From 89b0d2364823926574c22ed22f37ffc6781b3612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 30 Nov 2020 12:55:07 +0100 Subject: [PATCH 1/2] doc: add note about timingSafeEqual for TypedArray --- doc/api/crypto.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index eadd5453614c51..de0f6a24b21c34 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3383,7 +3383,10 @@ comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/). `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they -must have the same length. +must have the same byte length. + +If at least one of `a` and `b` is a `TypedArray`, the result may depend on +the platform byte order. Use of `crypto.timingSafeEqual` does not guarantee that the *surrounding* code is timing-safe. Care should be taken to ensure that the surrounding code does From dd16890f0c882df58d5420dc2cf0d619e2faad0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sat, 12 Dec 2020 18:17:56 +0100 Subject: [PATCH 2/2] fixup Thanks Anna! --- doc/api/crypto.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index de0f6a24b21c34..2b762fa2eeef69 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3385,8 +3385,9 @@ comparing HMAC digests or secret values like authentication cookies or `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they must have the same byte length. -If at least one of `a` and `b` is a `TypedArray`, the result may depend on -the platform byte order. +If at least one of `a` and `b` is a `TypedArray` with more than one byte per +entry, such as `Uint16Array`, the result will be computed using the platform +byte order. Use of `crypto.timingSafeEqual` does not guarantee that the *surrounding* code is timing-safe. Care should be taken to ensure that the surrounding code does