lib,crypto: validate HkdfParams info length early

panva · panva · commit fc5b670bb524 · 2026-04-24T14:24:54.000+02:00
Enforces a 1024-byte maximum on `HkdfParams.info` at the WebIDL layer
using refactored `validateMaxBufferLength`. Its error message is also
fixed.

Oversized `info` was already rejected via a different code path. It just
relocates the rejection earlier into the WebIDL conversion step so the
failure reproduces the OpenSSL's limitation early.

Signed-off-by: Filip Skokan &lt;panva.ip@gmail.com&gt;
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -526,10 +526,10 @@ const simpleAlgorithmDictionaries = {
   TurboShakeParams: {},
 };
 
-function validateMaxBufferLength(data, name) {
-  if (data.byteLength > kMaxBufferLength) {
+function validateMaxBufferLength(data, name, max = kMaxBufferLength) {
+  if (data.byteLength > max) {
     throw lazyDOMException(
-      `${name} must be less than ${kMaxBufferLength + 1} bits`,
+      `${name} must be at most ${max} bytes`,
       'OperationError');
   }
 }
diff --git a/lib/internal/crypto/webidl.js b/lib/internal/crypto/webidl.js
@@ -567,6 +567,7 @@ converters.HkdfParams = createDictionaryConverter(
     {
       key: 'info',
       converter: converters.BufferSource,
+      validator: (V, dict) => validateMaxBufferLength(V, 'algorithm.info', 1024),
       required: true,
     },
   ]);
diff --git a/test/parallel/test-webcrypto-derivebits-hkdf.js b/test/parallel/test-webcrypto-derivebits-hkdf.js
@@ -628,16 +628,27 @@ async function testWrongKeyType(
 })().then(common.mustCall());
 
 // https://github.com/w3c/webcrypto/pull/380
-{
-  crypto.subtle.importKey('raw', new Uint8Array(0), 'HKDF', false, ['deriveBits']).then((key) => {
-    return crypto.subtle.deriveBits({
-      name: 'HKDF',
-      hash: { name: 'SHA-256' },
-      info: new Uint8Array(0),
-      salt: new Uint8Array(0),
-    }, key, 0);
-  }).then((bits) => {
-    assert.deepStrictEqual(bits, new ArrayBuffer(0));
-  })
-  .then(common.mustCall());
-}
+(async function() {
+  const key = await crypto.subtle.importKey('raw', new Uint8Array(0), 'HKDF', false, ['deriveBits']);
+  const bits = await crypto.subtle.deriveBits({
+    name: 'HKDF',
+    hash: { name: 'SHA-256' },
+    info: new Uint8Array(0),
+    salt: new Uint8Array(0),
+  }, key, 0);
+  assert.deepStrictEqual(bits, new ArrayBuffer(0));
+})().then(common.mustCall());
+
+// OpenSSL limits info to 1024 bytes
+(async function() {
+  const key = await crypto.subtle.importKey('raw', new Uint8Array(0), 'HKDF', false, ['deriveBits']);
+  await assert.rejects(crypto.subtle.deriveBits({
+    name: 'HKDF',
+    hash: { name: 'SHA-256' },
+    info: new Uint8Array(1025),
+    salt: new Uint8Array(0),
+  }, key, 0), {
+    name: 'OperationError',
+    message: 'algorithm.info must be at most 1024 bytes',
+  });
+})().then(common.mustCall());

Original file line number	Diff line number	Diff line change
`@@ -526,10 +526,10 @@ const simpleAlgorithmDictionaries = {`
`526`	`526`	`TurboShakeParams: {},`
`527`	`527`	`};`
`528`	`528`
`529`		`-function validateMaxBufferLength(data, name) {`
`530`		`- if (data.byteLength > kMaxBufferLength) {`
	`529`	`+function validateMaxBufferLength(data, name, max = kMaxBufferLength) {`
	`530`	`+ if (data.byteLength > max) {`
`531`	`531`	`throw lazyDOMException(`
`532`		- `${name} must be less than ${kMaxBufferLength + 1} bits`,
	`532`	+ `${name} must be at most ${max} bytes`,
`533`	`533`	`'OperationError');`
`534`	`534`	`}`
`535`	`535`	`}`
Original file line number	Diff line number	Diff line change
`@@ -567,6 +567,7 @@ converters.HkdfParams = createDictionaryConverter(`
`567`	`567`	`{`
`568`	`568`	`key: 'info',`
`569`	`569`	`converter: converters.BufferSource,`
	`570`	`+ validator: (V, dict) => validateMaxBufferLength(V, 'algorithm.info', 1024),`
`570`	`571`	`required: true,`
`571`	`572`	`},`
`572`	`573`	`]);`