BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version

The build fails on versions older than 1.0.1d which is the first one
introducing CRYPTO_memcmp(), so let's have a define for this instead
of enabling it whenever USE_OPENSSL is set. One could also wonder why
we're relying on openssl for such a trivial thing, and a simple local
implementation could also allow to restore lexicographic ordering.

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index d26deccc6c2c20cab72ec3ab9a7521084cf4bf4a..96a0bf38b0c893fc82f1c1abff166c18f547e83e 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -65,6 +65,11 @@
 #define HAVE_SSL_CTX_get0_privatekey
 #endif
 
+#if HA_OPENSSL_VERSION_NUMBER >= 0x1000104fL
+/* CRYPTO_memcmp() is present since openssl 1.0.1d */
+#define HAVE_CRYPTO_memcmp
+#endif
+
 #if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT))
 #define HAVE_SSL_SCTL
 #endif

diff --git a/src/sample.c b/src/sample.c
index 510d6b5045e8defe59da98efbacea2ab69833864..08c5283f5e64c73993ff58d0d51c0a609cc7a7ae 100644 (file)
--- a/src/sample.c
+++ b/src/sample.c
@@ -3278,7 +3278,7 @@ static int sample_conv_strcmp(const struct arg *arg_p, struct sample *smp, void
        return 1;
 }
 
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
 /* Compares bytestring with a variable containing a bytestring. Return value
  * is `true` if both bytestrings are bytewise identical and `false` otherwise.
  *
@@ -3605,7 +3605,7 @@ static int smp_check_strcmp(struct arg *args, struct sample_conv *conv,
        return 0;
 }
 
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
 /* This function checks the "secure_memcmp" converter's arguments and extracts the
  * variable name and its scope.
  */
@@ -4287,7 +4287,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
 #endif
        { "concat", sample_conv_concat,    ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR,  SMP_T_STR },
        { "strcmp", sample_conv_strcmp,    ARG1(1,STR), smp_check_strcmp, SMP_T_STR,  SMP_T_SINT },
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
        { "secure_memcmp", sample_conv_secure_memcmp,    ARG1(1,STR), smp_check_secure_memcmp, SMP_T_BIN,  SMP_T_BOOL },
 #endif