Skip to content

Commit

Permalink
doc: add note about timingSafeEqual for TypedArray
Browse files Browse the repository at this point in the history 
PR-URL: #36323
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
  • Loading branch information
@tniessen @targos
tniessen authored and targos committed Dec 21, 2020
1 parent 27260c7 commit ad75c78
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion doc/api/crypto.md
View file
Expand Up @@ -3383,7 +3383,11 @@ comparing HMAC digests or secret values like authentication cookies or
[capability urls](https://www.w3.org/TR/capability-urls/).

`a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they
must have the same length.
must have the same byte length.

If at least one of `a` and `b` is a `TypedArray` with more than one byte per
entry, such as `Uint16Array`, the result will be computed using the platform
byte order.

Use of `crypto.timingSafeEqual` does not guarantee that the *surrounding* code
is timing-safe. Care should be taken to ensure that the surrounding code does
Expand Down

0 comments on commit ad75c78

Please sign in to comment.