From c3b986853c07bf4583bd679748f3ce03682491c1 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Sat, 14 Jun 2025 14:31:45 -0700 Subject: [PATCH] crypto: move deprecated hash and mgf1Hash options to EOL Runtime deprecation for ~3 years. PR-URL: https://github.com/nodejs/node/pull/58706 Reviewed-By: LiviaMedeiros Reviewed-By: Ethan Arrowood Reviewed-By: Filip Skokan Reviewed-By: Luigi Pinca Reviewed-By: Yagiz Nizipli --- doc/api/deprecations.md | 8 +-- lib/internal/crypto/keygen.js | 46 ++++++++--------- .../test-crypto-keygen-deprecation.js | 49 ------------------- ...ypto-keygen-duplicate-deprecated-option.js | 43 ---------------- test/parallel/test-crypto-keygen.js | 19 ------- 5 files changed, 28 insertions(+), 137 deletions(-) delete mode 100644 test/parallel/test-crypto-keygen-deprecation.js delete mode 100644 test/parallel/test-crypto-keygen-duplicate-deprecated-option.js diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md index 3266d99436..372a20e518 100644 --- a/doc/api/deprecations.md +++ b/doc/api/deprecations.md @@ -3202,6 +3202,9 @@ option, or a non-nullish non-boolean value for `verbatim` option in -Type: Runtime +Type: End-of-Life -The `'hash'` and `'mgf1Hash'` options are replaced with `'hashAlgorithm'` -and `'mgf1HashAlgorithm'`. +Use `'hashAlgorithm'` instead of `'hash'`, and `'mgf1HashAlgorithm'` instead of `'mgf1Hash'`. ### DEP0155: Trailing slashes in pattern specifier resolutions diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js index e3f3e3e6b9..3d1ba4a883 100644 --- a/lib/internal/crypto/keygen.js +++ b/lib/internal/crypto/keygen.js @@ -195,7 +195,7 @@ function createJob(mode, type, options) { } const { - hash, mgf1Hash, hashAlgorithm, mgf1HashAlgorithm, saltLength, + hashAlgorithm, mgf1HashAlgorithm, saltLength, } = options; if (saltLength !== undefined) @@ -204,27 +204,27 @@ function createJob(mode, type, options) { validateString(hashAlgorithm, 'options.hashAlgorithm'); if (mgf1HashAlgorithm !== undefined) validateString(mgf1HashAlgorithm, 'options.mgf1HashAlgorithm'); - if (hash !== undefined) { - process.emitWarning( - '"options.hash" is deprecated, ' + - 'use "options.hashAlgorithm" instead.', - 'DeprecationWarning', - 'DEP0154'); - validateString(hash, 'options.hash'); - if (hashAlgorithm && hash !== hashAlgorithm) { - throw new ERR_INVALID_ARG_VALUE('options.hash', hash); - } + if (options.hash !== undefined) { + // This API previously accepted a `hash` option that was deprecated + // and removed. However, in order to make the change more visible, we + // opted to throw an error if hash is specified rather than removing it + // entirely. + throw new ERR_INVALID_ARG_VALUE( + 'options.hash', + options.hash, + 'is no longer supported', + ); } - if (mgf1Hash !== undefined) { - process.emitWarning( - '"options.mgf1Hash" is deprecated, ' + - 'use "options.mgf1HashAlgorithm" instead.', - 'DeprecationWarning', - 'DEP0154'); - validateString(mgf1Hash, 'options.mgf1Hash'); - if (mgf1HashAlgorithm && mgf1Hash !== mgf1HashAlgorithm) { - throw new ERR_INVALID_ARG_VALUE('options.mgf1Hash', mgf1Hash); - } + if (options.mgf1Hash !== undefined) { + // This API previously accepted a `mgf1Hash` option that was deprecated + // and removed. However, in order to make the change more visible, we + // opted to throw an error if mgf1Hash is specified rather than removing + // it entirely. + throw new ERR_INVALID_ARG_VALUE( + 'options.mgf1Hash', + options.mgf1Hash, + 'is no longer supported', + ); } return new RsaKeyPairGenJob( @@ -232,8 +232,8 @@ function createJob(mode, type, options) { kKeyVariantRSA_PSS, modulusLength, publicExponent, - hashAlgorithm || hash, - mgf1HashAlgorithm || mgf1Hash, + hashAlgorithm, + mgf1HashAlgorithm, saltLength, ...encoding); } diff --git a/test/parallel/test-crypto-keygen-deprecation.js b/test/parallel/test-crypto-keygen-deprecation.js deleted file mode 100644 index 926dfbbc4a..0000000000 --- a/test/parallel/test-crypto-keygen-deprecation.js +++ /dev/null @@ -1,49 +0,0 @@ -'use strict'; - -const common = require('../common'); -if (!common.hasCrypto) - common.skip('missing crypto'); - -const DeprecationWarning = []; -DeprecationWarning.push([ - '"options.hash" is deprecated, use "options.hashAlgorithm" instead.', - 'DEP0154']); -DeprecationWarning.push([ - '"options.mgf1Hash" is deprecated, use "options.mgf1HashAlgorithm" instead.', - 'DEP0154']); - -common.expectWarning({ DeprecationWarning }); - -const assert = require('assert'); -const { generateKeyPair } = require('crypto'); - -{ - // This test makes sure deprecated options still work as intended - - generateKeyPair('rsa-pss', { - modulusLength: 512, - saltLength: 16, - hash: 'sha256', - mgf1Hash: 'sha256' - }, common.mustSucceed((publicKey, privateKey) => { - assert.strictEqual(publicKey.type, 'public'); - assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(publicKey.asymmetricKeyDetails, { - modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 - }); - - assert.strictEqual(privateKey.type, 'private'); - assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(privateKey.asymmetricKeyDetails, { - modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 - }); - })); -} diff --git a/test/parallel/test-crypto-keygen-duplicate-deprecated-option.js b/test/parallel/test-crypto-keygen-duplicate-deprecated-option.js deleted file mode 100644 index 854ad6e35e..0000000000 --- a/test/parallel/test-crypto-keygen-duplicate-deprecated-option.js +++ /dev/null @@ -1,43 +0,0 @@ -'use strict'; - -const common = require('../common'); -if (!common.hasCrypto) - common.skip('missing crypto'); - -const assert = require('assert'); -const { - generateKeyPair, -} = require('crypto'); - -// This test makes sure deprecated and new options may be used -// simultaneously so long as they're identical values. -{ - generateKeyPair('rsa-pss', { - modulusLength: 512, - saltLength: 16, - hash: 'sha256', - hashAlgorithm: 'sha256', - mgf1Hash: 'sha256', - mgf1HashAlgorithm: 'sha256' - }, common.mustSucceed((publicKey, privateKey) => { - assert.strictEqual(publicKey.type, 'public'); - assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(publicKey.asymmetricKeyDetails, { - modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 - }); - - assert.strictEqual(privateKey.type, 'private'); - assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(privateKey.asymmetricKeyDetails, { - modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 - }); - })); -} diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index edaee84507..e0515c1577 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -800,22 +800,3 @@ const { hasOpenSSL3 } = require('../common/crypto'); message: 'Invalid MGF1 digest: sha2' }); } - -{ - // This test makes sure deprecated and new options must - // be the same value. - - assert.throws(() => generateKeyPair('rsa-pss', { - modulusLength: 512, - saltLength: 16, - mgf1Hash: 'sha256', - mgf1HashAlgorithm: 'sha1' - }, common.mustNotCall()), { code: 'ERR_INVALID_ARG_VALUE' }); - - assert.throws(() => generateKeyPair('rsa-pss', { - modulusLength: 512, - saltLength: 16, - hash: 'sha256', - hashAlgorithm: 'sha1' - }, common.mustNotCall()), { code: 'ERR_INVALID_ARG_VALUE' }); -}