crypto: evict getCiphers/getHashes cache on setFips/setEngine

getCiphers() and getHashes() used cachedResult() which memoizes once
and never clears. setFips() changes which algorithms OpenSSL exposes
(FIPS-approved only vs. all), and setEngine() can register additional
ciphers/hashes from a loaded engine, but neither invalidated the cache.

Replace the two cachedResult() calls with manual cache variables
(_ciphersCache, _hashesCache) that mirror the existing _hashCache
pattern. Add evictCipherHashCache() and call it from both setFips()
and setEngine() after they mutate OpenSSL state.

getCurves is intentionally left using cachedResult — curves are not
affected by FIPS mode or engine loading.

Fixes: #62982

Author: srikanth-karthi

lib/crypto.js

@@ -121,6 +121,7 @@ const {
   getHashes,
   setEngine,
   secureHeapUsed,
+  evictCipherHashCache,
 } = require('internal/crypto/util');
 const Certificate = require('internal/crypto/certificate');
 const {
@@ -263,6 +264,7 @@ function setFips(val) {
       throw new ERR_WORKER_UNSUPPORTED_OPERATION('Calling crypto.setFips()');
     }
     setFipsCrypto(val);
+    evictCipherHashCache();
   }
 }
 

lib/internal/crypto/util.js

@@ -6,6 +6,7 @@ const {
   ArrayFrom,
   ArrayPrototypeIncludes,
   ArrayPrototypePush,
+  ArrayPrototypeSlice,
   BigInt,
   DataViewPrototypeGetBuffer,
   DataViewPrototypeGetByteLength,
@@ -125,8 +126,25 @@ function getCachedHashId(algorithm) {
   return result === undefined ? -1 : result;
 }
 
-const getCiphers = cachedResult(() => filterDuplicateStrings(_getCiphers()));
-const getHashes = cachedResult(() => filterDuplicateStrings(_getHashes()));
+let _ciphersCache;
+function getCiphers() {
+  if (_ciphersCache === undefined)
+    _ciphersCache = filterDuplicateStrings(_getCiphers());
+  return ArrayPrototypeSlice(_ciphersCache);
+}
+
+let _hashesCache;
+function getHashes() {
+  if (_hashesCache === undefined)
+    _hashesCache = filterDuplicateStrings(_getHashes());
+  return ArrayPrototypeSlice(_hashesCache);
+}
+
+function evictCipherHashCache() {
+  _ciphersCache = undefined;
+  _hashesCache = undefined;
+}
+
 const getCurves = cachedResult(() => filterDuplicateStrings(_getCurves()));
 
 function setEngine(id, flags) {
@@ -143,6 +161,7 @@ function setEngine(id, flags) {
     throw new ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED();
   if (!_setEngine(id, flags))
     throw new ERR_CRYPTO_ENGINE_UNKNOWN(id);
+  evictCipherHashCache();
 }
 
 const getArrayBufferOrView = hideStackFrames((buffer, name, encoding) => {
@@ -855,6 +874,7 @@ module.exports = {
   getCurves,
   getDataViewOrTypedArrayBuffer,
   getHashes,
+  evictCipherHashCache,
   kHandle,
   kKeyObject,
   setEngine,