fixup! crypto: add KMAC Web Cryptography algorithms

Author: panva

deps/ncrypto/ncrypto.cc

@@ -4413,7 +4413,7 @@ HMACCtxPointer HMACCtxPointer::New() {
   return HMACCtxPointer(HMAC_CTX_new());
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x30100000L
+#if OPENSSL_VERSION_MAJOR >= 3
 EVPMacPointer::EVPMacPointer(EVP_MAC* mac) : mac_(mac) {}
 
 EVPMacPointer::EVPMacPointer(EVPMacPointer&& other) noexcept
@@ -4501,7 +4501,7 @@ EVPMacCtxPointer EVPMacCtxPointer::New(EVP_MAC* mac) {
   if (!mac) return EVPMacCtxPointer();
   return EVPMacCtxPointer(EVP_MAC_CTX_new(mac));
 }
-#endif  // OPENSSL_VERSION_NUMBER >= 0x30100000L
+#endif  // OPENSSL_VERSION_MAJOR >= 3
 
 DataPointer hashDigest(const Buffer<const unsigned char>& buf,
                        const EVP_MD* md) {

deps/ncrypto/ncrypto.h

@@ -1453,7 +1453,7 @@ class HMACCtxPointer final {
   DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
 };
 
-#if OPENSSL_VERSION_NUMBER >= 0x30100000L
+#if OPENSSL_VERSION_MAJOR >= 3
 class EVPMacPointer final {
  public:
   EVPMacPointer() = default;
@@ -1501,7 +1501,7 @@ class EVPMacCtxPointer final {
  private:
   DeleteFnPtr<EVP_MAC_CTX, EVP_MAC_CTX_free> ctx_;
 };
-#endif  // OPENSSL_VERSION_NUMBER >= 0x30100000L
+#endif  // OPENSSL_VERSION_MAJOR >= 3
 
 #ifndef OPENSSL_NO_ENGINE
 class EnginePointer final {

doc/api/webcrypto.md

@@ -120,8 +120,8 @@ Algorithms:
 * `'ChaCha20-Poly1305'`
 * `'cSHAKE128'`
 * `'cSHAKE256'`
-* `'KMAC128'`[^openssl31]
-* `'KMAC256'`[^openssl31]
+* `'KMAC128'`[^openssl30]
+* `'KMAC256'`[^openssl30]
 * `'ML-DSA-44'`[^openssl35]
 * `'ML-DSA-65'`[^openssl35]
 * `'ML-DSA-87'`[^openssl35]
@@ -2684,8 +2684,6 @@ The length (in bytes) of the random salt to use.
 
 [^openssl30]: Requires OpenSSL >= 3.0
 
-[^openssl31]: Requires OpenSSL >= 3.1
-
 [^openssl32]: Requires OpenSSL >= 3.2
 
 [^openssl35]: Requires OpenSSL >= 3.5

src/crypto/crypto_kmac.cc

@@ -3,7 +3,7 @@
 #include "node_internals.h"
 #include "threadpoolwork-inl.h"
 
-#if OPENSSL_VERSION_NUMBER >= 0x30100000L
+#if OPENSSL_VERSION_MAJOR >= 3
 #include <openssl/core_names.h>
 #include <openssl/params.h>
 #include "crypto/crypto_keys.h"

src/crypto/crypto_kmac.h

@@ -10,8 +10,8 @@
 
 namespace node::crypto {
 
-// KMAC (Keccak Message Authentication Code) is available in OpenSSL 3.1+.
-#if OPENSSL_VERSION_NUMBER >= 0x30100000L
+// KMAC (Keccak Message Authentication Code) is available since OpenSSL 3.0.
+#if OPENSSL_VERSION_MAJOR >= 3
 
 struct KmacConfig final : public MemoryRetainer {
   CryptoJobMode job_mode;

src/node_crypto.cc

@@ -66,17 +66,13 @@ namespace crypto {
 #define ARGON2_NAMESPACE_LIST(V)
 #endif  // !OPENSSL_NO_ARGON2 && OpenSSL >= 3.2
 
-#if OPENSSL_VERSION_NUMBER >= 0x30100000L
-#define KMAC_NAMESPACE_LIST(V) V(Kmac)
-#else
-#define KMAC_NAMESPACE_LIST(V)
-#endif  // OpenSSL >= 3.1
-
-// KEM functionality requires OpenSSL 3.0.0 or later
+// KEM and KMAC functionality requires OpenSSL 3.0.0 or later
 #if OPENSSL_VERSION_MAJOR >= 3
 #define KEM_NAMESPACE_LIST(V) V(KEM)
+#define KMAC_NAMESPACE_LIST(V) V(Kmac)
 #else
 #define KEM_NAMESPACE_LIST(V)
+#define KMAC_NAMESPACE_LIST(V)
 #endif
 
 #ifdef OPENSSL_NO_SCRYPT

test/fixtures/webcrypto/supports-modern-algorithms.mjs

@@ -8,7 +8,7 @@ const shake128 = crypto.getHashes().includes('shake128');
 const shake256 = crypto.getHashes().includes('shake256');
 const chacha = crypto.getCiphers().includes('chacha20-poly1305');
 const ocb = hasOpenSSL(3);
-const kmac = hasOpenSSL(3, 1);
+const kmac = hasOpenSSL(3);
 
 const { subtle } = globalThis.crypto;
 const X25519 = await subtle.generateKey('X25519', false, ['deriveBits', 'deriveKey']);

test/parallel/test-crypto-key-objects-to-crypto-key.js

@@ -206,7 +206,7 @@ if (hasOpenSSL(3, 5)) {
   }
 }
 
-if (hasOpenSSL(3, 1)) {
+if (hasOpenSSL(3)) {
   for (const algorithm of ['KMAC128', 'KMAC256']) {
     const hmac = createSecretKey(randomBytes(32));
     const usages = ['sign', 'verify'];

test/parallel/test-webcrypto-derivekey.js

@@ -168,7 +168,7 @@ const { KeyObject } = require('crypto');
     // [{ name: 'HMAC', hash: 'SHA3-512' }, 'sign', 512],
   ];
 
-  if (hasOpenSSL(3, 1)) {
+  if (hasOpenSSL(3)) {
     vectors.push(
       ['KMAC128', 'sign', 128],
       [{ name: 'KMAC128', length: 384 }, 'sign', 384],
@@ -221,7 +221,7 @@ const { KeyObject } = require('crypto');
     // [{ name: 'HMAC', hash: 'SHA3-512' }, 'sign', 512],
   ];
 
-  if (hasOpenSSL(3, 1)) {
+  if (hasOpenSSL(3)) {
     vectors.push(
       ['KMAC128', 'sign', 128],
       [{ name: 'KMAC128', length: 384 }, 'sign', 384],

test/parallel/test-webcrypto-export-import.js

@@ -167,7 +167,7 @@ const { createPrivateKey, createPublicKey, createSecretKey } = require('crypto')
 }
 
 // Import/Export KMAC Secret Key
-if (hasOpenSSL(3, 1)) {
+if (hasOpenSSL(3)) {
   async function test(name) {
     const keyData = globalThis.crypto.getRandomValues(new Uint8Array(32));
     const key = await subtle.importKey(