doc: warn about using timingSafeEqual with floats

nodejs · May 28, 2022 · 554be50 · 554be50
1 parent 0818b52
commit 554be50
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -5453,6 +5453,13 @@ comparing HMAC digests or secret values like authentication cookies or
 must have the same byte length. An error is thrown if `a` and `b` have
 different byte lengths.
 
+This function does not compare the elements of `a` and `b` directly. Instead, it
+compares the bitwise representations of `a` and `b`.
+
+<strong class="critical">In particular, this function does not follow the usual
+definition of equality for floating-point numbers when `a` or `b` is a
+`Float32Array` or a `Float64Array`.</strong>
+
 If at least one of `a` and `b` is a `TypedArray` with more than one byte per
 entry, such as `Uint16Array`, the result will be computed using the platform
 byte order.