BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version

The build fails on versions older than 1.0.1d which is the first one
introducing CRYPTO_memcmp(), so let's have a define for this instead
of enabling it whenever USE_OPENSSL is set. One could also wonder why
we're relying on openssl for such a trivial thing, and a simple local
implementation could also allow to restore lexicographic ordering.

include/haproxy/openssl-compat.h

@@ -65,6 +65,11 @@
 #define HAVE_SSL_CTX_get0_privatekey
 #endif
 
+#if HA_OPENSSL_VERSION_NUMBER >= 0x1000104fL
+/* CRYPTO_memcmp() is present since openssl 1.0.1d */
+#define HAVE_CRYPTO_memcmp
+#endif
+
 #if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT))
 #define HAVE_SSL_SCTL
 #endif

src/sample.c

@@ -3278,7 +3278,7 @@ static int sample_conv_strcmp(const struct arg *arg_p, struct sample *smp, void
 	return 1;
 }
 
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
 /* Compares bytestring with a variable containing a bytestring. Return value
  * is `true` if both bytestrings are bytewise identical and `false` otherwise.
  *
@@ -3605,7 +3605,7 @@ static int smp_check_strcmp(struct arg *args, struct sample_conv *conv,
 	return 0;
 }
 
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
 /* This function checks the "secure_memcmp" converter's arguments and extracts the
  * variable name and its scope.
  */
@@ -4287,7 +4287,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
 #endif
 	{ "concat", sample_conv_concat,    ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR,  SMP_T_STR },
 	{ "strcmp", sample_conv_strcmp,    ARG1(1,STR), smp_check_strcmp, SMP_T_STR,  SMP_T_SINT },
-#ifdef USE_OPENSSL
+#if defined(HAVE_CRYPTO_memcmp)
 	{ "secure_memcmp", sample_conv_secure_memcmp,    ARG1(1,STR), smp_check_secure_memcmp, SMP_T_BIN,  SMP_T_BOOL },
 #endif