From: Willy Tarreau Date: Sun, 9 May 2021 09:59:49 +0000 (+0200) Subject: BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version X-Git-Tag: v2.4-dev19~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a8a2f0223ca840e4336cfa879c6261c83bc9cea;p=thirdparty%2Fhaproxy.git BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version The build fails on versions older than 1.0.1d which is the first one introducing CRYPTO_memcmp(), so let's have a define for this instead of enabling it whenever USE_OPENSSL is set. One could also wonder why we're relying on openssl for such a trivial thing, and a simple local implementation could also allow to restore lexicographic ordering. --- diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index d26deccc6c..96a0bf38b0 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -65,6 +65,11 @@ #define HAVE_SSL_CTX_get0_privatekey #endif +#if HA_OPENSSL_VERSION_NUMBER >= 0x1000104fL +/* CRYPTO_memcmp() is present since openssl 1.0.1d */ +#define HAVE_CRYPTO_memcmp +#endif + #if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT)) #define HAVE_SSL_SCTL #endif diff --git a/src/sample.c b/src/sample.c index 510d6b5045..08c5283f5e 100644 --- a/src/sample.c +++ b/src/sample.c @@ -3278,7 +3278,7 @@ static int sample_conv_strcmp(const struct arg *arg_p, struct sample *smp, void return 1; } -#ifdef USE_OPENSSL +#if defined(HAVE_CRYPTO_memcmp) /* Compares bytestring with a variable containing a bytestring. Return value * is `true` if both bytestrings are bytewise identical and `false` otherwise. * @@ -3605,7 +3605,7 @@ static int smp_check_strcmp(struct arg *args, struct sample_conv *conv, return 0; } -#ifdef USE_OPENSSL +#if defined(HAVE_CRYPTO_memcmp) /* This function checks the "secure_memcmp" converter's arguments and extracts the * variable name and its scope. */ @@ -4287,7 +4287,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, { #endif { "concat", sample_conv_concat, ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR, SMP_T_STR }, { "strcmp", sample_conv_strcmp, ARG1(1,STR), smp_check_strcmp, SMP_T_STR, SMP_T_SINT }, -#ifdef USE_OPENSSL +#if defined(HAVE_CRYPTO_memcmp) { "secure_memcmp", sample_conv_secure_memcmp, ARG1(1,STR), smp_check_secure_memcmp, SMP_T_BIN, SMP_T_BOOL }, #endif