Throw openssl dependency away

[dndx]

@clowwindy @madeye

RC4 have a very simple algorithm and can be implemented in just few lines of code. According to my test, we only need the EVP_BytesToKey(3) to make password derivation. It seems that EVP_BytesToKey(3) is using PKCS#5 v1.5 so it's possible just implement this algorithm and throw openssl dependency away.

In my encrypt.c , I just used EVP_BytesToKey(3) to do derivation. After that I used a rc4 implementation I found in OpenBSD Directory and it's working very well.

[cyfdecyf]

@clowwindy @madeye

After some investigation, I found that the call to EVP_BytesToKey(3) in shadowsocks-libuv simply creates a md5 sum from the password. I've confirmed this with supporting RC4 encryption in shadowsocks-go and made it compatible with both the libuv and nodejs port.

It's easy to find a md5 implementation in C, but license issues need to be considered. Here's one implementation used in cups that maybe used.

[madeye]

Cool, I have removed all openssl dependencies in libev implementation, and until now it works well.

[dndx]

Thanks, I will remove that tonight.

[dndx]

@cyfdecyf No worries, shadowsocks-libuv is using a MD5 implementation that is in the public domain.

md5.c
md5.h