crypto: move deprecated hash and mgf1Hash options to EOL

doc/api/deprecations.md

@@ -3202,6 +3202,9 @@ option, or a non-nullish non-boolean value for `verbatim` option in
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/58706
+    description: End-of-Life.
   - version: v20.0.0
     pr-url: https://github.com/nodejs/node/pull/45653
     description: Runtime deprecation.
@@ -3212,7 +3215,7 @@ changes:
 
 Type: Runtime
 
-The `'hash'` and `'mgf1Hash'` options are replaced with `'hashAlgorithm'`
+The `'hash'` and `'mgf1Hash'` options were replaced with `'hashAlgorithm'`
 and `'mgf1HashAlgorithm'`.
 
 ### DEP0155: Trailing slashes in pattern specifier resolutions

lib/internal/crypto/keygen.js

@@ -195,7 +195,7 @@ function createJob(mode, type, options) {
       }
 
       const {
-        hash, mgf1Hash, hashAlgorithm, mgf1HashAlgorithm, saltLength,
+        hashAlgorithm, mgf1HashAlgorithm, saltLength,
       } = options;
 
       if (saltLength !== undefined)
@@ -204,36 +204,36 @@ function createJob(mode, type, options) {
         validateString(hashAlgorithm, 'options.hashAlgorithm');
       if (mgf1HashAlgorithm !== undefined)
         validateString(mgf1HashAlgorithm, 'options.mgf1HashAlgorithm');
-      if (hash !== undefined) {
-        process.emitWarning(
-          '"options.hash" is deprecated, ' +
-          'use "options.hashAlgorithm" instead.',
-          'DeprecationWarning',
-          'DEP0154');
-        validateString(hash, 'options.hash');
-        if (hashAlgorithm && hash !== hashAlgorithm) {
-          throw new ERR_INVALID_ARG_VALUE('options.hash', hash);
-        }
+      if (options.hash !== undefined) {
+        // This API previously accepted a `hash` option that was deprecated
+        // and removed. However, in order to make the change more visible, we
+        // opted to throw an error if hash is specified rather than removing it
+        // entirely.
+        throw new ERR_INVALID_ARG_VALUE(
+          'options.hash',
+          options.hash,
+          'is no longer supported',
+        );
       }
-      if (mgf1Hash !== undefined) {
-        process.emitWarning(
-          '"options.mgf1Hash" is deprecated, ' +
-          'use "options.mgf1HashAlgorithm" instead.',
-          'DeprecationWarning',
-          'DEP0154');
-        validateString(mgf1Hash, 'options.mgf1Hash');
-        if (mgf1HashAlgorithm && mgf1Hash !== mgf1HashAlgorithm) {
-          throw new ERR_INVALID_ARG_VALUE('options.mgf1Hash', mgf1Hash);
-        }
+      if (options.mgf1Hash !== undefined) {
+        // This API previously accepted a `mgf1Hash` option that was deprecated
+        // and removed. However, in order to make the change more visible, we
+        // opted to throw an error if mgf1Hash is specified rather than removing
+        // it entirely.
+        throw new ERR_INVALID_ARG_VALUE(
+          'options.mgf1Hash',
+          options.mgf1Hash,
+          'is no longer supported',
+        );
       }
 
       return new RsaKeyPairGenJob(
         mode,
         kKeyVariantRSA_PSS,
         modulusLength,
         publicExponent,
-        hashAlgorithm || hash,
-        mgf1HashAlgorithm || mgf1Hash,
+        hashAlgorithm,
+        mgf1HashAlgorithm,
         saltLength,
         ...encoding);
     }

test/parallel/test-crypto-keygen.js

@@ -800,22 +800,3 @@ const { hasOpenSSL3 } = require('../common/crypto');
     message: 'Invalid MGF1 digest: sha2'
   });
 }
-
-{
-  // This test makes sure deprecated and new options must
-  // be the same value.
-
-  assert.throws(() => generateKeyPair('rsa-pss', {
-    modulusLength: 512,
-    saltLength: 16,
-    mgf1Hash: 'sha256',
-    mgf1HashAlgorithm: 'sha1'
-  }, common.mustNotCall()), { code: 'ERR_INVALID_ARG_VALUE' });
-
-  assert.throws(() => generateKeyPair('rsa-pss', {
-    modulusLength: 512,
-    saltLength: 16,
-    hash: 'sha256',
-    hashAlgorithm: 'sha1'
-  }, common.mustNotCall()), { code: 'ERR_INVALID_ARG_VALUE' });
-}