Merge pull request #1670 from msdos03/ss-libev

update shadowsocks-libev work with mbedtls 3.6

shadowsocks-libev/Makefile

@@ -14,13 +14,13 @@ include $(TOPDIR)/rules.mk
 #
 PKG_NAME:=shadowsocks-libev
 PKG_VERSION:=3.3.5
-PKG_RELEASE:=12
+PKG_RELEASE:=13
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
 PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
-PKG_MIRROR_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
+PKG_MIRROR_HASH:=6ff973af37c20cf0430f106d360b94b8b91df6dd8d7be3908ee84b5a86c3319f
 
 PKG_MAINTAINER:=Yousong Zhou <[email protected]>
 

shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch

@@ -0,0 +1,152 @@
+From 8be7a7cb00b9540e9be05d409191b0bc1ba424f0 Mon Sep 17 00:00:00 2001
+From: notsure2 <[email protected]>
+Date: Mon, 11 Dec 2023 09:15:47 +0200
+Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on
+ the listening socket not the accepted socket.
+
+---
+ src/local.c  | 16 ++++++++--------
+ src/redir.c  | 16 ++++++++--------
+ src/server.c | 16 ++++++++--------
+ src/tunnel.c | 16 ++++++++--------
+ 4 files changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/src/local.c b/src/local.c
+index fa1ca7b..51f62c4 100644
+--- a/src/local.c
++++ b/src/local.c
+@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const char *port)
+             }
+         }
+ 
++        if (tcp_incoming_sndbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
++        }
++
++        if (tcp_incoming_rcvbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
++        }
++
+         s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+         if (s == 0) {
+             /* We managed to bind successfully! */
+@@ -1406,14 +1414,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
+     setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+ #endif
+ 
+-    if (tcp_incoming_sndbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
+-    }
+-
+-    if (tcp_incoming_rcvbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
+-    }
+-
+     server_t *server = new_server(serverfd);
+     server->listener = listener;
+ 
+diff --git a/src/redir.c b/src/redir.c
+index d36fe3f..86b7238 100644
+--- a/src/redir.c
++++ b/src/redir.c
+@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const char *port)
+             LOGI("tcp tproxy mode enabled");
+         }
+ 
++        if (tcp_incoming_sndbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
++        }
++
++        if (tcp_incoming_rcvbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
++        }
++
+         s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+         if (s == 0) {
+             /* We managed to bind successfully! */
+@@ -759,14 +767,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
+     setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+ #endif
+ 
+-    if (tcp_incoming_sndbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
+-    }
+-
+-    if (tcp_incoming_rcvbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
+-    }
+-
+     int index                    = rand() % listener->remote_num;
+     struct sockaddr *remote_addr = listener->remote_addr[index];
+ 
+diff --git a/src/server.c b/src/server.c
+index 73b6599..ef347a5 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -620,6 +620,14 @@ create_and_bind(const char *host, const char *port, int mptcp)
+             }
+         }
+ 
++        if (tcp_incoming_sndbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
++        }
++
++        if (tcp_incoming_rcvbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
++        }
++
+         // Enable out-of-tree mptcp
+         if (mptcp == 1) {
+             int i = 0;
+@@ -1769,14 +1777,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
+     setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+ #endif
+ 
+-    if (tcp_incoming_sndbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
+-    }
+-
+-    if (tcp_incoming_rcvbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
+-    }
+-
+     setnonblocking(serverfd);
+ 
+     server_t *server = new_server(serverfd, listener);
+diff --git a/src/tunnel.c b/src/tunnel.c
+index 99ed412..9f0dd57 100644
+--- a/src/tunnel.c
++++ b/src/tunnel.c
+@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const char *port)
+             }
+         }
+ 
++        if (tcp_incoming_sndbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
++        }
++
++        if (tcp_incoming_rcvbuf > 0) {
++            setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
++        }
++
+         s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
+         if (s == 0) {
+             /* We managed to bind successfully! */
+@@ -725,14 +733,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
+     setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
+ #endif
+ 
+-    if (tcp_incoming_sndbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
+-    }
+-
+-    if (tcp_incoming_rcvbuf > 0) {
+-        setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
+-    }
+-
+     int index                    = rand() % listener->remote_num;
+     struct sockaddr *remote_addr = listener->remote_addr[index];
+ 
+-- 
+2.39.5
+

shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch

@@ -1,198 +0,0 @@
-From c2bdb9847e374331a4f1c8fcd3d93e0b57d4c6fc Mon Sep 17 00:00:00 2001
-From: Zxl hhyccc <[email protected]>
-Date: Sun, 7 Jul 2024 17:08:27 +0800
-Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-*** The added patch is available in 'mbedtls 3.6 version'.
-
-*** fix *clen += tlen; may cause potential bounds error.
-
-Co-authored-by: Lu jicong <[email protected]>
-Signed-off-by: Zxl hhyccc <[email protected]>
----
- m4/mbedtls.m4	| 20 +++++++++++++++++++
- src/aead.c	| 17 ++++++++++++++++
- src/crypto.c	|  2 +-
- src/stream.c	| 17 ++++++++++++++++
- 
- 4 files changed, 55 insertions(+), 1 deletion(-)
-
---- a/m4/mbedtls.m4
-+++ b/m4/mbedtls.m4
-@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_CIPHER_MODE_CFB
-@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_ARC4_C
-@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_BLOWFISH_C
-@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_CAMELLIA_C
---- a/src/aead.c
-+++ b/src/aead.c
-@@ -178,9 +178,14 @@ aead_cipher_encrypt(cipher_ctx_t *cipher
-     case AES192GCM:
-     case AES128GCM:
- 
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                           m, mlen, c, clen, c + mlen, tlen);
-         *clen += tlen;
-+#else
-+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
-+                                              m, mlen, c, mlen + tlen, clen, tlen);
-+#endif
-         break;
-     case CHACHA20POLY1305IETF:
-         err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
-@@ -226,8 +231,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher
-     // Otherwise, just use the mbedTLS one with crappy AES-NI.
-     case AES192GCM:
-     case AES128GCM:
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
-+#else
-+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
-+                                              m, mlen, p, mlen - tlen, plen, tlen);
-+#endif
-         break;
-     case CHACHA20POLY1305IETF:
-         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
-@@ -724,9 +734,26 @@ aead_key_init(int method, const char *pa
-     if (method >= CHACHA20POLY1305IETF) {
-         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
-         cipher->info             = cipher_info;
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         cipher->info->base       = NULL;
-         cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-         cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
-+#else
-+        cipher->info->private_base_idx   = 0;
-+
-+#ifdef MBEDTLS_KEY_BITLEN_SHIFT
-+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
-+#else
-+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
-+#endif
-+
-+#ifdef MBEDTLS_IV_SIZE_SHIFT
-+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
-+#else
-+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
-+#endif
-+
-+#endif
-     } else {
-         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
-     }
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_
-     if (md == NULL) {
-         md = m;
-     }
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
-     if (mbedtls_md5_ret(d, n, md) != 0)
-         FATAL("Failed to calculate MD5");
- #else
---- a/src/stream.c
-+++ b/src/stream.c
-@@ -174,7 +174,11 @@ cipher_nonce_size(const cipher_t *cipher
-     if (cipher == NULL) {
-         return 0;
-     }
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-     return cipher->info->iv_size;
-+#else
-+    return (int)mbedtls_cipher_info_get_iv_size(cipher->info);
-+#endif
- }
- 
- int
-@@ -192,7 +196,11 @@ cipher_key_size(const cipher_t *cipher)
-         return 0;
-     }
-     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-     return cipher->info->key_bitlen / 8;
-+#else
-+    return (int)mbedtls_cipher_info_get_key_bitlen(cipher->info) / 8;
-+#endif
- }
- 
- const cipher_kt_t *
-@@ -645,9 +653,26 @@ stream_key_init(int method, const char *
-     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
-         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
-         cipher->info             = cipher_info;
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         cipher->info->base       = NULL;
-         cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-         cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
-+#else
-+        cipher->info->private_base_idx   = 0;
-+
-+#ifdef MBEDTLS_KEY_BITLEN_SHIFT
-+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
-+#else
-+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
-+#endif
-+
-+#ifdef MBEDTLS_IV_SIZE_SHIFT
-+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
-+#else
-+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
-+#endif
-+
-+#endif
-     } else {
-         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
-     }

shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch

@@ -0,0 +1,232 @@
+From 2b33e8e6778db08624dbf8ec6fe1e8f7b1a4bee8 Mon Sep 17 00:00:00 2001
+From: Lu jicong <[email protected]>
+Date: Fri, 10 Jan 2025 22:05:31 +0800
+Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue
+
+Fix mbedtls 3.6 compatibility
+
+Co-authored-by: Zxl hhyccc <[email protected]>
+Signed-off-by: Lu jicong <[email protected]>
+---
+ m4/mbedtls.m4 | 20 ++++++++++++++++++++
+ src/aead.c    | 23 +++++++++++------------
+ src/crypto.c  |  2 +-
+ src/crypto.h  |  1 -
+ src/stream.c  | 51 ++++++---------------------------------------------
+ 5 files changed, 38 insertions(+), 59 deletions(-)
+
+diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
+index 2c478b9..a795790 100644
+--- a/m4/mbedtls.m4
++++ b/m4/mbedtls.m4
+@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
+   AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+       [[
++#include <mbedtls/version.h>
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include <mbedtls/mbedtls_config.h>
++#else
+ #include <mbedtls/config.h>
++#endif
+       ]],
+       [[
+ #ifndef MBEDTLS_CIPHER_MODE_CFB
+@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
+   AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+       [[
++#include <mbedtls/version.h>
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include <mbedtls/mbedtls_config.h>
++#else
+ #include <mbedtls/config.h>
++#endif
+       ]],
+       [[
+ #ifndef MBEDTLS_ARC4_C
+@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
+   AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+       [[
++#include <mbedtls/version.h>
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include <mbedtls/mbedtls_config.h>
++#else
+ #include <mbedtls/config.h>
++#endif
+       ]],
+       [[
+ #ifndef MBEDTLS_BLOWFISH_C
+@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
+   AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+       [[
++#include <mbedtls/version.h>
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include <mbedtls/mbedtls_config.h>
++#else
+ #include <mbedtls/config.h>
++#endif
+       ]],
+       [[
+ #ifndef MBEDTLS_CAMELLIA_C
+diff --git a/src/aead.c b/src/aead.c
+index 358ec93..73349da 100644
+--- a/src/aead.c
++++ b/src/aead.c
+@@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
+     // Otherwise, just use the mbedTLS one with crappy AES-NI.
+     case AES192GCM:
+     case AES128GCM:
+-
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+                                           m, mlen, c, clen, c + mlen, tlen);
++#else
++        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
++                                              m, mlen, c, mlen + tlen, clen, tlen);
++#endif
+         *clen += tlen;
+         break;
+     case CHACHA20POLY1305IETF:
+@@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
+     // Otherwise, just use the mbedTLS one with crappy AES-NI.
+     case AES192GCM:
+     case AES128GCM:
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
++#else
++        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
++                                              m, mlen, p, mlen - tlen, plen, tlen);
++#endif
+         break;
+     case CHACHA20POLY1305IETF:
+         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
+@@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key)
+     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
+     memset(cipher, 0, sizeof(cipher_t));
+ 
+-    if (method >= CHACHA20POLY1305IETF) {
+-        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+-        cipher->info             = cipher_info;
+-        cipher->info->base       = NULL;
+-        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+-        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+-    } else {
+-        cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
+-    }
+-
+-    if (cipher->info == NULL && cipher->key_len == 0) {
++    if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) {
+         LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]);
+         FATAL("Cannot initialize cipher");
+     }
+diff --git a/src/crypto.c b/src/crypto.c
+index b44d867..76c426b 100644
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
+     if (md == NULL) {
+         md = m;
+     }
+-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
++#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
+     if (mbedtls_md5_ret(d, n, md) != 0)
+         FATAL("Failed to calculate MD5");
+ #else
+diff --git a/src/crypto.h b/src/crypto.h
+index 1791551..7070793 100644
+--- a/src/crypto.h
++++ b/src/crypto.h
+@@ -97,7 +97,6 @@ typedef struct buffer {
+ typedef struct {
+     int method;
+     int skey;
+-    cipher_kt_t *info;
+     size_t nonce_len;
+     size_t key_len;
+     size_t tag_len;
+diff --git a/src/stream.c b/src/stream.c
+index 35d9050..b2e2cea 100644
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
+     return 0;
+ }
+ 
+-int
+-cipher_nonce_size(const cipher_t *cipher)
+-{
+-    if (cipher == NULL) {
+-        return 0;
+-    }
+-    return cipher->info->iv_size;
+-}
+-
+-int
+-cipher_key_size(const cipher_t *cipher)
+-{
+-    /*
+-     * Semi-API changes (technically public, morally prnonceate)
+-     * Renamed a few headers to include _internal in the name. Those headers are
+-     * not supposed to be included by users.
+-     * Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
+-     * Changed pk_info_t into an opaque structure.
+-     * Changed cipher_base_t into an opaque structure.
+-     */
+-    if (cipher == NULL) {
+-        return 0;
+-    }
+-    /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
+-    return cipher->info->key_bitlen / 8;
+-}
+-
+ const cipher_kt_t *
+ stream_get_cipher_type(int method)
+ {
+@@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key)
+     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
+     memset(cipher, 0, sizeof(cipher_t));
+ 
+-    if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
+-        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+-        cipher->info             = cipher_info;
+-        cipher->info->base       = NULL;
+-        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+-        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+-    } else {
+-        cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
+-    }
+-
+-    if (cipher->info == NULL && cipher->key_len == 0) {
++    if (method < SALSA20 && stream_get_cipher_type(method) == NULL) {
+         LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]);
+         FATAL("Cannot initialize cipher");
+     }
+ 
+     if (key != NULL)
+-        cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher));
++        cipher->key_len = crypto_parse_key(key, cipher->key,
++                                           supported_stream_ciphers_key_size[method]);
+     else
+-        cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher));
++        cipher->key_len = crypto_derive_key(pass, cipher->key,
++                                            supported_stream_ciphers_key_size[method]);
+ 
+     if (cipher->key_len == 0) {
+         FATAL("Cannot generate key and NONCE");
+     }
+-    if (method == RC4_MD5) {
+-        cipher->nonce_len = 16;
+-    } else {
+-        cipher->nonce_len = cipher_nonce_size(cipher);
+-    }
++    cipher->nonce_len = supported_stream_ciphers_nonce_size[method];
+     cipher->method = method;
+ 
+     return cipher;
+-- 
+2.39.5
+