compat: use timingsafe_bcmp if available

Its return value is the opposite of consttime_memequal.
This function is available all modern BSD's except for NetBSD where
we have consttime_memequal.

diff --git a/configure b/configure
index a60da13798fd347d256a47fc804f5ea4fa88df08..07d68349918ef4bd9129f052b958c1be00d3e4f8 100755 (executable)
--- a/configure
+++ b/configure
@@ -1150,9 +1150,31 @@ EOF
        echo "$CONSTTIME_MEMEQUAL"
        rm -f _consttime_memequal.c _consttime_memequal
 fi
+if [ "$CONSTTIME_MEMEQUAL" = no ] && [ -z "$TIMINGSAFE_BCMP" ]; then
+       printf "Testing for timingsafe_bcmp ... "
+       cat <<EOF >_timingsafe_bcmp.c
+#include <string.h>
+int main(void) {
+       return timingsafe_bcmp("deadbeef", "deadbeef", 8);
+}
+EOF
+       if $XCC _timingsafe_bcmp.c -o _timingsafe_bcmp 2>&3; then
+               TIMINGSAFE_BCMP=yes
+       else
+               TIMINGSAFE_BCMP=no
+       fi
+       echo "$TIMINGSAFE_BCMP"
+       rm -f _timingsafe_bcmp.c _timingsafe_bcmp
+fi
+
 if [ "$CONSTTIME_MEMEQUAL" = no ]; then
-       echo "#include                  \"compat/consttime_memequal.h\"" \
-           >>$CONFIG_H
+       if [ "$TIMINGSAFE_BCMP" = yes ]; then
+               echo "#define   consttime_memequal      !timingsafe_bcmp" \
+                   >>$CONFIG_H
+       else
+               echo "#include                  \"compat/consttime_memequal.h\"" \
+                   >>$CONFIG_H
+       fi
 fi
 
 if [ -z "$DPRINTF" ]; then