diff options
author | Tobias Nießen <tniessen@users.noreply.github.com> | 2020-11-30 12:55:07 +0100 |
---|---|---|
committer | Michaël Zasso <targos@protonmail.com> | 2020-12-21 18:24:29 +0100 |
commit | ad75c78c32f8c72ca4a66d20c37dca4628bf6ba0 (patch) | |
tree | 85cd9ac80cb1431f75242ae4395a3925a9edc3b0 | |
parent | 27260c70b430074e9bc67b3e569203661fd28e71 (diff) | |
download | node-new-ad75c78c32f8c72ca4a66d20c37dca4628bf6ba0.tar.gz |
doc: add note about timingSafeEqual for TypedArray
PR-URL: https://github.com/nodejs/node/pull/36323
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
-rw-r--r-- | doc/api/crypto.md | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index eadd545361..2b762fa2ee 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3383,7 +3383,11 @@ comparing HMAC digests or secret values like authentication cookies or [capability urls](https://www.w3.org/TR/capability-urls/). `a` and `b` must both be `Buffer`s, `TypedArray`s, or `DataView`s, and they -must have the same length. +must have the same byte length. + +If at least one of `a` and `b` is a `TypedArray` with more than one byte per +entry, such as `Uint16Array`, the result will be computed using the platform +byte order. Use of `crypto.timingSafeEqual` does not guarantee that the *surrounding* code is timing-safe. Care should be taken to ensure that the surrounding code does |