src: hide kMaxDigestMultiplier outside HKDF impl

There is no reason to expose this constant outside of the HKDF implementation, especially with such a generic name. PR-URL: #46206 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
nodejs · Jan 31, 2023 · 3ce39bb · 3ce39bb
1 parent edcd4fc
commit 3ce39bb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc
@@ -87,6 +87,10 @@ Maybe<bool> HKDFTraits::AdditionalConfig(
       : info.ToByteSource();
 
   params->length = args[offset + 4].As<Uint32>()->Value();
+  // HKDF-Expand computes up to 255 HMAC blocks, each having as many bits as the
+  // output of the hash function. 255 is a hard limit because HKDF appends an
+  // 8-bit counter to each HMAC'd message, starting at 1.
+  constexpr size_t kMaxDigestMultiplier = 255;
   size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier;
   if (params->length > max_length) {
     THROW_ERR_CRYPTO_INVALID_KEYLEN(env);

diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h
@@ -11,8 +11,6 @@
 
 namespace node {
 namespace crypto {
-static constexpr size_t kMaxDigestMultiplier = 255;
-
 struct HKDFConfig final : public MemoryRetainer {
   CryptoJobMode mode;
   size_t length;