add trojan

Signed-off-by: Gitea <gitea@fake.local>

openwrt-trojan/README

@@ -0,0 +1,29 @@
+openwrt-trojan
+==============
+
+Usage
+---
+
+1. copy these two folders to <openwrt-source-tree>/package.
+
+2. install feeds from openwrt official package repository.
+
+    ./scripts/feeds update -a
+    ./scripts/feeds install -a
+
+3. use 'make menuconfig' to select trojan package
+
+4. the buildroot generate trojan binary linked to our openssl.
+   You may use 'make package/trojan/{clean,compile} V=99' or
+   whatever you like.
+
+5. edit '/etc/config/trojan' file to enable it.
+   The init script is disabled by default to avoid startup
+   before configuration.
+
+FAQ
+---
+
+Q: May I use openssl from openwrt?
+A: As long as you don't need cutting-edge features, e.g. TLS 1.3.
+   BTW, the Makefile doesn't depend on official openssl package.

openwrt-trojan/openssl1.1/Makefile

@@ -0,0 +1,162 @@
+#
+# Copyright (C) 2006-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+### Modified by wongsyrone to fit need of trojan-gfw/trojan
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openssl1.1
+
+PKG_BASE:=1.1.1
+PKG_BUGFIX:=l
+PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
+PKG_HASH:=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
+ENGINES_DIR=engines-1.1
+
+
+PKG_RELEASE:=1
+PKG_USE_MIPS16:=0
+PATCH_DIR=./patches/$(PKG_BASE)
+
+PKG_BUILD_PARALLEL:=0
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/openssl-$(PKG_VERSION)
+
+PKG_SOURCE:=openssl-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+	http://www.openssl.org/source/ \
+	http://www.openssl.org/source/old/$(PKG_BASE)/ \
+	http://ftp.fi.muni.cz/pub/openssl/source/ \
+	http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
+	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
+	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
+
+PKG_LICENSE:=OpenSSL
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:openssl:openssl
+
+include $(INCLUDE_DIR)/package.mk
+
+ifneq ($(CONFIG_CCACHE),)
+HOSTCC=$(HOSTCC_NOCACHE)
+HOSTCXX=$(HOSTCXX_NOCACHE)
+endif
+
+define Package/$(PKG_NAME)/Default
+  TITLE:=Open source SSL toolkit
+  URL:=http://www.openssl.org/
+  SECTION:=libs
+  CATEGORY:=Libraries
+endef
+
+define Package/openssl1.1/Default/description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols as well
+as a full-strength general-purpose cryptography library.
+endef
+
+define Package/libopenssl1.1
+$(call Package/openssl1.1/Default)
+  SUBMENU:=SSL
+  TITLE+= (libraries)
+  ABI_VERSION:=$(PKG_VERSION)
+  MENU:=1
+endef
+
+define Package/libopenssl1.1/description
+$(call Package/openssl/Default/description)
+This package contains the OpenSSL shared libraries, needed by other programs.
+endef
+
+
+define Package/libopenssl1.1/conffiles
+/etc/ssl/openssl.cnf
+endef
+
+# do NOT interfere original openssl staging dir
+MY_PKG_STAGING_DIR:=$(BUILD_DIR)/openssl1.1_staging_dir
+
+OPENSSL_OPTIONS:= no-shared no-ssl3-method
+
+# https://github.com/openssl/openssl/issues/1607
+# it seems musl-libc doesn't support this
+OPENSSL_OPTIONS += no-async
+
+OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
+
+OPENSSL_OPTIONS += no-idea
+
+OPENSSL_OPTIONS += no-seed
+
+OPENSSL_OPTIONS += no-whirlpool
+
+OPENSSL_OPTIONS += no-deprecated
+
+TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+
+
+
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
+
+STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
+
+define Build/Configure
+	[ -f $(STAMP_CONFIGURED) ] || { \
+		rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
+		find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
+		rm -rf $(MY_PKG_STAGING_DIR); \
+	}
+	(cd $(PKG_BUILD_DIR); \
+		./Configure $(OPENSSL_TARGET) \
+			--prefix=/usr \
+			--openssldir=/etc/ssl \
+			--libdir=lib \
+			$(TARGET_CPPFLAGS) \
+			$(TARGET_LDFLAGS) \
+			$(OPENSSL_OPTIONS) && \
+		{ [ -f $(STAMP_CONFIGURED) ] || make clean; } \
+	)
+
+endef
+
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+		OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
+		$(OPENSSL_MAKEFLAGS) \
+		all
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		$(OPENSSL_MAKEFLAGS) \
+		install_sw install_ssldirs
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(MY_PKG_STAGING_DIR)/usr/include/
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.a $(MY_PKG_STAGING_DIR)/usr/lib/
+endef
+
+define Build/Clean
+	rm -rf $(MY_PKG_STAGING_DIR)
+	$(call Build/Clean/Default)
+endef
+
+define Package/libopenssl1.1/install
+true
+endef
+
+$(eval $(call BuildPackage,libopenssl1.1))

openwrt-trojan/openssl1.1/patches/1.1.1/100-Configure-afalg-support.patch

@@ -0,0 +1,25 @@
+From 559fbff13af9ce2fbc0b9bc5727a7323e1db6217 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:29:21 -0300
+Subject: Do not use host kernel version to disable AFALG
+
+This patch prevents the Configure script from using the host kernel
+version to disable building the AFALG engine on openwrt targets.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/Configure b/Configure
+index 5a699836f3..74d057c219 100755
+--- a/Configure
++++ b/Configure
+@@ -1545,7 +1545,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ 
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+-    if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
++    if ($target =~ m/openwrt$/) {
++        push @{$config{engdirs}}, "afalg";
++    } elsif (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+         my $minver = 4*10000 + 1*100 + 0;
+         if ($config{CROSS_COMPILE} eq "") {
+             my $verstr = `uname -r`;

openwrt-trojan/openssl1.1/patches/1.1.1/110-openwrt_targets.patch

@@ -0,0 +1,63 @@
+From 3d43acc6068f00dbfc0c9a06355e2c8f7d302d0f Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:30:24 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/Configurations/25-openwrt.conf b/Configurations/25-openwrt.conf
+new file mode 100644
+index 0000000000..86a86d31e4
+--- /dev/null
++++ b/Configurations/25-openwrt.conf
+@@ -0,0 +1,48 @@
++## Openwrt "CONFIG_ARCH" matching targets.
++
++# The targets need to end in '-openwrt' for the AFALG patch to work
++
++my %targets = (
++    "openwrt" => {
++	template	=> 1,
++	CFLAGS		=> add("\$(OPENWRT_OPTIMIZATION_FLAGS)"),
++    },
++    "linux-aarch64-openwrt" => {
++        inherit_from    => [ "linux-aarch64", "openwrt" ],
++    },
++    "linux-arc-openwrt" => {
++        inherit_from    => [ "linux-generic32", "openwrt" ],
++    },
++    "linux-arm-openwrt" => {
++        inherit_from    => [ "linux-armv4", "openwrt" ],
++    },
++    "linux-armeb-openwrt" => {
++        inherit_from    => [ "linux-armv4", "openwrt" ],
++    },
++    "linux-i386-openwrt" => {
++        inherit_from    => [ "linux-x86", "openwrt" ],
++    },
++    "linux-mips-openwrt" => {
++        inherit_from    => [ "linux-mips32", "openwrt" ],
++    },
++    "linux-mips64-openwrt" => {
++        inherit_from    => [ "linux64-mips64", "openwrt" ],
++    },
++    "linux-mips64el-openwrt" => {
++        inherit_from    => [ "linux64-mips64", "openwrt" ],
++    },
++    "linux-mipsel-openwrt" => {
++        inherit_from    => [ "linux-mips32", "openwrt" ],
++    },
++    "linux-powerpc-openwrt" => {
++        inherit_from    => [ "linux-ppc", "openwrt" ],
++    },
++    "linux-x86_64-openwrt" => {
++        inherit_from    => [ "linux-x86_64", "openwrt" ],
++    },
++
++### Basic default option
++    "linux-generic32-openwrt" => {
++        inherit_from    => [ "linux-generic32", "openwrt" ],
++    },
++);

openwrt-trojan/openssl1.1/patches/1.1.1/120-strip-cflags-from-binary.patch

@@ -0,0 +1,23 @@
+From 4ad8f2fe6bf3b91df7904fcbe960e5fdfca36336 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:31:38 -0300
+Subject: Avoid exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/crypto/build.info b/crypto/build.info
+index 2c619c62e8..893128345a 100644
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+ 
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map% -ffile-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
+ 
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)

openwrt-trojan/openssl1.1/patches/1.1.1/130-dont-build-tests-fuzz.patch

@@ -0,0 +1,31 @@
+From ba2fe646f2d9104a18b066e43582154049e9ffcb Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:34:38 -0300
+Subject: Do not build tests and fuzz directories
+
+This shortens build time.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/Configure b/Configure
+index 74d057c219..5813e9f8fe 100755
+--- a/Configure
++++ b/Configure
+@@ -318,7 +318,7 @@ my $auto_threads=1;    # enable threads automatically? true by default
+ my $default_ranlib;
+ 
+ # Top level directories to build
+-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
++$config{dirs} = [ "crypto", "ssl", "engines", "apps", "util", "tools" ];
+ # crypto/ subdirectories to build
+ $config{sdirs} = [
+     "objects",
+@@ -330,7 +330,7 @@ $config{sdirs} = [
+     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
+     ];
+ # test/ subdirectories to build
+-$config{tdirs} = [ "ossl_shim" ];
++$config{tdirs} = [];
+ 
+ # Known TLS and DTLS protocols
+ my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);

openwrt-trojan/trojan/Makefile

@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2018-2020 wongsyrone
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=trojan
+PKG_VERSION:=1.16.0
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/trojan-gfw/trojan.git
+PKG_MIRROR_HASH:=73367d53960b42af8a4d9680dbf2ef669d0f3c00d7859a736abfc522d9e0c625
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=3e7bb9aecdc694f9bcae8d646fae395f773d60f8
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+CMAKE_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+PKG_BUILD_DEPENDS:=openssl
+
+PKG_LICENSE:=GPL-3.0
+
+PKG_MAINTAINER:=GreaterFire
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+TARGET_CXXFLAGS += -Wall -Wextra
+TARGET_CXXFLAGS += $(FPIC)
+
+# LTO
+TARGET_CXXFLAGS += -flto
+TARGET_LDFLAGS += -flto
+
+# CXX standard
+TARGET_CXXFLAGS += -std=c++11
+TARGET_CXXFLAGS := $(filter-out -O%,$(TARGET_CXXFLAGS)) -O3
+TARGET_CXXFLAGS += -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+CMAKE_OPTIONS += \
+	-DENABLE_MYSQL=OFF \
+	-DENABLE_NAT=ON \
+	-DENABLE_REUSE_PORT=ON \
+	-DENABLE_SSL_KEYLOG=ON \
+	-DENABLE_TLS13_CIPHERSUITES=ON \
+	-DFORCE_TCP_FASTOPEN=OFF \
+	-DSYSTEMD_SERVICE=OFF \
+	-DOPENSSL_USE_STATIC_LIBS=FALSE \
+	-DBoost_DEBUG=ON \
+	-DBoost_NO_BOOST_CMAKE=ON
+
+define Package/trojan
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=An unidentifiable mechanism that helps you bypass GFW
+	URL:=https://github.com/trojan-gfw/trojan
+	DEPENDS:= +libpthread +libstdcpp +libopenssl \
+		+boost +boost-system +boost-program_options +boost-date_time
+endef
+
+define Package/trojan/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/trojan $(1)/usr/sbin/trojan
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/trojan.config $(1)/etc/config/trojan
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/trojan.init $(1)/etc/init.d/trojan
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/trojan/config.json $(1)/etc/trojan.json
+endef
+
+define Package/trojan/conffiles
+/etc/config/trojan
+/etc/trojan.json
+endef
+
+$(eval $(call BuildPackage,trojan))

openwrt-trojan/trojan/files/trojan.config

@@ -0,0 +1,4 @@
+
+config trojan
+	option enabled     '0'
+

openwrt-trojan/trojan/files/trojan.init

@@ -0,0 +1,70 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 wongsyrone
+
+. /lib/functions.sh
+. /usr/share/libubox/jshn.sh
+
+START=95
+USE_PROCD=1
+#PROCD_DEBUG=1
+
+PROG=/usr/sbin/trojan
+CONF=/etc/trojan.json
+
+config_load "trojan"
+
+parse_trojan() {
+    config_get ENABLED "$section" "enabled"
+}
+
+config_foreach parse_trojan 'trojan'
+
+check_multicore() {
+    local is_reuse_port=
+    json_init
+    json_load_file "${CONF}"
+    json_select "tcp"
+    json_get_var is_reuse_port "reuse_port"
+    json_select ".."
+    if [ "1" = "$is_reuse_port" ] || [ "true" = "$is_reuse_port" ]; then
+        multicore_ready=true
+    else
+        multicore_ready=false
+    fi
+    echo multicore_ready is $multicore_ready
+    local cpunum
+    cpunum=$(grep '^cpu\scores' /proc/cpuinfo | uniq |  awk '{print $4}' )
+    echo real cpu core num is $cpunum
+    if [ "x" = "x$cpunum" ]; then
+        cpunum=$(grep -c '^processor' /proc/cpuinfo )
+        echo all cpu core num is $cpunum, including Hyper-threading virtual cores
+    fi
+    if [ "xtrue" = "x$multicore_ready" ]; then
+        return "$cpunum"
+    else
+        return 1
+    fi
+}
+
+start_service() {
+    check_multicore
+    local cpunum=$?
+    echo cpunum is $cpunum
+    if [ "1" = "$ENABLED" ] || [ "on" = "$ENABLED" ] || [ "true" = "$ENABLED" ]; then
+        for i in $(seq 1 ${cpunum});
+        do
+            procd_open_instance
+            procd_set_param command $PROG --config $CONF
+            procd_set_param user root # run service as user root
+            procd_set_param stdout 1 # forward stdout of the command to logd
+            procd_set_param stderr 1 # same for stderr
+            procd_set_param limits nofile="1048576 1048576" # max allowed value can be fetched via /proc/sys/fs/nr_open
+            [ -e /proc/sys/kernel/core_pattern ] && {
+                    procd_append_param limits core="unlimited"
+            }
+            procd_close_instance
+        done
+    else
+        echo "trojan is disabled, please check /etc/config/trojan"
+    fi
+}

openwrt-trojan/trojan/patches/001-force-openssl-version.patch

@@ -0,0 +1,11 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -28,7 +28,7 @@
+     add_definitions(-DBOOST_DATE_TIME_NO_LIB)
+ endif()
+ 
+-find_package(OpenSSL 1.1.0 REQUIRED)
++find_package(OpenSSL 1.1.1 REQUIRED)
+ target_include_directories(trojan PRIVATE ${OPENSSL_INCLUDE_DIR})
+ target_link_libraries(trojan ${OPENSSL_LIBRARIES})
+ if(OPENSSL_VERSION VERSION_GREATER_EQUAL 1.1.1)