crypto: use byteLength in safeTimingEqual

ZaneHannanAU · Zane Hannan · commit fb2df1fbcec5 · 2018-10-10T16:24:07.000+11:00
crypto.timingSafeEqual() can cause the core to abort if the length parameter matches; however the internal byte length differs. This commit makes the length validation use bytewise (ArrayBufferLike) byteLength rather than array content length. Reissuing of nodejs#21397 with various modifications and fixes.
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -92,7 +92,7 @@ function timingSafeEqual(buf1, buf2) {
     throw new ERR_INVALID_ARG_TYPE('buf2',
                                    ['Buffer', 'TypedArray', 'DataView'], buf2);
   }
-  if (buf1.length !== buf2.length) {
+  if (buf1.byteLength !== buf2.byteLength) {
     throw new ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH();
   }
   return _timingSafeEqual(buf1, buf2);

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ function timingSafeEqual(buf1, buf2) {`
`92`	`92`	`throw new ERR_INVALID_ARG_TYPE('buf2',`
`93`	`93`	`['Buffer', 'TypedArray', 'DataView'], buf2);`
`94`	`94`	`}`
`95`		`- if (buf1.length !== buf2.length) {`
	`95`	`+ if (buf1.byteLength !== buf2.byteLength) {`
`96`	`96`	`throw new ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH();`
`97`	`97`	`}`
`98`	`98`	`return _timingSafeEqual(buf1, buf2);`