From 3d4e3b9d3ee5c5c90b21b27fb387f0f399aba329 Mon Sep 17 00:00:00 2001
From: Ameer Ghani <inahga@divviup.org>
Date: Thu, 21 Sep 2023 16:55:22 -0400
Subject: [PATCH] Remove unnecessary constant time compare

---
 aggregator_api/src/lib.rs | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/aggregator_api/src/lib.rs b/aggregator_api/src/lib.rs
index 998dc0019..f69827ab4 100644
--- a/aggregator_api/src/lib.rs
+++ b/aggregator_api/src/lib.rs
@@ -11,7 +11,6 @@ use janus_aggregator_core::{
 };
 use janus_core::{hpke, http::extract_bearer_token, task::AuthenticationToken, time::Clock};
 use janus_messages::{HpkeConfigId, RoleParseError, TaskId};
-use ring::constant_time;
 use routes::*;
 use std::{str::FromStr, sync::Arc};
 use tracing::error;
@@ -132,9 +131,7 @@ async fn auth_check(conn: &mut Conn, (): ()) -> impl Handler {
         return Some((Status::Unauthorized, Halt));
     };
 
-    if cfg.auth_tokens.iter().any(|key| {
-        constant_time::verify_slices_are_equal(bearer_token.as_ref(), key.as_ref()).is_ok()
-    }) {
+    if cfg.auth_tokens.iter().any(|key| bearer_token == *key) {
         // Authorization succeeds.
         None
     } else {