diff --git a/include/re_mem.h b/include/re_mem.h
index a1db178..d09d5e2 100644
--- a/include/re_mem.h
+++ b/include/re_mem.h
@@ -37,3 +37,9 @@ void     mem_threshold_set(ssize_t n);
 struct re_printf;
 int      mem_status(struct re_printf *pf, void *unused);
 int      mem_get_stat(struct memstat *mstat);
+
+
+/* Secure memory functions */
+int  mem_seccmp(const volatile uint8_t *volatile s1,
+		const volatile uint8_t *volatile s2,
+		size_t n);
diff --git a/src/mem/mod.mk b/src/mem/mod.mk
index aaa284a..0de616b 100644
--- a/src/mem/mod.mk
+++ b/src/mem/mod.mk
@@ -5,3 +5,4 @@
 #
 
 SRCS	+= mem/mem.c
+SRCS	+= mem/secure.c
diff --git a/src/mem/secure.c b/src/mem/secure.c
new file mode 100644
index 0000000..6cf64d9
--- /dev/null
+++ b/src/mem/secure.c
@@ -0,0 +1,37 @@
+/**
+ * @file mem/secure.c  Secure memory functions
+ *
+ * Copyright (C) 2010 Creytiv.com
+ */
+
+#include <re_types.h>
+#include <re_mem.h>
+
+
+/**
+ * Compare two byte strings in constant time. This function can be used
+ * by secure code to compare secret data, such as authentication tags,
+ * to avoid side-channel attacks.
+ *
+ * @param s1 First byte string
+ * @param s2 Second byte string
+ * @param n  Number of bytes
+ *
+ * @return a negative number if argument errors
+ *         0 if both byte strings matching
+ *         a positive number if not matching
+ */
+int mem_seccmp(const volatile uint8_t *volatile s1,
+	       const volatile uint8_t *volatile s2,
+	       size_t n)
+{
+	uint8_t val = 0;
+
+	if (!s1 || !s2)
+		return -1;
+
+	while (n--)
+		val |= *s1++ ^ *s2++;
+
+	return val;
+}