Hello! On Sun, 3 Oct 2021 20:12:20 +0200 Kurt Roeckx <k...@roeckx.be> wrote: > src/client/ns_turn_msg.c: In function stun_produce_integrity_key_str: > src/client/ns_turn_msg.c:260:7: warning: implicit declaration of function > FIPS_mode [-Wimplicit-function-declaration] > 260 | if (FIPS_mode()) { > | ^~~~~~~~~ > [...] > /usr/bin/ld: lib/libturnclient.a(ns_turn_msg.o): in function > `stun_produce_integrity_key_str': > ./src/client/ns_turn_msg.c:260: undefined reference to `FIPS_mode' > collect2: error: ld returned 1 exit status
Please consider to apply my patch fixing build against newest OpenSSL. The patch refers to the OPENSSL_FIPS macro that used to be in ancient OpenSSL source code. This fix does not change behaviour because the FIPS_mode() function always returned zero.
diffstat for coturn-4.5.2 coturn-4.5.2 changelog | 8 ++++++++ patches/No-FIPS-140-mode.patch | 31 +++++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 40 insertions(+) diff -Nru coturn-4.5.2/debian/changelog coturn-4.5.2/debian/changelog --- coturn-4.5.2/debian/changelog 2021-03-24 22:30:23.000000000 +0300 +++ coturn-4.5.2/debian/changelog 2022-06-02 12:41:25.000000000 +0300 @@ -1,3 +1,11 @@ +coturn (4.5.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * New No-FIPS-140-mode.patch fixes build against OpenSSL 3.0 + (Closes: #995659, LP: #1967018) + + -- Nicholas Guriev <guriev...@ya.ru> Thu, 02 Jun 2022 12:41:25 +0300 + coturn (4.5.2-3) unstable; urgency=medium [ Ferenc Wágner ] diff -Nru coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch --- coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch 1970-01-01 03:00:00.000000000 +0300 +++ coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch 2022-06-02 12:34:17.000000000 +0300 @@ -0,0 +1,31 @@ +From: Nicholas Guriev <guriev...@ya.ru> +Date: Thu, 02 Jun 2022 12:34:17 +0300 +Subject: Do not check FIPS 140 mode + It is not available in OpenSSL as packaged in Debian. The OPENSSL_FIPS macro + appeared in ancient OpenSSL sources but was never defined. + https://sources.debian.org/src/openssl/1.1.1n-0%2Bdeb11u2/crypto/o_fips.c/ + +--- + src/client/ns_turn_msg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/client/ns_turn_msg.c ++++ b/src/client/ns_turn_msg.c +@@ -244,7 +244,7 @@ int stun_produce_integrity_key_str(const + unsigned int keylen = 0; + EVP_MD_CTX ctx; + EVP_MD_CTX_init(&ctx); +-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) ++#ifdef OPENSSL_FIPS + if (FIPS_mode()) { + EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } +@@ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const + #else + unsigned int keylen = 0; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); +-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER) ++#ifdef OPENSSL_FIPS + if (FIPS_mode()) { + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } diff -Nru coturn-4.5.2/debian/patches/series coturn-4.5.2/debian/patches/series --- coturn-4.5.2/debian/patches/series 2021-02-10 22:05:50.000000000 +0300 +++ coturn-4.5.2/debian/patches/series 2022-06-02 12:34:17.000000000 +0300 @@ -1,2 +1,3 @@ Set-logging-to-syslog.patch Fix-undefinded-OPENSSL_VERSION_1_1_1.patch +No-FIPS-140-mode.patch
signature.asc
Description: This is a digitally signed message part