From f9db1d1302bcc6bf106dc8f20d7ef9051008003c Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Sun, 20 Jul 2025 03:52:06 +0200
Subject: [PATCH] rework gnutls md4 type clash to also cover aws-lc and
 possibly boringssl

de-prioritze the gnutls implementation. this works better because we can
avoid include its explicit md4 header, but with wolfssl we need to set
a macro and with some openssl forks there is no way to exclude the md4
type because it's included via openssl/base.h (boringssl, aws-lc).

options='-DCURL_USE_SCHANNEL=OFF -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_OPENSSL=ON
 -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/aws-lc -DCURL_ZLIB=ON -DCURL_USE_LIBSSH=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON
 -DUSE_LIBRTMP=OFF -DUSE_NGHTTP2=ON -DCURL_CA_FALLBACK=ON -DCURL_CA_SEARCH_SAFE=ON -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_BASIC_AUTH=ON
 -DCURL_DISABLE_BEARER_AUTH=ON -DCURL_DISABLE_BINDLOCAL=ON -DCURL_DISABLE_CA_SEARCH=ON -DCURL_DISABLE_COOKIES=ON
 -DCURL_DISABLE_DIGEST_AUTH=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_FILE=ON -DCURL_DISABLE_FORM_API=ON -DCURL_DISABLE_HEADERS_API=ON
 -DCURL_DISABLE_HTTP=ON -DCURL_DISABLE_IMAP=ON -DCURL_DISABLE_INSTALL=ON -DCURL_DISABLE_IPFS=ON -DCURL_DISABLE_KERBEROS_AUTH=ON
 -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_MQTT=ON -DCURL_DISABLE_NEGOTIATE_AUTH=ON
 -DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_POP3=ON -DCURL_DISABLE_PROGRESS_METER=ON
 -DCURL_DISABLE_RTSP=ON -DCURL_DISABLE_SHA512_256=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SMB=ON -DCURL_DISABLE_SOCKETPAIR=ON
 -DCURL_DISABLE_TELNET=ON -DCURL_DISABLE_WEBSOCKETS=ON -DENABLE_DEBUG=ON -DUSE_ECH=ON -DUSE_HTTPSRR=ON -DENABLE_IPV6=OFF
 -DBUILD_STATIC_LIBS=OFF -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_CURL=OFF -DENABLE_CURLDEBUG=ON'

lib/md4.c:98:24: error: typedef redefinition with different types ('struct md4_ctx' vs 'struct md4_state_st')
   98 | typedef struct md4_ctx MD4_CTX;
      |                        ^
/opt/homebrew/opt/aws-lc/include/openssl/base.h:379:29: note: previous definition is here
  379 | typedef struct md4_state_st MD4_CTX;
      |                             ^
In file included from _buildroulette/bld/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_2_c.c:55:
lib/md4.c:102:12: error: incompatible pointer types passing 'MD4_CTX *' (aka 'struct md4_state_st *') to parameter of type 'struct md4_ctx *' [-Werror,-Wincompatible-pointer-types]
  102 |   md4_init(ctx);
      |            ^~~
/opt/homebrew/Cellar/nettle/3.10.2/include/nettle/md4.h:66:26: note: passing argument to parameter 'ctx' here
   66 | md4_init(struct md4_ctx *ctx);
      |                          ^
In file included from _buildroulette/bld/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_2_c.c:55:
lib/md4.c:108:14: error: incompatible pointer types passing 'MD4_CTX *' (aka 'struct md4_state_st *') to parameter of type 'struct md4_ctx *' [-Werror,-Wincompatible-pointer-types]
  108 |   md4_update(ctx, size, data);
      |              ^~~
/opt/homebrew/Cellar/nettle/3.10.2/include/nettle/md4.h:69:28: note: passing argument to parameter 'ctx' here
   69 | md4_update(struct md4_ctx *ctx,
      |                            ^
In file included from _buildroulette/bld/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_2_c.c:55:
lib/md4.c:113:14: error: incompatible pointer types passing 'MD4_CTX *' (aka 'struct md4_state_st *') to parameter of type 'struct md4_ctx *' [-Werror,-Wincompatible-pointer-types]
  113 |   md4_digest(ctx, MD4_DIGEST_SIZE, result);
      |              ^~~
/opt/homebrew/Cellar/nettle/3.10.2/include/nettle/md4.h:74:28: note: passing argument to parameter 'ctx' here
   74 | md4_digest(struct md4_ctx *ctx,
      |                            ^
In file included from _buildroulette/bld/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_2_c.c:55:
lib/md4.c:528:11: error: variable has incomplete type 'MD4_CTX' (aka 'struct md4_state_st')
  528 |   MD4_CTX ctx;
      |           ^
/opt/homebrew/opt/aws-lc/include/openssl/base.h:379:16: note: forward declaration of 'struct md4_state_st'
  379 | typedef struct md4_state_st MD4_CTX;
      |                ^
5 errors generated.
---
 lib/curl_setup.h |  4 ----
 lib/md4.c        | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 5d03a46638..2f566945e3 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -739,10 +739,6 @@
 #if defined(USE_WOLFSSL) && defined(USE_GNUTLS)
 /* Avoid defining unprefixed wolfSSL SHA macros colliding with nettle ones */
 #define NO_OLD_WC_NAMES
-/* Prevent wolfSSL headers including wolfssl/openssl/md4.h, to avoid its
-   MD4_CTX type clashing with the one defined via nettle/md4.h, and used
-   in md4.c when GnuTLS is enabled. */
-#define NO_MD4
 #endif
 
 /* Single point where USE_SPNEGO definition might be defined */
diff --git a/lib/md4.c b/lib/md4.c
index a77085a6b2..3b8698e65c 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -64,10 +64,8 @@
 #endif
 #endif /* USE_MBEDTLS */
 
-#if defined(USE_GNUTLS)
-#include <nettle/md4.h>
 /* When OpenSSL or wolfSSL is available, we use their MD4 functions. */
-#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
+#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
 #include <wolfssl/openssl/md4.h>
 #elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
 #include <openssl/md4.h>
@@ -83,6 +81,8 @@
 #include <CommonCrypto/CommonDigest.h>
 #elif defined(USE_WIN32_CRYPTO)
 #include <wincrypt.h>
+#elif defined(USE_GNUTLS)
+#include <nettle/md4.h>
 #elif(defined(USE_MBEDTLS) && defined(MBEDTLS_MD4_C))
 #include <mbedtls/md4.h>
 #endif
@@ -93,27 +93,7 @@
 #include "memdebug.h"
 
 
-#if defined(USE_GNUTLS)
-
-typedef struct md4_ctx MD4_CTX;
-
-static int MD4_Init(MD4_CTX *ctx)
-{
-  md4_init(ctx);
-  return 1;
-}
-
-static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
-{
-  md4_update(ctx, size, data);
-}
-
-static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
-{
-  md4_digest(ctx, MD4_DIGEST_SIZE, result);
-}
-
-#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
+#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
 
 #ifdef OPENSSL_COEXIST
   #define MD4_CTX WOLFSSL_MD4_CTX
@@ -193,6 +173,26 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
     CryptReleaseContext(ctx->hCryptProv, 0);
 }
 
+#elif defined(USE_GNUTLS)
+
+typedef struct md4_ctx MD4_CTX;
+
+static int MD4_Init(MD4_CTX *ctx)
+{
+  md4_init(ctx);
+  return 1;
+}
+
+static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
+{
+  md4_update(ctx, size, data);
+}
+
+static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
+{
+  md4_digest(ctx, MD4_DIGEST_SIZE, result);
+}
+
 #elif(defined(USE_MBEDTLS) && defined(MBEDTLS_MD4_C))
 
 struct md4_ctx {