shadowsocks-libuv icon indicating copy to clipboard operation
shadowsocks-libuv copied to clipboard

Published 20 hours ago verified publisher icon dndx

Throw openssl dependency away

Open dndx opened this issue 12 years ago • 4 comments

@clowwindy @madeye

RC4 have a very simple algorithm and can be implemented in just few lines of code. According to my test, we only need the EVP_BytesToKey(3) to make password derivation. It seems that EVP_BytesToKey(3) is using PKCS#5 v1.5 so it's possible just implement this algorithm and throw openssl dependency away.

In my encrypt.c , I just used EVP_BytesToKey(3) to do derivation. After that I used a rc4 implementation I found in OpenBSD Directory and it's working very well.

dndx avatar Jan 04 '13 21:01 dndx

@clowwindy @madeye

After some investigation, I found that the call to EVP_BytesToKey(3) in shadowsocks-libuv simply creates a md5 sum from the password. I've confirmed this with supporting RC4 encryption in shadowsocks-go and made it compatible with both the libuv and nodejs port.

It's easy to find a md5 implementation in C, but license issues need to be considered. Here's one implementation used in cups that maybe used.

cyfdecyf avatar Jan 22 '13 09:01 cyfdecyf

Cool, I have removed all openssl dependencies in libev implementation, and until now it works well.

madeye avatar Jan 22 '13 10:01 madeye

Thanks, I will remove that tonight.

dndx avatar Jan 22 '13 17:01 dndx

@cyfdecyf No worries, shadowsocks-libuv is using a MD5 implementation that is in the public domain.

md5.c md5.h

dndx avatar Jan 24 '13 07:01 dndx