--enable-md5 and build, needs NO_OLD_TLS, suite test version check

configure.ac

@@ -551,6 +551,28 @@ fi
 AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
 
 
+# MD5 
+AC_ARG_ENABLE([md5],
+    [  --enable-md5            Enable MD5 (default: enabled)],
+    [ ENABLED_MD5=$enableval ],
+    [ ENABLED_MD5=yes ]
+    )
+
+if test "$ENABLED_MD5" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
+else
+    # turn off MD5 if leanpsk on
+    if test "$ENABLED_LEANPSK" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
+        ENABLED_MD5=no
+    fi
+fi
+
+AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
+
+
 # MD4 
 AC_ARG_ENABLE([md4],
     [  --enable-md4            Enable MD4 (default: disabled)],
@@ -985,6 +1007,7 @@ echo "   * AES-NI:                    $ENABLED_AESNI"
 echo "   * AES-GCM:                   $ENABLED_AESGCM"
 echo "   * AES-CCM:                   $ENABLED_AESCCM"
 echo "   * Camellia:                  $ENABLED_CAMELLIA"
+echo "   * MD5:                       $ENABLED_MD5"
 echo "   * RIPEMD:                    $ENABLED_RIPEMD"
 echo "   * SHA-512:                   $ENABLED_SHA512"
 echo "   * keygen:                    $ENABLED_KEYGEN"

cyassl/internal.h

@@ -138,8 +138,10 @@ void c32to24(word32 in, word24 out);
   #if !defined(NO_SHA)
     #define BUILD_SSL_RSA_WITH_RC4_128_SHA
   #endif
-    #define BUILD_SSL_RSA_WITH_RC4_128_MD5
+    #if !defined(NO_MD5)
-    #if !defined(NO_TLS) && defined(HAVE_NTRU)
+        #define BUILD_SSL_RSA_WITH_RC4_128_MD5
+    #endif
+    #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
         #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
     #endif
 #endif

src/include.am

@@ -23,7 +23,6 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
 if !BUILD_LEANPSK
 src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c \
                             ctaocrypt/src/coding.c \
-                            ctaocrypt/src/md5.c \
                             ctaocrypt/src/asn.c \
                             ctaocrypt/src/dh.c \
                             ctaocrypt/src/memory.c
@@ -45,6 +44,10 @@ if BUILD_MD4
 src_libcyassl_la_SOURCES += ctaocrypt/src/md4.c
 endif
 
+if BUILD_MD5
+src_libcyassl_la_SOURCES += ctaocrypt/src/md5.c
+endif
+
 if BUILD_PWDBASED
 src_libcyassl_la_SOURCES += ctaocrypt/src/pwdbased.c
 endif

tests/suites.c

@@ -34,6 +34,7 @@
 #define MAX_COMMAND_SZ 240
 #define MAX_SUITE_SZ 80 
 #define NOT_BUILT_IN -123
+#define VERSION_TOO_OLD -124
 
 #include "examples/client/client.h"
 #include "examples/server/server.h"
@@ -41,6 +42,30 @@
 
 CYASSL_CTX* cipherSuiteCtx = NULL;
 
+
+#ifdef NO_OLD_TLS
+/* if the protcol versoin is less than tls 1.2 return 1, else 0 */
+static int IsOldTlsVersion(const char* line)
+{
+    const char* find = "-v ";
+    char* begin = strnstr(line, find, MAX_COMMAND_SZ);
+
+    if (begin) {
+        int version = -1;
+
+        begin += 3;
+
+        version = atoi(begin);
+
+        if (version < 3)
+            return 1;
+    }
+
+    return 0;
+} 
+#endif /* NO_OLD_TLS */
+
+
 /* if the cipher suite on line is valid store in suite and return 1, else 0 */
 static int IsValidCipherSuite(const char* line, char* suite)
 {
@@ -116,6 +141,15 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         return NOT_BUILT_IN;
     }
 
+#ifdef NO_OLD_TLS
+    if (IsOldTlsVersion(commandLine) == 1) {
+        #ifdef DEBUG_SUITE_TESTS
+            printf("protocol version on line %s is too old\n", commandLine);
+        #endif
+        return VERSION_TOO_OLD;
+    }
+#endif
+
     if (addNoVerify) {
         printf("repeating test with client cert request off\n"); 
         added += 4;   /* -d plus space plus terminator */