From 3ce39bbcb7f171ec2f2797e3328fd5d1e7ac5b4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Mon, 16 Jan 2023 03:44:00 +0100
Subject: [PATCH] src: hide kMaxDigestMultiplier outside HKDF impl

There is no reason to expose this constant outside of the HKDF
implementation, especially with such a generic name.

PR-URL: https://github.com/nodejs/node/pull/46206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
---
 src/crypto/crypto_hkdf.cc | 4 ++++
 src/crypto/crypto_hkdf.h  | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc
index 43bf8a93505bb7..7663dd69374db7 100644
--- a/src/crypto/crypto_hkdf.cc
+++ b/src/crypto/crypto_hkdf.cc
@@ -87,6 +87,10 @@ Maybe<bool> HKDFTraits::AdditionalConfig(
       : info.ToByteSource();
 
   params->length = args[offset + 4].As<Uint32>()->Value();
+  // HKDF-Expand computes up to 255 HMAC blocks, each having as many bits as the
+  // output of the hash function. 255 is a hard limit because HKDF appends an
+  // 8-bit counter to each HMAC'd message, starting at 1.
+  constexpr size_t kMaxDigestMultiplier = 255;
   size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier;
   if (params->length > max_length) {
     THROW_ERR_CRYPTO_INVALID_KEYLEN(env);
diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h
index ef2d03c2091595..c4a537cef8a792 100644
--- a/src/crypto/crypto_hkdf.h
+++ b/src/crypto/crypto_hkdf.h
@@ -11,8 +11,6 @@
 
 namespace node {
 namespace crypto {
-static constexpr size_t kMaxDigestMultiplier = 255;
-
 struct HKDFConfig final : public MemoryRetainer {
   CryptoJobMode mode;
   size_t length;