node crypto: support outputLength in XOF hash functions

Support outputLength option in crypto.hash() for XOF hash functions to align with the behaviour of crypto.createHash() API

Fixes: https://github.com/nodejs/node/issues/57312

May 02 '25 14:05 Aditi-1400

Review requested:

[ ] @nodejs/crypto
[ ] @nodejs/security-wg

May 02 '25 14:05 nodejs-github-bot

Codecov Report

Attention: Patch coverage is 82.85714% with 12 lines in your changes missing coverage. Please review.

Project coverage is 90.08%. Comparing base (f5da8f8) to head (a27fe2b). Report is 68 commits behind head on main.

Files with missing lines	Patch %	Lines
src/crypto/crypto_hash.cc	73.33%	9 Missing and 3 partials :warning:

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #58121      +/-   ##
==========================================
- Coverage   90.08%   90.08%   -0.01%     
==========================================
  Files         640      640              
  Lines      188517   188569      +52     
  Branches    36975    36995      +20     
==========================================
+ Hits       169826   169868      +42     
- Misses      11402    11418      +16     
+ Partials     7289     7283       -6

Files with missing lines	Coverage Δ
lib/internal/crypto/hash.js	`98.53% <100.00%> (+0.09%)`	:arrow_up:
src/crypto/crypto_hash.cc	`70.35% <73.33%> (-0.21%)`	:arrow_down:

... and 29 files with indirect coverage changes

:rocket: New features to boost your workflow:

:snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

May 02 '25 15:05 codecov[bot]

@Aditi-1400 please change the first commit's message to crypto: support outputLength in crypto.hash for XOF functions with your next push.

Jul 03 '25 17:07 panva

PTAL at https://github.com/nodejs/node/pull/58942

I'm really glad this is progressing again. You'll have to add code akin to this https://github.com/nodejs/node/pull/58942/files#diff-7141af611da86a765d813bee0d7955c7675ea854038aec2e1519b47c0e6272e0 to the Hash::OneShotDigest to account for OpenSSL 3.4's change of SHAKE128/256 not having any defaults.

Much like the crypto.createHash() code path this will fail in CI with linked OpenSSL 3.4 and newer.

Details

=== release test-crypto-oneshot-hash-xof ===                                  
Path: parallel/test-crypto-oneshot-hash-xof
node:internal/crypto/hash:235
  return oneShotDigest(algorithm, getCachedHashId(algorithm), getHashCache(),
         ^

Error: error:00000000:lib(0)::reason(0)
    at Object.hash (node:internal/crypto/hash:235:10)
    at Object.<anonymous> (/Users/panva/repo/node/test/parallel/test-crypto-oneshot-hash-xof.js:14:12)
    at Module._compile (node:internal/modules/cjs/loader:1691:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1823:10)
    at Module.load (node:internal/modules/cjs/loader:1426:32)
    at Module._load (node:internal/modules/cjs/loader:1249:12)
    at TracingChannel.traceSync (node:diagnostics_channel:322:14)
    at wrapModuleLoad (node:internal/modules/cjs/loader:235:24)
    at Module.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:152:5)
    at node:internal/main/run_main_module:33:47

I would like this PR to land first, or in unison with https://github.com/nodejs/node/pull/58942 that will deprecate using the default length for shake128/256

Jul 03 '25 18:07 panva

PTAL at #58942

I'm really glad this is progressing again. You'll have to add code akin to this https://github.com/nodejs/node/pull/58942/files#diff-7141af611da86a765d813bee0d7955c7675ea854038aec2e1519b47c0e6272e0 to the Hash::OneShotDigest to account for OpenSSL 3.4's change of SHAKE128/256 not having any defaults. is PR to land first, or in unison with #58942 that will deprecate using the default length for shake128/256

@panva Yep, I saw your PR earlier today, so I got back to working on this :)

I have updated OneShotDigest to pass default values for SHAKE128/256 when user doesn't provide any output_length. As expected, the default values test case fails without your changes in https://github.com/nodejs/node/pull/58942/files#diff-7141af611da86a765d813bee0d7955c7675ea854038aec2e1519b47c0e6272e0. So I agree that these two pull requests should land in unison.

Jul 03 '25 23:07 Aditi-1400

Running CI to ensure all of openssl 1.1.1, 3.0, and 3.5 are happy with this.

✅ [email protected] https://ci.nodejs.org/job/node-test-commit-linux-containered/51535/nodes=ubuntu2204_sharedlibs_openssl111_x64/
✅ [email protected] https://ci.nodejs.org/job/node-test-commit-linux-containered/51535/nodes=ubuntu2204_sharedlibs_openssl30_x64/
✅ [email protected] https://ci.nodejs.org/job/node-test-commit-linux-containered/51535/nodes=ubuntu2204_sharedlibs_openssl35_x64/

Jul 04 '25 09:07 panva

CI: https://ci.nodejs.org/job/node-test-pull-request/67834/

Jul 04 '25 09:07 nodejs-github-bot

I'll rebase on top of #58942 when it lands and add a deprecation warning here as well.

Jul 04 '25 12:07 panva

Thank you for working on this @Aditi-1400

Jul 04 '25 12:07 panva

CI: https://ci.nodejs.org/job/node-test-pull-request/67846/

Jul 05 '25 10:07 nodejs-github-bot

CI: https://ci.nodejs.org/job/node-test-pull-request/67847/

Jul 05 '25 11:07 nodejs-github-bot

Needs a new CI after the push

Jul 08 '25 13:07 joyeecheung

@joyeecheung CI has ran with the latest push.

Jul 08 '25 13:07 panva

Landed in 1c4fe6d795ca8e318503fe0d78585d9ba99a31df

Jul 08 '25 13:07 nodejs-github-bot

This doesn't land cleanly on v22.x-staging

Jul 21 '25 18:07 aduh95

This pull request at least depends on https://github.com/nodejs/node/pull/56653, https://github.com/nodejs/node/pull/57300 and https://github.com/nodejs/node/pull/54028

Sep 24 '25 17:09 Aditi-1400