From 364d675833d39e3c31f01a3be0b1cd4568dbd40a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sat, 14 Jan 2023 02:38:22 +0000 Subject: [PATCH] src: hide kMaxDigestMultiplier outside HKDF impl There is no reason to expose this constant outside of the HKDF implementation, especially with such a generic name. --- src/crypto/crypto_hkdf.cc | 4 ++++ src/crypto/crypto_hkdf.h | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc index 43bf8a93505bb7..7663dd69374db7 100644 --- a/src/crypto/crypto_hkdf.cc +++ b/src/crypto/crypto_hkdf.cc @@ -87,6 +87,10 @@ Maybe HKDFTraits::AdditionalConfig( : info.ToByteSource(); params->length = args[offset + 4].As()->Value(); + // HKDF-Expand computes up to 255 HMAC blocks, each having as many bits as the + // output of the hash function. 255 is a hard limit because HKDF appends an + // 8-bit counter to each HMAC'd message, starting at 1. + constexpr size_t kMaxDigestMultiplier = 255; size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier; if (params->length > max_length) { THROW_ERR_CRYPTO_INVALID_KEYLEN(env); diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h index ef2d03c2091595..c4a537cef8a792 100644 --- a/src/crypto/crypto_hkdf.h +++ b/src/crypto/crypto_hkdf.h @@ -11,8 +11,6 @@ namespace node { namespace crypto { -static constexpr size_t kMaxDigestMultiplier = 255; - struct HKDFConfig final : public MemoryRetainer { CryptoJobMode mode; size_t length;