Hello!
On Sun, 3 Oct 2021 20:12:20 +0200 Kurt Roeckx wrote:
> src/client/ns_turn_msg.c: In function stun_produce_integrity_key_str:
> src/client/ns_turn_msg.c:260:7: warning: implicit declaration of function
> FIPS_mode [-Wimplicit-function-declaration]
> 260 | if (FIPS_mode()) {
> | ^
> [...]
> /usr/bin/ld: lib/libturnclient.a(ns_turn_msg.o): in function
> `stun_produce_integrity_key_str':
> ./src/client/ns_turn_msg.c:260: undefined reference to `FIPS_mode'
> collect2: error: ld returned 1 exit status
Please consider to apply my patch fixing build against newest OpenSSL.
The patch refers to the OPENSSL_FIPS macro that used to be in ancient
OpenSSL source code. This fix does not change behaviour because
the FIPS_mode() function always returned zero.
diffstat for coturn-4.5.2 coturn-4.5.2
changelog |8
patches/No-FIPS-140-mode.patch | 31 +++
patches/series |1 +
3 files changed, 40 insertions(+)
diff -Nru coturn-4.5.2/debian/changelog coturn-4.5.2/debian/changelog
--- coturn-4.5.2/debian/changelog 2021-03-24 22:30:23.0 +0300
+++ coturn-4.5.2/debian/changelog 2022-06-02 12:41:25.0 +0300
@@ -1,3 +1,11 @@
+coturn (4.5.2-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New No-FIPS-140-mode.patch fixes build against OpenSSL 3.0
+(Closes: #995659, LP: #1967018)
+
+ -- Nicholas Guriev Thu, 02 Jun 2022 12:41:25 +0300
+
coturn (4.5.2-3) unstable; urgency=medium
[ Ferenc Wágner ]
diff -Nru coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch
coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch
--- coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch 1970-01-01
03:00:00.0 +0300
+++ coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch 2022-06-02
12:34:17.0 +0300
@@ -0,0 +1,31 @@
+From: Nicholas Guriev
+Date: Thu, 02 Jun 2022 12:34:17 +0300
+Subject: Do not check FIPS 140 mode
+ It is not available in OpenSSL as packaged in Debian. The OPENSSL_FIPS macro
+ appeared in ancient OpenSSL sources but was never defined.
+ https://sources.debian.org/src/openssl/1.1.1n-0%2Bdeb11u2/crypto/o_fips.c/
+
+---
+ src/client/ns_turn_msg.c |4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/client/ns_turn_msg.c
b/src/client/ns_turn_msg.c
+@@ -244,7 +244,7 @@ int stun_produce_integrity_key_str(const
+ unsigned int keylen = 0;
+ EVP_MD_CTX ctx;
+ EVP_MD_CTX_init();
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW &&
!defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+
EVP_MD_CTX_set_flags(,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+@@ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const
+ #else
+ unsigned int keylen = 0;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !
defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ EVP_MD_CTX_set_flags(ctx,
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
diff -Nru coturn-4.5.2/debian/patches/series coturn-4.5.2/debian/patches/series
--- coturn-4.5.2/debian/patches/series 2021-02-10 22:05:50.0 +0300
+++ coturn-4.5.2/debian/patches/series 2022-06-02 12:34:17.0 +0300
@@ -1,2 +1,3 @@
Set-logging-to-syslog.patch
Fix-undefinded-OPENSSL_VERSION_1_1_1.patch
+No-FIPS-140-mode.patch
signature.asc
Description: This is a digitally signed message part
