From 858a429d88c7e35ecd224a98bfda2c3dd428ae1f Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 6 Jan 2018 17:55:27 -0600
Subject: The HKDF limit is actually 255 * digest_length_in_bytes (#4037)

* The HKDF limit is actually 255 * digest_length_in_bytes

Previously we had a bug where we divided digest_size by 8...but
HashAlgorithm.digest_size is already in bytes.

* test longer output

* changelog
---
 src/cryptography/hazmat/primitives/kdf/hkdf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py
index 964ac2cc..917b4e9c 100644
--- a/src/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -67,7 +67,7 @@ class HKDFExpand(object):
 
         self._backend = backend
 
-        max_length = 255 * (algorithm.digest_size // 8)
+        max_length = 255 * algorithm.digest_size
 
         if length > max_length:
             raise ValueError(
-- 
cgit v1.2.3