Skip to content

Disable MD5 by default#8895

Merged
dgarske merged 10 commits intowolfSSL:masterfrom
AlexLanzano:disable-md5
Jun 27, 2025
Merged

Disable MD5 by default#8895
dgarske merged 10 commits intowolfSSL:masterfrom
AlexLanzano:disable-md5

Conversation

@AlexLanzano
Copy link
Member

@AlexLanzano AlexLanzano commented Jun 18, 2025

Description

Disable the use of MD5 by default.
Add the conditional use of MD5 when --enable-all-crypto or --enable-all is present.
Add the use of MD5 when --enable-opensslextra is present.
Add the use of MD5 when --enable-tlsv10 is present.

Testing

Here are the following configure commands I tested:

Test 1:

./configure

This produces a configure output indicating MD5 is disabled as expected.

Test 2:

./configure --enable-all

and

./configure --enable-all-crypto

Both produce a configure output indicating MD5 is enabled as expected.

Test 3:

./configure --enable-all --disable-md5

and

./configure --enable-all-crypto --disable-md5

Both produce a configure output indicating MD5 is disabled as expected.

Test 4:

./configure --enable-tlsv10

This produced a configure output indicating MD5 is enabled as expected.

douzzer
douzzer previously requested changes Jun 18, 2025
View reviewed changes
@dgarske
Copy link
Contributor

dgarske commented Jun 18, 2025

Assigning back to you @AlexLanzano since there are many failing tests. All related to the compatibility layer enables for OSP projects...

@dgarske dgarske assigned AlexLanzano and unassigned wolfSSL-Bot Jun 18, 2025
@AlexLanzano
Copy link
Member Author

AlexLanzano commented Jun 18, 2025
edited
Loading

Retest this please

It seems the libspm test is failing due to https://git.cryptomilk.org/projects/cmocka.git/ being down

The Ubuntu-Macos-Windows test fails on macos-latest when configuring with user_settings.h. Im unable to reproduce this error on my macbook when doing the same steps. Possibly a fluke?

@AlexLanzano AlexLanzano requested a review from douzzer June 19, 2025 04:35
@AlexLanzano
Copy link
Member Author

AlexLanzano commented Jun 20, 2025

Retest this please.

Does not look like the tests were rerun from my first prompt.

@dgarske
Copy link
Contributor

dgarske commented Jun 20, 2025

Retest this please. Cannot get history for these, but commonly fail and report agent offline

  • Build PRB-generic-config-parser completed: FAILURE
  • Build wolfSSL » PRB-fips-repo-and-harness-test-v3-part1 completed: FAILURE

dgarske
dgarske requested changes Jun 23, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A test is failing still:

--enable-bump --enable-sni --enable-renegotiation-indication --enable-sha512 --enable-ecc --enable-supportedcurves

ERROR - tests/api.c line 53740 failed with:
    expected: wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, wolfSSL_EVP_aes_128_cbc(), passwd, sizeof(passwd) - 1, &pem, &plen) == 1
    result:   0 != 1
 failed (  0.00005)
ERROR - tests/api.c line 68805 failed with:

@dgarske
Copy link
Contributor

dgarske commented Jun 24, 2025

Disabling MD5 by default is a big job! Lol

Failures in single flag tests 25,70, 80, 85

--enable-lighty

Still seeing FAILURES:
740: test_wolfSSL_PKCS8_d2i
861: test_wolfSSL_PEM_write_RSAPrivateKey
862: test_wolfSSL_PEM_write_mem_RSAPrivateKey

--enable-mcapi --with-libz

mcapi/mcapi_test.c: In function ‘check_md5’:
mcapi/mcapi_test.c:223:5: error: unknown type name ‘Md5’
  223 |     Md5           defMd5;
      |     ^~~

@AlexLanzano AlexLanzano marked this pull request as draft June 25, 2025 19:13
@AlexLanzano AlexLanzano marked this pull request as draft June 25, 2025 19:13
@AlexLanzano
Copy link
Member Author

AlexLanzano commented Jun 25, 2025

Retest this please.

Unable to reproduce the failure in "Known apple M1 customer configs A". Maybe a connection issue?

Not seeing some output from PRB-master-job on PRB-generic-config-parser #9216

@JacobBarthelmeh
Copy link
Contributor

JacobBarthelmeh commented Jun 25, 2025

Retest this please Jenkins (updated test cases for recently added tests)

@AlexLanzano AlexLanzano marked this pull request as ready for review June 26, 2025 13:55
@AlexLanzano AlexLanzano requested a review from dgarske June 26, 2025 22:27
@dgarske dgarske merged commit 8b61cd6 into wolfSSL:master Jun 27, 2025
291 of 293 checks passed
gasbytes added a commit to gasbytes/gnutls-wolfssl that referenced this pull request Jun 30, 2025
@gasbytes
Added MD5 option since now MD5 is disabled by default in wolfSSL
91f2e8f 
(wolfSSL/wolfssl#8895).
@gasbytes gasbytes mentioned this pull request Jun 30, 2025
Merged
@aidangarske aidangarske mentioned this pull request Jul 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@douzzer douzzer Awaiting requested review from douzzer

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@AlexLanzano @dgarske @JacobBarthelmeh @douzzer @wolfSSL-Bot