4 files changed, 26 insertions, 13 deletions

diff --git a/ext/crypto/ed25519.rs b/ext/crypto/ed25519.rs
index 591dce19d..e2a0ce408 100644
--- a/ext/crypto/ed25519.rs
+++ b/ext/crypto/ed25519.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::ToJsBuffer;
@@ -151,8 +153,5 @@ pub fn op_crypto_jwk_x_ed25519(
   #[buffer] pkey: &[u8],
 ) -> Result<String, AnyError> {
   let pair = Ed25519KeyPair::from_seed_unchecked(pkey)?;
-  Ok(base64::encode_config(
-    pair.public_key().as_ref(),
-    base64::URL_SAFE_NO_PAD,
-  ))
+  Ok(BASE64_URL_SAFE_NO_PAD.encode(pair.public_key().as_ref()))
 }
diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs
index 94cc0c64f..a34c40402 100644
--- a/ext/crypto/export_key.rs
+++ b/ext/crypto/export_key.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use const_oid::AssociatedOid;
 use const_oid::ObjectIdentifier;
 use deno_core::error::custom_error;
@@ -111,11 +113,11 @@ pub fn op_crypto_export_key(
 }
 
 fn uint_to_b64(bytes: UIntRef) -> String {
-  base64::encode_config(bytes.as_bytes(), base64::URL_SAFE_NO_PAD)
+  BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes())
 }
 
 fn bytes_to_b64(bytes: &[u8]) -> String {
-  base64::encode_config(bytes, base64::URL_SAFE_NO_PAD)
+  BASE64_URL_SAFE_NO_PAD.encode(bytes)
 }
 
 fn export_key_rsa(
diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs
index b2d5cdc4f..0a864d68c 100644
--- a/ext/crypto/import_key.rs
+++ b/ext/crypto/import_key.rs
@@ -1,5 +1,6 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::JsBuffer;
@@ -106,12 +107,19 @@ pub fn op_crypto_import_key(
   }
 }
 
-const URL_SAFE_FORGIVING: base64::Config =
-  base64::URL_SAFE_NO_PAD.decode_allow_trailing_bits(true);
+const BASE64_URL_SAFE_FORGIVING:
+  base64::engine::general_purpose::GeneralPurpose =
+  base64::engine::general_purpose::GeneralPurpose::new(
+    &base64::alphabet::URL_SAFE,
+    base64::engine::general_purpose::GeneralPurposeConfig::new()
+      .with_decode_allow_trailing_bits(true)
+      .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent),
+  );
 
 macro_rules! jwt_b64_int_or_err {
   ($name:ident, $b64:expr, $err:expr) => {
-    let bytes = base64::decode_config($b64, URL_SAFE_FORGIVING)
+    let bytes = BASE64_URL_SAFE_FORGIVING
+      .decode($b64)
       .map_err(|_| data_error($err))?;
     let $name = UIntRef::new(&bytes).map_err(|_| data_error($err))?;
   };
@@ -759,7 +767,8 @@ fn import_key_ec(
 fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
   Ok(match key_data {
     KeyData::JwkSecret { k } => {
-      let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+      let data = BASE64_URL_SAFE_FORGIVING
+        .decode(k)
         .map_err(|_| data_error("invalid key data"))?;
       ImportKeyResult::Hmac {
         raw_data: RustRawKeyData::Secret(data.into()),
@@ -772,7 +781,8 @@ fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
 fn import_key_hmac(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
   Ok(match key_data {
     KeyData::JwkSecret { k } => {
-      let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+      let data = BASE64_URL_SAFE_FORGIVING
+        .decode(k)
         .map_err(|_| data_error("invalid key data"))?;
       ImportKeyResult::Hmac {
         raw_data: RustRawKeyData::Secret(data.into()),
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index e47cc8f3c..3be6bcc3d 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -4,6 +4,8 @@ use aes_kw::KekAes128;
 use aes_kw::KekAes192;
 use aes_kw::KekAes256;
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::custom_error;
 use deno_core::error::not_supported;
 use deno_core::error::type_error;
@@ -120,14 +122,14 @@ deno_core::extension!(deno_crypto,
 pub fn op_crypto_base64url_decode(
   #[string] data: String,
 ) -> Result<ToJsBuffer, AnyError> {
-  let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?;
+  let data: Vec<u8> = BASE64_URL_SAFE_NO_PAD.decode(data)?;
   Ok(data.into())
 }
 
 #[op2]
 #[string]
 pub fn op_crypto_base64url_encode(#[buffer] data: JsBuffer) -> String {
-  let data: String = base64::encode_config(data, base64::URL_SAFE_NO_PAD);
+  let data: String = BASE64_URL_SAFE_NO_PAD.encode(data);
   data
 }