BREAKING(crypto): remove crypto.subtle.timingSafeEqual() method (de…

…noland#3803)
GregTCLTK · Nov 15, 2023 · a0b7e1f · a0b7e1f
1 parent 7d5344d
commit a0b7e1f
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 26 deletions.
diff --git a/crypto/crypto.ts b/crypto/crypto.ts
@@ -8,9 +8,7 @@
  * APIs when possible.
  *
  * Provides additional digest algorithms that are not part of the WebCrypto
- * standard as well as a `subtle.digest` and `subtle.digestSync` methods. It
- * also provides a `subtle.timingSafeEqual()` method to compare array buffers
- * or data views in a way that isn't prone to timing based attacks.
+ * standard as well as a `subtle.digest` and `subtle.digestSync` methods.
  *
  * The "polyfill" delegates to `WebCrypto` where possible.
  *
@@ -127,7 +125,6 @@ import {
  digestAlgorithms as wasmDigestAlgorithms,
  instantiateWasm,
 } from "./_wasm/mod.ts";
-import { timingSafeEqual } from "./timing_safe_equal.ts";
 import { fnv } from "./_fnv/mod.ts";
 
 /**
@@ -184,16 +181,6 @@ export interface StdSubtleCrypto extends SubtleCrypto {
  algorithm: DigestAlgorithm,
  data: BufferSource | Iterable<BufferSource>,
  ): ArrayBuffer;
-
- /**
- * @deprecated (will be removed in 0.207.0) Import from `std/crypto/timing_safe_equal.ts` instead
- *
- * Compare to array buffers or data views in a way that timing based attacks
- * cannot gain information about the platform. */
- timingSafeEqual(
- a: ArrayBufferLike | DataView,
- b: ArrayBufferLike | DataView,
- ): boolean;
 }
 
 /** Extensions to the Web {@linkcode Crypto} interface. */
@@ -313,9 +300,6 @@ const stdCrypto: StdCrypto = ((x) => x)({
  );
  }
  },
-
- // TODO(@kitsonk): rework when https://github.com/w3c/webcrypto/issues/270 resolved
- timingSafeEqual,
  },
 });
 

diff --git a/crypto/crypto_test.ts b/crypto/crypto_test.ts
@@ -1421,15 +1421,6 @@ const toHexString = (bytes: ArrayBuffer): string =>
  "",
  );
 
-Deno.test({
- name: "[crypto/subtle/timeSafeEqual] - is present",
- fn() {
- const a = new Uint8Array([212, 213]);
- const b = new Uint8Array([212, 213]);
- assert(stdCrypto.subtle.timingSafeEqual(a.buffer, b.buffer));
- },
-});
-
 /**
  * This is one of many methods of `crypto` for which we don't have our own
  * implementation, and just pass calls through to the native implementation.