白这补丁怎么打，能详细说下吗？

dd-bpir3 · 2024-05-15T09:39:05Z

mbedtls 降低版本即可

大佬能详细说下吗？小白一枚

OldCoding · 2024-05-15T10:18:06Z

mbedtls 降低版本即可

大佬能详细说下吗？小白一枚

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

hcym · 2024-05-15T11:16:06Z

我就替换了一个，用的官方2305的，也可以

zxlhhyccc · 2024-05-16T04:45:18Z

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

降级就没意义了！

OldCoding · 2024-05-16T06:02:15Z

把源码中package/libs/目录下以下三个文件夹用lede源码中的替换
mbedtls
ustream-ssl
uclient

降级就没意义了！

但你这个补丁我弄不好，还是报错

ted-zheng · 2024-05-18T08:25:26Z

我是直接把ss和ssr都去掉了，不编译进去，不用SS节点就行了，没影响。

zxlhhyccc · 2024-05-31T04:42:38Z

但你这个补丁我弄不好，还是报错

已修改补丁。

OldCoding · 2024-06-01T03:44:50Z

但你这个补丁我弄不好，还是报错

已修改补丁。

编译成功了，没有报错

zxlhhyccc · 2024-06-01T14:57:46Z

编译成功了，没有报错

能用吗？如果能用我将提交PR。。。。

OldCoding · 2024-06-01T16:09:48Z

编译成功了，没有报错

能用吗？如果能用我将提交PR。。。。

只测试vmess节点能正常运行，由于没有ss以及其他类型节点，其他协议就没有测试了

evan618 · 2024-06-20T03:49:56Z

有办法解决吗，我也卡这里了。只能降级吗

zxlhhyccc mentioned this issue May 7, 2024

用最新版的openwrt官方源码编译时候报错 immortalwrt/packages#1180

Closed

1 task

用最新版的openwrt官方源码编译时候报错 #1462

用最新版的openwrt官方源码编译时候报错 #1462

Comments

copycodetest commented May 1, 2024 • edited Loading

mirthlesslk commented May 1, 2024

ted-zheng commented May 1, 2024

Aggrandiz commented May 1, 2024

Aggrandiz commented May 1, 2024

zxlhhyccc commented May 1, 2024

Aggrandiz commented May 1, 2024

zxlhhyccc commented May 1, 2024 • edited Loading

copycodetest commented May 1, 2024

zxlhhyccc commented May 1, 2024

zxlhhyccc commented May 1, 2024

Aggrandiz commented May 1, 2024

Aggrandiz commented May 1, 2024

zxlhhyccc commented May 1, 2024 • edited Loading

zxlhhyccc commented May 1, 2024

ted-zheng commented May 1, 2024

ted-zheng commented May 1, 2024

Aggrandiz commented May 2, 2024

copycodetest commented May 2, 2024

zxlhhyccc commented May 2, 2024 • edited Loading

zxlhhyccc commented May 2, 2024 • edited Loading

zxlhhyccc commented May 4, 2024 • edited Loading

hcym commented May 5, 2024

zxlhhyccc commented May 6, 2024

OldCoding commented May 13, 2024

zxlhhyccc commented May 13, 2024

hcym commented May 14, 2024

zxlhhyccc commented May 14, 2024

dd-bpir3 commented May 15, 2024

dd-bpir3 commented May 15, 2024

OldCoding commented May 15, 2024

hcym commented May 15, 2024

zxlhhyccc commented May 16, 2024

OldCoding commented May 16, 2024

ted-zheng commented May 18, 2024

zxlhhyccc commented May 31, 2024

OldCoding commented Jun 1, 2024

zxlhhyccc commented Jun 1, 2024 • edited Loading

OldCoding commented Jun 1, 2024

evan618 commented Jun 20, 2024

copycodetest commented May 1, 2024 •

edited

Loading

zxlhhyccc commented May 1, 2024 •

edited

Loading

zxlhhyccc commented May 1, 2024 •

edited

Loading

zxlhhyccc commented May 2, 2024 •

edited

Loading

zxlhhyccc commented May 2, 2024 •

edited

Loading

zxlhhyccc commented May 4, 2024 •

edited

Loading

zxlhhyccc commented Jun 1, 2024 •

edited

Loading