Remove unneeded polyfills

3 files changed, 3 insertions, 71 deletions

diff --git a/app/classes/Planet.php b/app/classes/Planet.php
index 5c6d7cf..d6007e5 100644
--- a/app/classes/Planet.php
+++ b/app/classes/Planet.php
@@ -75,29 +75,9 @@ class Planet
      * @param  string $supplied
      * @return bool
      */
-    public static function authenticateUser($known = '', $supplied = '')
+    public static function authenticateUser(string $known = '', string $supplied = '')
     {
-        // The hash_equals function was introduced in PHP 5.6.0. If it's not
-        // existing in the current context (PHP version too old), and to ensure
-        // compatibility with those old interpreters, we'll have to provide
-        // an PHP implementation of this function.
-        if (function_exists('hash_equals')) {
-            return hash_equals($known, $supplied);
-        }
-
-        // Some implementation references can be found on the function comment.
-        $knownLen = mb_strlen($known);
-        if ($knownLen !== mb_strlen($supplied)) {
-            return false;
-        }
-
-        // Ensure that all the characters are the same, and continue until the
-        // end of the string even if an difference was found.
-        for ($i = 0, $comparison = 0; $i < $knownLen; $i++) {
-            $comparison |= ord($known[$i]) ^ ord($supplied[$i]);
-        }
-
-        return ($comparison === 0);
+        return hash_equals($known, $supplied);
     }
 
     /**
diff --git a/app/helpers.php b/app/helpers.php
index e943252..5f251e4 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -9,16 +9,6 @@
  */
 function register_polyfills()
 {
-    if (!function_exists('hash_equals')) {
-        function hash_equals($known_string, $user_string) {
-            call_user_func_array('_hash_equals', func_get_args());
-        }
-    }
-
-    if (!function_exists('random_bytes')) {
-        // If this function does not exist, it will be exposed
-        // automatically by paragonie/random_compat.
-    }
 }
 
 register_polyfills();
@@ -97,34 +87,3 @@ function removeCustomFiles()
     }
 }
 
-/**
- * Compare two strings in a constant-time manner.
- *
- * It returns `true` if both strings are exactly the same
- * (same size and same value).
- *
- * @param  string $known_string
- * @param  string $user_string
- * @return bool
- */
-function _hash_equals($known_string = '', $user_string = '')
-{
-    // In our case, it's not problematic if `$known_string`'s 
-    // size leaks, we will only compare password hashes and 
-    // CSRF tokens—their size is already somehow public.
-    if (!is_string($known_string) || !is_string($user_string) 
-         || strlen($known_string) !== strlen($user_string)) {
-        return false;
-    }
-
-    $ret = 0;    
-
-    // Do not stop the comparison when a difference is found,
-    // always completely compare them.
-    for ($i = 0; $i < strlen($known_string); $i++) {
-        $ret |=  (ord($known_string[$i]) ^ ord($user_string[$i]));
-    }   
-
-    return !$ret;
-}
-
diff --git a/tests/HelpersTest.php b/tests/HelpersTest.php
index 141e604..d0dcdda 100644
--- a/tests/HelpersTest.php
+++ b/tests/HelpersTest.php
@@ -4,12 +4,5 @@ use PHPUnit\Framework\TestCase;
 
 class HelpersTest extends TestCase
 {
-    function test_constant_time_compare()
-    {
-        $this->assertTrue(_hash_equals('abc', 'abc'));
-        $this->assertFalse(_hash_equals('abc', 'ab'));
-        $this->assertFalse(_hash_equals('ab', 'abc'));
-        $this->assertFalse(_hash_equals('abcd', 'adbc'));
-        $this->assertFalse(_hash_equals(0, 0));
-    }
+
 }