fix(crypto): handling large key length in HKDF (#12692)

2 files changed, 31 insertions, 2 deletions

diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts
index a6e0f28f8..0828f0716 100644
--- a/cli/tests/unit/webcrypto_test.ts
+++ b/cli/tests/unit/webcrypto_test.ts
@@ -513,6 +513,31 @@ unitTest(async function testHkdfDeriveBits() {
   assertEquals(result.byteLength, 128 / 8);
 });
 
+unitTest(async function testHkdfDeriveBitsWithLargeKeySize() {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    new Uint8Array([0x00]),
+    "HKDF",
+    false,
+    ["deriveBits"],
+  );
+  assertRejects(
+    () =>
+      crypto.subtle.deriveBits(
+        {
+          name: "HKDF",
+          hash: "SHA-1",
+          salt: new Uint8Array(),
+          info: new Uint8Array(),
+        },
+        key,
+        ((20 * 255) << 3) + 8,
+      ),
+    DOMException,
+    "The length provided for HKDF is too large",
+  );
+});
+
 unitTest(async function testDeriveKey() {
   // Test deriveKey
   const rawKey = await crypto.getRandomValues(new Uint8Array(16));
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index 2170e3c72..b0cd7ef06 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -876,10 +876,14 @@ pub async fn op_crypto_derive_bits(
       let salt = hkdf::Salt::new(algorithm, salt);
       let prk = salt.extract(&secret);
       let info = &[&*info];
-      let okm = prk.expand(info, HkdfOutput(length))?;
+      let okm = prk.expand(info, HkdfOutput(length)).map_err(|_e| {
+        custom_error(
+          "DOMExceptionOperationError",
+          "The length provided for HKDF is too large",
+        )
+      })?;
       let mut r = vec![0u8; length];
       okm.fill(&mut r)?;
-
       Ok(r.into())
     }
     _ => Err(type_error("Unsupported algorithm".to_string())),