Use an input insensitive implementation of same_mem instead of memcmp.

I don't know that having same_mem be sensitive to input would actually
allow any form of timing attack in the current codebase, but it seemed
like a prudent thing to do in any case.

2 files changed, 9 insertions, 1 deletions

diff --git a/doc/log.txt b/doc/log.txt
index d29f00f36..6454c6573 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -1,6 +1,7 @@
 
 * 1.8.3-pre, 2009-??-??
  - Improve handling of low-entropy situations during PRNG seeding
+ - Use an input insensitive implementation of same_mem instead of memcmp
  - Add the Skein-512 SHA-3 candidate hash function
  - Add the XTS block cipher mode from IEEE P1619
  - Provide a default value for AutoSeeded_RNG::reseed
diff --git a/src/utils/mem_ops.h b/src/utils/mem_ops.h
index f6557c744..0fcf34ba8 100644
--- a/src/utils/mem_ops.h
+++ b/src/utils/mem_ops.h
@@ -26,7 +26,14 @@ template<typename T> inline void set_mem(T* ptr, u32bit n, byte val)
    { std::memset(ptr, val, sizeof(T)*n); }
 
 template<typename T> inline bool same_mem(const T* p1, const T* p2, u32bit n)
-   { return (std::memcmp(p1, p2, sizeof(T)*n) == 0); }
+   {
+   bool is_same = true;
+
+   for(u32bit i = 0; i != n; ++i)
+      is_same &= (p1[i] == p2[i]);
+
+   return is_same;
+   }
 
 }