timingSafeEqual: final === check and type checking

jsha · jsha · commit 5840d64e53a5 · 2016-02-19T11:13:50.000-08:00
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -111,6 +111,9 @@ Hmac.prototype._transform = Hash.prototype._transform;
 //
 // Note: hmac object can not be used after validate() method has been called.
 Hmac.prototype.validate = function(inputBuffer) {
+  if (!(inputBuffer instanceof Buffer)) {
+    throw new TypeError('Argument should be a Buffer');
+  }
   var ah = new Hmac('sha256', this.key).update(this.digest()).digest();
   var bh = new Hmac('sha256', this.key).update(inputBuffer).digest();
   return ah.equals(bh);
@@ -687,7 +690,11 @@ function filterDuplicates(names) {
 exports.timingSafeEqual = function(a, b) {
   var key = randomBytes(32);
   var ah = new Hmac('sha256', key).update(a);
-  return ah.validate(new Hmac('sha256', key).update(b).digest());
+  // The final === test is just in case of the vanishingly small chance of
+  // a collision. It only fires if the digest comparison passes and so doesn't
+  // leak timing information.
+  return ah.validate(new Hmac('sha256', key).update(b).digest()) &&
+    a.toString() === b.toString();
 };
 
 // Legacy API
