关于shadowsocks-libev兼容在mbedtls 2.28和3.6版本下均可编译的补丁，编译和运行测试都正常！

[zxlhhyccc]

openwrt/packages#24529
添加的补丁已可同时在mbedtls 3.6.0和2.28版本下编译且可正常使用，请有需要的使用者按需编译。
添加的补丁名字为：101-fix-mbedtls3.6-build.patch，把此补丁放入到目录为：/shadowsocks-libev/patches 中，补丁内容如下(根据mbedtls 3.6.0版本的文档，新的private_iv_size和private_key_bitlen需要右移，故补丁进行了修改完善，链接)：

--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#include <mbedtls/mbedtls_config.h>
+#else
 #include <mbedtls/config.h>
+#endif
       ]],
       [[
 #ifndef MBEDTLS_CIPHER_MODE_CFB
@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#include <mbedtls/mbedtls_config.h>
+#else
 #include <mbedtls/config.h>
+#endif
       ]],
       [[
 #ifndef MBEDTLS_ARC4_C
@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#include <mbedtls/mbedtls_config.h>
+#else
 #include <mbedtls/config.h>
+#endif
       ]],
       [[
 #ifndef MBEDTLS_BLOWFISH_C
@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
   AC_COMPILE_IFELSE(
     [AC_LANG_PROGRAM(
       [[
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#include <mbedtls/mbedtls_config.h>
+#else
 #include <mbedtls/config.h>
+#endif
       ]],
       [[
 #ifndef MBEDTLS_CAMELLIA_C
diff --git a/src/aead.c b/src/aead.c
index 358ec93..3388a54 100644
--- a/src/aead.c
+++ b/src/aead.c
@@ -178,9 +178,14 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
     case AES192GCM:
     case AES128GCM:
 
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen, c, clen, c + mlen, tlen);
         *clen += tlen;
+#else
+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                              m, mlen, c, mlen + tlen, clen, tlen);
+#endif
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
@@ -226,8 +231,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
     // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
+#else
+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
+                                              m, mlen, p, mlen - tlen, plen, tlen);
+#endif
         break;
     case CHACHA20POLY1305IETF:
         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
@@ -724,9 +734,26 @@ aead_key_init(int method, const char *pass, const char *key)
     if (method >= CHACHA20POLY1305IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         cipher->info->base       = NULL;
         cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
         cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
+#else
+        cipher->info->private_base_idx   = 0;
+
+#ifdef MBEDTLS_KEY_BITLEN_SHIFT
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
+#else
+        cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+#endif
+
+#ifdef MBEDTLS_IV_SIZE_SHIFT
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
+#else
+        cipher->info->private_iv_size    = supported_aead_ciphers_nonce_size[method];
+#endif
+
+#endif
     } else {
         cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
     }
diff --git a/src/crypto.c b/src/crypto.c
index b44d867..76c426b 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
     if (md == NULL) {
         md = m;
     }
-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
     if (mbedtls_md5_ret(d, n, md) != 0)
         FATAL("Failed to calculate MD5");
 #else
diff --git a/src/stream.c b/src/stream.c
index 35d9050..4bb9598 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -174,7 +174,11 @@ cipher_nonce_size(const cipher_t *cipher)
     if (cipher == NULL) {
         return 0;
     }
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
     return cipher->info->iv_size;
+#else
+    return (int)mbedtls_cipher_info_get_iv_size(cipher->info);
+#endif
 }
 
 int
@@ -192,7 +196,11 @@ cipher_key_size(const cipher_t *cipher)
         return 0;
     }
     /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
     return cipher->info->key_bitlen / 8;
+#else
+    return (int)mbedtls_cipher_info_get_key_bitlen(cipher->info) / 8;
+#endif
 }
 
 const cipher_kt_t *
@@ -645,9 +653,26 @@ stream_key_init(int method, const char *pass, const char *key)
     if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
         cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
         cipher->info             = cipher_info;
+#if MBEDTLS_VERSION_NUMBER < 0x03000000
         cipher->info->base       = NULL;
         cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
         cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
+#else
+        cipher->info->private_base_idx   = 0;
+
+#ifdef MBEDTLS_KEY_BITLEN_SHIFT
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
+#else
+        cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+#endif
+
+#ifdef MBEDTLS_IV_SIZE_SHIFT
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
+#else
+        cipher->info->private_iv_size    = supported_stream_ciphers_nonce_size[method];
+#endif
+
+#endif
     } else {
         cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
     }

[msdos03]

如果编译openwrt快照分支时需要shadowsocks-libev，可以使用这个仓库里包含这个补丁的packageopenwrt-package-shadowsocks-libev

[hcym]

主分支好像去掉shadowsocks-libev了

[zxlhhyccc]

主分支好像去掉shadowsocks-libev了

主分支去掉不代表shadowsocks-libev不能用。

[eearphon]

大佬，麻烦把naiveproxy升级下可以吗？

[zxlhhyccc]

大佬，麻烦把naiveproxy升级下可以吗？

已更新：
#1518

[eearphon]

大佬，麻烦把naiveproxy升级下可以吗？

已更新： #1518

谢谢，辛苦了！