From c8c8562ff4215c54af7e24d8c9303c31ecfcd772 Mon Sep 17 00:00:00 2001
From: Nick Campbell <nicholas.j.campbell@gmail.com>
Date: Thu, 23 May 2019 21:18:14 -0400
Subject: [PATCH] GH-720 - change to strcmp.

The prior code didn't provide constant time comparison and it wasn't
necessary anyway. Removed in favor of strcmp. Kept the wrapper function
to maintain api consistency.

Signed-off-by: Nick Campbell <nicholas.j.campbell@gmail.com>
---
 src/bcrypt_node.cc | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/src/bcrypt_node.cc b/src/bcrypt_node.cc
index f1e73244..5a1d9a7d 100644
--- a/src/bcrypt_node.cc
+++ b/src/bcrypt_node.cc
@@ -248,26 +248,7 @@ NAN_METHOD(EncryptSync) {
 /* COMPARATOR */
 
 NAN_INLINE bool CompareStrings(const char* s1, const char* s2) {
-
-    bool eq = true;
-    int s1_len = strlen(s1);
-    int s2_len = strlen(s2);
-
-    if (s1_len != s2_len) {
-        eq = false;
-    }
-
-    const int max_len = (s2_len < s1_len) ? s1_len : s2_len;
-
-    // to prevent timing attacks, should check entire string
-    // don't exit after found to be false
-    for (int i = 0; i < max_len; ++i) {
-      if (s1_len >= i && s2_len >= i && s1[i] != s2[i]) {
-        eq = false;
-      }
-    }
-
-    return eq;
+    return strcmp(s1, s2) == 0;
 }
 
 class CompareAsyncWorker : public Nan::AsyncWorker {