Remove unnecessary hash comparison method

lcobucci · lcobucci · commit 10dcb105762e · 2020-11-25T02:12:05.000+01:00
Since PHP 5.6 is our minimum version this can be safely dropped.
diff --git a/src/Signer/Hmac.php b/src/Signer/Hmac.php
@@ -32,36 +32,7 @@ public function doVerify($expected, $payload, Key $key)
             return false;
         }
 
-        $callback = function_exists('hash_equals') ? 'hash_equals' : [$this, 'hashEquals'];
-
-        return call_user_func($callback, $expected, $this->createHash($payload, $key));
-    }
-
-    /**
-     * PHP < 5.6 timing attack safe hash comparison
-     *
-     * @internal
-     *
-     * @param string $expected
-     * @param string $generated
-     *
-     * @return boolean
-     */
-    public function hashEquals($expected, $generated)
-    {
-        $expectedLength = strlen($expected);
-
-        if ($expectedLength !== strlen($generated)) {
-            return false;
-        }
-
-        $res = 0;
-
-        for ($i = 0; $i < $expectedLength; ++$i) {
-            $res |= ord($expected[$i]) ^ ord($generated[$i]);
-        }
-
-        return $res === 0;
+        return hash_equals($expected, $this->createHash($payload, $key));
     }
 
     /**
diff --git a/test/unit/Signer/HmacTest.php b/test/unit/Signer/HmacTest.php
@@ -91,44 +91,4 @@ public function doVerifyShouldReturnFalseWhenExpectedHashIsNotString()
     {
         $this->assertFalse($this->signer->doVerify(false, 'test', new Key('1234')));
     }
-
-    /**
-     * @test
-     *
-     * @covers Lcobucci\JWT\Signer\Hmac::hashEquals
-     */
-    public function hashEqualsShouldReturnFalseWhenExpectedHashHasDifferentLengthThanGenerated()
-    {
-        $this->assertFalse($this->signer->hashEquals('123', '1234'));
-    }
-
-    /**
-     * @test
-     *
-     * @depends createHashMustReturnAHashAccordingWithTheAlgorithm
-     *
-     * @uses Lcobucci\JWT\Signer\Hmac::createHash
-     * @uses Lcobucci\JWT\Signer\Key
-     *
-     * @covers Lcobucci\JWT\Signer\Hmac::hashEquals
-     */
-    public function hashEqualsShouldReturnFalseWhenExpectedHashIsDifferentThanGenerated($expected)
-    {
-        $this->assertFalse($this->signer->hashEquals($expected, $this->signer->createHash('test', new Key('1234'))));
-    }
-
-    /**
-     * @test
-     *
-     * @depends createHashMustReturnAHashAccordingWithTheAlgorithm
-     *
-     * @uses Lcobucci\JWT\Signer\Hmac::createHash
-     * @uses Lcobucci\JWT\Signer\Key
-     *
-     * @covers Lcobucci\JWT\Signer\Hmac::hashEquals
-     */
-    public function hashEqualsShouldReturnTrueWhenExpectedHashIsEqualsThanGenerated($expected)
-    {
-        $this->assertTrue($this->signer->hashEquals($expected, $this->signer->createHash('test', new Key('123'))));
-    }
 }
