fixup! crypto: add argon2() and argon2Sync() methods

nodejs · nodejs-github-bot · Aug 19, 2025 · Oct 23, 2023 · Aug 13, 2025 · Aug 13, 2025
commit 0d8e0797d52bf1e5d1c42bb10c5c1c0cd582cf27
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -1873,7 +1873,7 @@ DataPointer pbkdf2(const Digest& md,
   return {};
 }
 
-#if OPENSSL_VERSION_PREREQ(3, 2)
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
 #ifndef OPENSSL_NO_ARGON2
 DataPointer argon2(const Buffer<const char>& pass,
                    const Buffer<const unsigned char>& salt,
@@ -1930,7 +1930,9 @@ DataPointer argon2(const Buffer<const char>& pass,
   params.reserve(9);
 
   params.push_back(OSSL_PARAM_construct_octet_string(
-      OSSL_KDF_PARAM_PASSWORD, const_cast<char*>(pass.data), pass.len));
+      OSSL_KDF_PARAM_PASSWORD,
+      const_cast<char*>(pass.len > 0 ? pass.data : ""),
+      pass.len));
   params.push_back(OSSL_PARAM_construct_octet_string(
       OSSL_KDF_PARAM_SALT, const_cast<unsigned char*>(salt.data), salt.len));
   params.push_back(OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_THREADS, &lanes));

diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
@@ -1557,7 +1557,7 @@ DataPointer pbkdf2(const Digest& md,
                    uint32_t iterations,
                    size_t length);
 
-#if OPENSSL_VERSION_PREREQ(3, 2)
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
 #ifndef OPENSSL_NO_ARGON2
 enum class Argon2Type { ARGON2D, ARGON2I, ARGON2ID };
 

diff --git a/src/crypto/crypto_argon2.cc b/src/crypto/crypto_argon2.cc
@@ -1,7 +1,8 @@
 #include "crypto/crypto_argon2.h"
 #include "async_wrap-inl.h"
+#include "threadpoolwork-inl.h"
 
-#if OPENSSL_VERSION_PREREQ(3, 2)
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
 #ifndef OPENSSL_NO_ARGON2
 #include <openssl/core_names.h>
 

diff --git a/src/crypto/crypto_argon2.h b/src/crypto/crypto_argon2.h
@@ -6,7 +6,7 @@
 #include "crypto/crypto_util.h"
 
 namespace node::crypto {
-#if !defined(OPENSSL_NO_ARGON2) && OPENSSL_VERSION_PREREQ(3, 2)
+#if !defined(OPENSSL_NO_ARGON2) && OPENSSL_VERSION_NUMBER >= 0x30200000L
 
 // Argon2 is a password-based key derivation algorithm
 // defined in https://datatracker.ietf.org/doc/html/rfc9106

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -60,7 +60,7 @@ namespace crypto {
   V(Verify)                                                                    \
   V(X509Certificate)
 
-#if !defined(OPENSSL_NO_ARGON2) && OPENSSL_VERSION_PREREQ(3, 2)
+#if !defined(OPENSSL_NO_ARGON2) && OPENSSL_VERSION_NUMBER >= 0x30200000L
 #define ARGON2_NAMESPACE_LIST(V) V(Argon2)
 #else
 #define ARGON2_NAMESPACE_LIST(V)

diff --git a/test/parallel/test-crypto-argon2.js b/test/parallel/test-crypto-argon2.js
@@ -29,7 +29,7 @@ const associatedData = Buffer.alloc(12, 0x04);
 const defaults = { message, nonce, parallelism: 1, tagLength: 64, memory: 8, passes: 3 };
 
 const good = [
-  // test vectors from RFC 9106 https://www.rfc-editor.org/rfc/rfc9106.html#name-test-vectors
+  // Test vectors from RFC 9106 https://www.rfc-editor.org/rfc/rfc9106.html#name-test-vectors
   // and OpenSSL 3.2 https://github.com/openssl/openssl/blob/6dfa998f7ea150f9c6d4e4727cf6d5c82a68a8da/test/recipes/30-test_evp_data/evpkdf_argon2.txt
   //
   // OpenSSL defaults are:
@@ -56,7 +56,8 @@ const good = [
   [
     'argon2d',
     { message: '1234567890', nonce: 'saltsalt' },
-    'd16ad773b1c6400d3193bc3e66271603e9de72bace20af3f89c236f5434cdec99072ddfc6b9c77ea9f386c0e8d7cb0c37cec6ec3277a22c92d5be58ef67c7eaa',
+    'd16ad773b1c6400d3193bc3e66271603e9de72bace20af3f89c236f5434cdec9' +
+    '9072ddfc6b9c77ea9f386c0e8d7cb0c37cec6ec3277a22c92d5be58ef67c7eaa',
   ],
   [
     'argon2id',
@@ -66,7 +67,8 @@ const good = [
   [
     'argon2d',
     { message: '1234567890', nonce: 'saltsalt', parallelism: 2, memory: 65536 },
-    '5ca0ab135de1241454840172696c301c7b8fd99a788cd11cf9699044cadf7fca0a6e3762cb3043a71adf6553db3fd7925101b0ccf8868b098492a4addb2486bc',
+    '5ca0ab135de1241454840172696c301c7b8fd99a788cd11cf9699044cadf7fca' +
+    '0a6e3762cb3043a71adf6553db3fd7925101b0ccf8868b098492a4addb2486bc',
   ],
   [
     'argon2i',
@@ -81,7 +83,10 @@ const good = [
   [
     'argon2d',
     { message: '1234567890', nonce: 'saltsalt', parallelism: 2, tagLength: 128, memory: 65536 },
-    'a86c83a19f0b234ecba8c275d16d059153f961e4c39ec9b1be98b3e73d791789363682443ad594334048634e91c493affed0bc29fd329a0e553c00149d6db19af4e4a354aec14dbd575d78ba87d4a4bc4746666e7a4e6ee1572bbffc2eba308a2d825cb7b41fde3a95d5cff0dfa2d0fdd636b32aea8b4a3c532742d330bd1b90',
+    'a86c83a19f0b234ecba8c275d16d059153f961e4c39ec9b1be98b3e73d791789' +
+    '363682443ad594334048634e91c493affed0bc29fd329a0e553c00149d6db19a' +
+    'f4e4a354aec14dbd575d78ba87d4a4bc4746666e7a4e6ee1572bbffc2eba308a' +
+    '2d825cb7b41fde3a95d5cff0dfa2d0fdd636b32aea8b4a3c532742d330bd1b90',
   ],
 ];
 
@@ -117,7 +122,7 @@ for (const [algorithm, overrides, param] of bad) {
 for (const key of Object.keys(defaults)) {
   const expected = {
     code: 'ERR_INVALID_ARG_TYPE',
-    message: new RegExp(`"parameters.${key}"`),
+    message: new RegExp(`"parameters\\.${key}"`),
   };
   const parameters = { ...defaults };
   delete parameters[key];