compat: use timingsafe_bcmp if available

Its return value is the opposite of consttime_memequal. This function is available all modern BSD's except for NetBSD where we have consttime_memequal.
2026-01-26 14:13:26 +00:00 · 2025-06-01 16:52:28 +01:00 · 2025-06-01 16:52:28 +01:00 · 46b6a361bb
commit 46b6a361bb
parent 16d65603a8
1 changed files with 24 additions and 2 deletions
--- a/26
+++ b/26
@ -1150,9 +1150,31 @@ EOF
 	echo "$CONSTTIME_MEMEQUAL"
 	rm -f _consttime_memequal.c _consttime_memequal
 fi
+if [ "$CONSTTIME_MEMEQUAL" = no ] && [ -z "$TIMINGSAFE_BCMP" ]; then
+	printf "Testing for timingsafe_bcmp ... "
+	cat <<EOF >_timingsafe_bcmp.c
+#include <string.h>
+int main(void) {
+	return timingsafe_bcmp("deadbeef", "deadbeef", 8);
+}
+EOF
+	if $XCC _timingsafe_bcmp.c -o _timingsafe_bcmp 2>&3; then
+		TIMINGSAFE_BCMP=yes
+	else
+		TIMINGSAFE_BCMP=no
+	fi
+	echo "$TIMINGSAFE_BCMP"
+	rm -f _timingsafe_bcmp.c _timingsafe_bcmp
+fi
+
 if [ "$CONSTTIME_MEMEQUAL" = no ]; then
-	echo "#include			\"compat/consttime_memequal.h\"" \
-	    >>$CONFIG_H
+	if [ "$TIMINGSAFE_BCMP" = yes ]; then
+		echo "#define	consttime_memequal	!timingsafe_bcmp" \
+		    >>$CONFIG_H
+	else
+		echo "#include			\"compat/consttime_memequal.h\"" \
+		    >>$CONFIG_H
+	fi
 fi

 if [ -z "$DPRINTF" ]; then