crypto: allow monkey patching of pseudoRandomBytes

[Flarna]

Make pseudoRandomBytes and it's aliases prng and rng
configurable to allow monkey patching.

Background: Some modules still use these deprecated APIs (see e.g.
#23013) and therefore these APIs are only pending deprecated. As APM
vendor we can't decide which modules customers so we need a way to
monitor also the aliases similar as the correct API. Current way to
do this is monkey patching.

Maybe we could even consider to set writeable: true.

If there are good arguments to keep it as it is I'm also fine with
closing this PR.

Refs: #22519
Refs: #23017

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

[refack]

/CC @nodejs/crypto

[refack]

Hello @Flarna and thank you for the contribution.
The change SGTM, but I don't feel I'm qualified to approve.
What I would suggest (iff the mood will be to approve this) is adding a test that asserts that these APIs are indeed configurable. Maybe even document that.

[sam-github]

LGTM. The monkey patchability of the API surface isn't usually tested or documented, so while I'm usually a big fan of both, I don't personally think its necessary in this case. I can't think of any other APIs where we document the reassignability of the function. Monkey-patchability isn't something we formally commit to, but in the interests of supporting APM vendors, if the maintenance cost is low I don't think we should get in its way, either. This change looks to me to have very low maintenance cost.

[Flarna]

Sure, I can add tests.
Main point is to first get on an agreement if this is ok or not and if we should set also writeable: true - like for "normal" exports.

[refack]

The monkey patchability of the API surface isn't usually tested or documented, so while I'm usually a big fan of both, I don't personally think its necessary in this case. I can't think of any other APIs where we document the reassignability of the function.

Af I see it most of our current monkey patchability was just emergent. This is a bit different since we are enabling this explicitly and so IMHO we should commit to.

[Flarna]

I think the main target of the initial change was just to have the APIs not enumerable.
Having them non writeable/configurable was maybe just a side effect of the defaults which are inverted if a property descriptor is used compared to just setting a named property.

I think it would be good to define a guideline for deprecations like this to get a consistent API.

[Trott]

@nodejs/security-wg

[Flarna]

Updated by setting also writeable: true and added a test.
I have seen that writeable: true is also used in other places (e.g. queueMicrotask) and it avoids to play around with descriptors during patching.

[Flarna]

Is there anything left I have to do with this PR?

[tniessen]

@Flarna No, sorry for the delay. CI: https://ci.nodejs.org/job/node-test-pull-request/18857/

[Trott]

Landed in f85d636

[BethGriggs]

This change does not land cleanly on v10.x-staging. I've added the backport-requested-v10.x label, but feel free to swap to dont-land-on- if this change shouldn't land on v10.x.

[Flarna]

@BethGriggs This change is not applicable to v10.x but I don't think I have rights to change labels here.