From 07f76723e2a0ccdb37152a95eeaa8643ac60be22 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 18 Jun 2025 10:10:00 -0400 Subject: [PATCH 01/10] Disable MD5 by default Disable the use of MD5 by default. Add the conditional use of MD5 when --enable-all-crypto is present. Add the use of MD5 when --enable-opensslextra is present. Add the use of MD5 when --enable-tlsv10 is present. --- configure.ac | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 21dfb0c79..db02795ce 100644 --- a/configure.ac +++ b/configure.ac @@ -1323,6 +1323,7 @@ then test "$enable_blake2s" = "" && enable_blake2s=yes test "$enable_md2" = "" && enable_md2=yes test "$enable_md4" = "" && enable_md4=yes + test "$enable_md5" = "" && enable_md5=yes test "$enable_anon" = "" && enable_anon=yes test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes @@ -4816,6 +4817,7 @@ fi if test "$ENABLED_TLSV10" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10" + enable_md5=yes fi @@ -4862,8 +4864,6 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS" fi - - # STACK SIZE info for testwolfcrypt and examples AC_ARG_ENABLE([stacksize], [AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])], @@ -5476,9 +5476,9 @@ AC_ARG_ENABLE([arc4], # MD5 AC_ARG_ENABLE([md5], - [AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])], + [AS_HELP_STRING([--enable-md5],[Enable MD5 (default: disabled)])], [ ENABLED_MD5=$enableval ], - [ ENABLED_MD5=yes ] + [ ENABLED_MD5=no ] ) # SHA @@ -10188,7 +10188,8 @@ fi if test "$ENABLED_OPENSSLEXTRA" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" + enable_md5=yes + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" From 495324d4dccc91d7d52f5f62c65b61d04d9a1228 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 18 Jun 2025 12:41:25 -0400 Subject: [PATCH 02/10] Add the md5 dependency to options that require it --- configure.ac | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index db02795ce..0ed3d1782 100644 --- a/configure.ac +++ b/configure.ac @@ -4817,7 +4817,6 @@ fi if test "$ENABLED_TLSV10" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10" - enable_md5=yes fi @@ -5481,6 +5480,16 @@ AC_ARG_ENABLE([md5], [ ENABLED_MD5=no ] ) +# Options that require MD5 +if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ + test "$ENABLED_KRB" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \ + test "$ENABLED_NGINX" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \ + test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ + test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" +then + ENABLED_MD5=yes +fi + # SHA AC_ARG_ENABLE([sha], [AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])], @@ -8034,6 +8043,11 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" fi + if test "x$ENABLED_MD5" = "xno" + then + ENABLED_MD5="yes" + fi + AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT" @@ -10188,7 +10202,6 @@ fi if test "$ENABLED_OPENSSLEXTRA" = "yes" then - enable_md5=yes AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi From f33d1d69bb40b3aa4fca9549e41024b75462559f Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:15:50 -0400 Subject: [PATCH 03/10] Enable MD5 when --enable-asio is set --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 0ed3d1782..0826aa20d 100644 --- a/configure.ac +++ b/configure.ac @@ -7836,6 +7836,7 @@ then then ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLEXTRA="yes" + ENABLED_MD5="yes" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN" From 4fd0029f1847be0bdd99f77171ca8b215cf7e217 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:21:00 -0400 Subject: [PATCH 04/10] Enable MD5 when --enable-fortress is set --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0826aa20d..ee3cbe936 100644 --- a/configure.ac +++ b/configure.ac @@ -5485,7 +5485,8 @@ if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ test "$ENABLED_KRB" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \ test "$ENABLED_NGINX" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \ test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ - test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" + test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \ + test "$ENABLED_FORTRESS" = "yes" then ENABLED_MD5=yes fi From 4275b66211865e8adc5744d0c9ae6175fe3ff3d9 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:27:08 -0400 Subject: [PATCH 05/10] Enable MD5 when --enable-jni is set --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index ee3cbe936..724b81496 100644 --- a/configure.ac +++ b/configure.ac @@ -7479,6 +7479,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" then + ENABLED_MD5="yes" ENABLED_OPENSSLEXTRA="yes" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi From 3e774f80742bbe6eca64466ef087d166342b04e2 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:33:52 -0400 Subject: [PATCH 06/10] Enable MD5 when --enable-mcapi is set --- configure.ac | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure.ac b/configure.ac index 724b81496..bcf9e4df7 100644 --- a/configure.ac +++ b/configure.ac @@ -9250,6 +9250,8 @@ then # Use the smaller object size implementation ENABLED_AESGCM=yes fi + + ENABLED_MD5=yes fi if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no" From caaa4fbc5d0740907722102eb2d293f0d5dfc147 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:35:35 -0400 Subject: [PATCH 07/10] Enable MD5 when --enable-lighty is set --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index bcf9e4df7..046c07dda 100644 --- a/configure.ac +++ b/configure.ac @@ -5486,7 +5486,7 @@ if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ test "$ENABLED_NGINX" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \ test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \ - test "$ENABLED_FORTRESS" = "yes" + test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" then ENABLED_MD5=yes fi From 39cef87e43672e460eea9a569c6d071773a24611 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:42:10 -0400 Subject: [PATCH 08/10] Enable MD5 when --enable-des3 is set --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 046c07dda..2bd72dee9 100644 --- a/configure.ac +++ b/configure.ac @@ -5486,7 +5486,8 @@ if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ test "$ENABLED_NGINX" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \ test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \ - test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" + test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" || \ + test "$ENABLED_DES3" = "yes" then ENABLED_MD5=yes fi From 6bba48d89c6b0f34060af8ae22716daa842705fd Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 11:47:04 -0400 Subject: [PATCH 09/10] Enable MD5 when --enabled-bump is set --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2bd72dee9..0ce52f639 100644 --- a/configure.ac +++ b/configure.ac @@ -5487,7 +5487,7 @@ if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \ test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" || \ - test "$ENABLED_DES3" = "yes" + test "$ENABLED_DES3" = "yes" || test "$ENABLED_BUMP" = "yes" then ENABLED_MD5=yes fi From 9ae221444c9d11e77779613f646f06d528c23fc4 Mon Sep 17 00:00:00 2001 From: Alex Lanzano Date: Wed, 25 Jun 2025 15:16:02 -0400 Subject: [PATCH 10/10] Enable MD5 when --enable-opensslall is set --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0ce52f639..81a90719a 100644 --- a/configure.ac +++ b/configure.ac @@ -5487,7 +5487,8 @@ if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \ test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \ test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" || \ - test "$ENABLED_DES3" = "yes" || test "$ENABLED_BUMP" = "yes" + test "$ENABLED_DES3" = "yes" || test "$ENABLED_BUMP" = "yes" || \ + test "$ENABLED_OPENSSLALL" = "yes" then ENABLED_MD5=yes fi