test: skip sha128/256 createHash()/hash() on openssl 3.4.

OpenSSL 3.4 has intentionally broken EVP_DigestFinal for SHAKE128 and SHAKE256 when OSSL_DIGEST_PARAM_XOFLEN is not set because a) the default length used weakened them from their maximum strength and b) a static length does not fully make sense for XOFs (which SHAKE* are). Unfortunately, while crypto.createHash accepts an option argument that can be something like `{ outputLength: 128 }`, crypto.hash doesn't offer a similar API. Therefore there is little choice but to skip the test completely for shake128 and shake256 on openssl >= 3.4. PR-URL: #56294 Fixes: #56159 Refs: openssl/openssl@b911fef Refs: openssl/openssl@ad3f28c
nodejs · Jan 10, 2025 · bd7fc7a · bd7fc7a
1 parent 529b56e
commit bd7fc7a
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/test/parallel/test-crypto-oneshot-hash.js b/test/parallel/test-crypto-oneshot-hash.js
@@ -26,7 +26,18 @@ const fs = require('fs');
 assert.throws(() => { crypto.hash('sha1', 'test', 'not an encoding'); }, { code: 'ERR_INVALID_ARG_VALUE' });
 
 // Test that the output of crypto.hash() is the same as crypto.createHash().
-const methods = crypto.getHashes();
+const methods =
+  crypto.getHashes()
+  // OpenSSL 3.4 has stopped supporting shake128 and shake256 if the output
+  // length is not set explicitly as the a fixed output length doesn't make a
+  // lot of sense for them, and the default one in OpenSSL was too short and
+  // unexpectedly limiting the security strength
+  .filter(
+    common.hasOpenSSL(3, 4) ?
+      method => method !== 'shake128' && method !== 'shake256' :
+      () => true,
+  )
+;
 
 const input = fs.readFileSync(fixtures.path('utf8_test_text.txt'));