BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version
The build fails on versions older than 1.0.1d which is the first one
introducing CRYPTO_memcmp(), so let's have a define for this instead
of enabling it whenever USE_OPENSSL is set. One could also wonder why
we're relying on openssl for such a trivial thing, and a simple local
implementation could also allow to restore lexicographic ordering.
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index d26decc..96a0bf3 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -65,6 +65,11 @@
#define HAVE_SSL_CTX_get0_privatekey
#endif
+#if HA_OPENSSL_VERSION_NUMBER >= 0x1000104fL
+/* CRYPTO_memcmp() is present since openssl 1.0.1d */
+#define HAVE_CRYPTO_memcmp
+#endif
+
#if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT))
#define HAVE_SSL_SCTL
#endif
diff --git a/src/sample.c b/src/sample.c
index 510d6b5..08c5283 100644
--- a/src/sample.c
+++ b/src/sample.c
@@ -3278,7 +3278,7 @@
return 1;
}
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
/* Compares bytestring with a variable containing a bytestring. Return value
* is `true` if both bytestrings are bytewise identical and `false` otherwise.
*
@@ -3605,7 +3605,7 @@
return 0;
}
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
/* This function checks the "secure_memcmp" converter's arguments and extracts the
* variable name and its scope.
*/
@@ -4287,7 +4287,7 @@
#endif
{ "concat", sample_conv_concat, ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR, SMP_T_STR },
{ "strcmp", sample_conv_strcmp, ARG1(1,STR), smp_check_strcmp, SMP_T_STR, SMP_T_SINT },
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
{ "secure_memcmp", sample_conv_secure_memcmp, ARG1(1,STR), smp_check_secure_memcmp, SMP_T_BIN, SMP_T_BOOL },
#endif