Use CRYPTO_memcmp when comparing authenticators

Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>