Skip to content

Commit

Permalink
src: hide kMaxDigestMultiplier outside HKDF impl
Browse files Browse the repository at this point in the history
There is no reason to expose this constant outside of the HKDF
implementation, especially with such a generic name.
  • Loading branch information
tniessen committed Jan 14, 2023
1 parent 5117c6c commit 364d675
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
4 changes: 4 additions & 0 deletions src/crypto/crypto_hkdf.cc
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ Maybe<bool> HKDFTraits::AdditionalConfig(
: info.ToByteSource();

params->length = args[offset + 4].As<Uint32>()->Value();
// HKDF-Expand computes up to 255 HMAC blocks, each having as many bits as the
// output of the hash function. 255 is a hard limit because HKDF appends an
// 8-bit counter to each HMAC'd message, starting at 1.
constexpr size_t kMaxDigestMultiplier = 255;
size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier;
if (params->length > max_length) {
THROW_ERR_CRYPTO_INVALID_KEYLEN(env);
Expand Down
2 changes: 0 additions & 2 deletions src/crypto/crypto_hkdf.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@

namespace node {
namespace crypto {
static constexpr size_t kMaxDigestMultiplier = 255;

struct HKDFConfig final : public MemoryRetainer {
CryptoJobMode mode;
size_t length;
Expand Down

0 comments on commit 364d675

Please sign in to comment.