Bug#995659: coturn: FTBFS with OpenSSL 3.0

Thu, 02 Jun 2022 05:00:36 -0700 

Hello!

On Sun, 3 Oct 2021 20:12:20 +0200 Kurt Roeckx <k...@roeckx.be> wrote:
> src/client/ns_turn_msg.c: In function stun_produce_integrity_key_str:
> src/client/ns_turn_msg.c:260:7: warning: implicit declaration of function 
> FIPS_mode [-Wimplicit-function-declaration]
>   260 |   if (FIPS_mode()) {
>       |       ^~~~~~~~~
> [...]
> /usr/bin/ld: lib/libturnclient.a(ns_turn_msg.o): in function 
> `stun_produce_integrity_key_str':
> ./src/client/ns_turn_msg.c:260: undefined reference to `FIPS_mode'
> collect2: error: ld returned 1 exit status

Please consider to apply my patch fixing build against newest OpenSSL. 
The patch refers to the OPENSSL_FIPS macro that used to be in ancient 
OpenSSL source code. This fix does not change behaviour because 
the FIPS_mode() function always returned zero.


diffstat for coturn-4.5.2 coturn-4.5.2

 changelog                      |    8 ++++++++
 patches/No-FIPS-140-mode.patch |   31 +++++++++++++++++++++++++++++++
 patches/series                 |    1 +
 3 files changed, 40 insertions(+)

diff -Nru coturn-4.5.2/debian/changelog coturn-4.5.2/debian/changelog
--- coturn-4.5.2/debian/changelog       2021-03-24 22:30:23.000000000 +0300
+++ coturn-4.5.2/debian/changelog       2022-06-02 12:41:25.000000000 +0300
@@ -1,3 +1,11 @@
+coturn (4.5.2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New No-FIPS-140-mode.patch fixes build against OpenSSL 3.0
+    (Closes: #995659, LP: #1967018)
+
+ -- Nicholas Guriev <guriev...@ya.ru>  Thu, 02 Jun 2022 12:41:25 +0300
+
 coturn (4.5.2-3) unstable; urgency=medium
 
   [ Ferenc Wágner ]
diff -Nru coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch 
coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch
--- coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch  1970-01-01 
03:00:00.000000000 +0300
+++ coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch  2022-06-02 
12:34:17.000000000 +0300
@@ -0,0 +1,31 @@
+From: Nicholas Guriev <guriev...@ya.ru>
+Date: Thu, 02 Jun 2022 12:34:17 +0300
+Subject: Do not check FIPS 140 mode
+ It is not available in OpenSSL as packaged in Debian. The OPENSSL_FIPS macro
+ appeared in ancient OpenSSL sources but was never defined.
+ https://sources.debian.org/src/openssl/1.1.1n-0%2Bdeb11u2/crypto/o_fips.c/
+
+---
+ src/client/ns_turn_msg.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/client/ns_turn_msg.c
++++ b/src/client/ns_turn_msg.c
+@@ -244,7 +244,7 @@ int stun_produce_integrity_key_str(const
+               unsigned int keylen = 0;
+               EVP_MD_CTX ctx;
+               EVP_MD_CTX_init(&ctx);
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && 
!defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+               if (FIPS_mode()) {
+                       
EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+               }
+@@ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const
+ #else
+               unsigned int keylen = 0;
+               EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! 
defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+               if (FIPS_mode()) {
+                       EVP_MD_CTX_set_flags(ctx, 
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+               }
diff -Nru coturn-4.5.2/debian/patches/series coturn-4.5.2/debian/patches/series
--- coturn-4.5.2/debian/patches/series  2021-02-10 22:05:50.000000000 +0300
+++ coturn-4.5.2/debian/patches/series  2022-06-02 12:34:17.000000000 +0300
@@ -1,2 +1,3 @@
 Set-logging-to-syslog.patch
 Fix-undefinded-OPENSSL_VERSION_1_1_1.patch
+No-FIPS-140-mode.patch

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to