Skip to content

Commit

Permalink
src: hide kMaxDigestMultiplier outside HKDF impl
Browse files Browse the repository at this point in the history
There is no reason to expose this constant outside of the HKDF
implementation, especially with such a generic name.

PR-URL: #46206
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Yagiz Nizipli <[email protected]>
  • Loading branch information
tniessen authored and juanarbol committed Jan 31, 2023
1 parent edcd4fc commit 3ce39bb
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
4 changes: 4 additions & 0 deletions src/crypto/crypto_hkdf.cc
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ Maybe<bool> HKDFTraits::AdditionalConfig(
: info.ToByteSource();

params->length = args[offset + 4].As<Uint32>()->Value();
// HKDF-Expand computes up to 255 HMAC blocks, each having as many bits as the
// output of the hash function. 255 is a hard limit because HKDF appends an
// 8-bit counter to each HMAC'd message, starting at 1.
constexpr size_t kMaxDigestMultiplier = 255;
size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier;
if (params->length > max_length) {
THROW_ERR_CRYPTO_INVALID_KEYLEN(env);
Expand Down
2 changes: 0 additions & 2 deletions src/crypto/crypto_hkdf.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@

namespace node {
namespace crypto {
static constexpr size_t kMaxDigestMultiplier = 255;

struct HKDFConfig final : public MemoryRetainer {
CryptoJobMode mode;
size_t length;
Expand Down

0 comments on commit 3ce39bb

Please sign in to comment.