Replace built-in hashlib with verified implementations from HACL* #99108
Assignees
Labels
Comments
|
(missing context: there was a private email thread cc'ing ~7 of us including myself, @tiran, @alex, @msprotz & others that led to this issue and PR) in response to #98517 CVE happening with our old XKCP sha3 vendored code. One reason I might support this work across all of our required always supported hashes is that if these perform well, I'd be happy to see the If this sounds like the opposite of my statements over buried in the blake3 rejection thread - it's because I did not seek an alternative to the variety of vendored fallback hash algorithm implementations we carry there. So the goal in those statements was to lean towards simplicity instead of complexity. (which has already paid off via our XKCP removal in favor of tiny_sha3 by not having Python 3.11+ suffer from the sha3 XKCP CVE that the larger complex third party code in 3.6-3.10 did) We provide and ship native implementations for the hash algorithms anyways as we support builds without OpenSSL present, and support building on systems with libssl versions or variants that do not provide everything. Q: Would adopting this code increase our maintenance burden? A: Probably, yes. We'd presumably want to update it with more recent versions from hacl-star from time to time. Though the theory is that there should never be a security need to do so? In the past we've been asked to update vendored hash algorithm code from time to time but have hesitated due to the complexity and perceived risk, and assumed lack of reward given people who care about performance would presumably have a modern OpenSSL to get that from. Though if we did get rid of the OpenSSL wrapper code that'd also be a reduced burden. Q: What about performance? A: Good question. That needs continual measuring on our Tiered supported platforms. Don't focus solely on thruput. OpenSSL's EVP APIs are known to have silly-slow setup time. So something hashing a pile of 234 byte objects may be slow no matter how good OpenSSL's bulk data thruput is. Benchmark small message thruput as well as bulk data thruput. Parting thought: There is a broader desire to wean us off of our OpenSSL dependency. I realize that's a hard thing so long as the |
|
Thanks for your comment, Greg. Some related thoughts.
None of this is infeasible -- it's just a matter of deciding what is good for a Python-in-the-future where hashlib no longer depends on OpenSSL. For instance, you might say "let's maintain a portable C version, and one single ASM version that uses SHAEXT when available (fastest)", and this is something we could make happen within HACL*. Just to give you a sense of what we have right now, allow me to go into greater detail:
Hope this helps. As you said, this kind of change is a first step in the right direction. |
gpshead
added a commit
that referenced
this issue
Feb 7, 2023
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
|
Alright, the first PR is in. Checkbox time:
|
|
Great! sha384/sha512 is a no-brainer and I'll send a followup PR very soon. We have SHA3 as well, so I can send that in, too, with the caveat that we have a few performance optimizations for sha3 in the works, so we can either wait for those to land in HACL* then submit the Python PR, or first land SHA3 in Python, then send a followup PR to refresh the HACL* code once the performance tweaks have landed. Happy to hear your thoughts on this. |
gpshead
pushed a commit
that referenced
this issue
Feb 14, 2023
Replace the builtin hashlib implementations of SHA2-384 and SHA2-512 originally from LibTomCrypt with formally verified, side-channel resistant code from the [HACL*](https://github.com/hacl-star/hacl-star/) project. The builtins remain a fallback only used when OpenSSL does not provide them.
|
Given that the SHA3 implementation we currently ship is a tiny poor performing one, no need to wait. I expect we'll pull in updates to the HACL* implementations as needed in the future when there is a motivating reason. |
gpshead
added a commit
that referenced
this issue
Feb 14, 2023
This builds HACL* as a library in one place. A followup to #101707 which broke some WASM builds. This fixes 2/4 of them, but the enscripten toolchain in the others don't deduplicate linker arguments and error out. A follow-on PR will address those.
gpshead
added a commit
to gpshead/cpython
that referenced
this issue
Feb 15, 2023
This merges their code. They're backed by the same single HACL* star static library, having them be a single module simplifies maintenance. This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice. Long unnoticed error fixed: `_sha512.SHA384Type` was doubly assigned and was actually SHA512Type. Nobody depends on those internal names.
gpshead
added a commit
that referenced
this issue
Feb 16, 2023
This merges their code. They're backed by the same single HACL* static library, having them be a single module simplifies maintenance. This should unbreak the wasm enscripten builds that currently fail due to linking in --whole-archive mode and the HACL* library appearing twice. Long unnoticed error fixed: _sha512.SHA384Type was doubly assigned and was actually SHA512Type. Nobody depends on those internal names. Also rename LIBHACL_ make vars to LIBHACL_SHA2_ in preperation for other future HACL things.
gpshead
pushed a commit
that referenced
this issue
Feb 22, 2023
Replaces our fallback non-OpenSSL MD5 and SHA1 implementations with those from HACL* as we've already done with SHA2.
carljm
added a commit
to carljm/cpython
that referenced
this issue
Feb 23, 2023
* main: (76 commits) Fix syntax error in struct doc example (python#102160) pythongh-99108: Import MD5 and SHA1 from HACL* (python#102089) pythonGH-101777: `queue.rst`: use 2 spaces after a period to be consistent. (python#102143) Few coverage nitpicks for the cmath module (python#102067) pythonGH-100982: Restrict `FOR_ITER_RANGE` to a single instruction to allow instrumentation. (pythonGH-101985) pythongh-102135: Update turtle docs to rename wikipedia demo to rosette (python#102137) pythongh-99942: python.pc on android/cygwin should link to libpython per configure.ac (pythonGH-100356) pythongh-95672 fix typo SkitTest to SkipTest (pythongh-102119) pythongh-101936: Update the default value of fp from io.StringIO to io.BytesIO (pythongh-102100) pythongh-102008: simplify test_except_star by using sys.exception() instead of sys.exc_info() (python#102009) pythongh-101903: Remove obsolete undefs for previously removed macros Py_EnterRecursiveCall and Py_LeaveRecursiveCall (python#101923) pythongh-100556: Improve clarity of `or` docs (python#100589) pythongh-101777: Make `PriorityQueue` docs slightly clearer (python#102026) pythongh-101965: Fix usage of Py_EnterRecursiveCall return value in _bisectmodule.c (pythonGH-101966) pythongh-101578: Amend exception docs (python#102057) pythongh-101961 fileinput.hookcompressed should not set the encoding value for the binary mode (pythongh-102068) pythongh-102056: Fix a few bugs in error handling of exception printing code (python#102078) pythongh-102011: use sys.exception() instead of sys.exc_info() in docs where possible (python#102012) pythongh-101566: Sync with zipp 3.14. (pythonGH-102018) pythonGH-99818: improve the documentation for zipfile.Path and Traversable (pythonGH-101589) ...
miss-islington
pushed a commit
that referenced
this issue
Feb 23, 2023
Automerge-Triggered-By: GH:erlend-aasland
|
@gpshead I'll let you check MD5/SHA1 in the checklist above... quick question: what is the timeline for landing sha3? it requires a little bit of work on my side and I'll be traveling all March, so ideally I would submit the SHA3 PR in April. But if it's a dealbreaker because of e.g. the Python release schedule, I can scramble to try to submit it before then. Let me know. |
|
So long as we can get it committed before 3.12beta1 at the beginning of May (see https://peps.python.org/pep-0693/) we're good. So April for that is fine by me. No need to scramble. |
erlend-aasland
pushed a commit
that referenced
this issue
Feb 28, 2023
carljm
added a commit
to carljm/cpython
that referenced
this issue
Feb 28, 2023
* main: (67 commits) pythongh-99108: Add missing md5/sha1 defines to Modules/Setup (python#102308) pythongh-100227: Move _str_replace_inf to PyInterpreterState (pythongh-102333) pythongh-100227: Move the dtoa State to PyInterpreterState (pythongh-102331) pythonGH-102305: Expand some macros in generated_cases.c.h (python#102309) Migrate to new PSF mailgun account (python#102284) pythongh-102192: Replace PyErr_Fetch/Restore etc by more efficient alternatives (in Python/) (python#102193) pythonGH-90744: Fix erroneous doc links in the sys module (python#101319) pythongh-87092: Make jump target label equal to the offset of the target in the instructions sequence (python#102093) pythongh-101101: Unstable C API tier (PEP 689) (pythonGH-101102) IDLE: Simplify DynOptionsMenu __init__code (python#101371) pythongh-101561: Add typing.override decorator (python#101564) pythongh-101825: Clarify that as_integer_ratio() output is always normalized (python#101843) pythongh-101773: Optimize creation of Fractions in private methods (python#101780) pythongh-102251: Updates to test_imp Toward Fixing Some Refleaks (pythongh-102254) pythongh-102296 Document that inspect.Parameter kinds support ordering (pythonGH-102297) pythongh-102250: Fix double-decref in COMPARE_AND_BRANCH error case (pythonGH-102287) pythongh-101100: Fix sphinx warnings in `types` module (python#102274) pythongh-91038: Change default argument value to `False` instead of `0` (python#31621) pythongh-101765: unicodeobject: use Py_XDECREF correctly (python#102283) [doc] Improve grammar/fix missing word (pythonGH-102060) ...
This was referenced Apr 11, 2023
jbower-fb
pushed a commit
to jbower-fb/cpython-jbowerfb
that referenced
this issue
May 8, 2023
case sensitive filename
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 9, 2023
* main: (47 commits) pythongh-97696 Remove unnecessary check for eager_start kwarg (python#104188) pythonGH-104308: socket.getnameinfo should release the GIL (python#104307) pythongh-104310: Add importlib.util.allowing_all_extensions() (pythongh-104311) pythongh-99113: A Per-Interpreter GIL! (pythongh-104210) pythonGH-104284: Fix documentation gettext build (python#104296) pythongh-89550: Buffer GzipFile.write to reduce execution time by ~15% (python#101251) pythongh-104223: Fix issues with inheriting from buffer classes (python#104227) pythongh-99108: fix typo in Modules/Setup (python#104293) pythonGH-104145: Use fully-qualified cross reference types for the bisect module (python#104172) pythongh-103193: Improve `getattr_static` test coverage (python#104286) Trim trailing whitespace and test on CI (python#104275) pythongh-102500: Remove mention of bytes shorthand (python#104281) pythongh-97696: Improve and fix documentation for asyncio eager tasks (python#104256) pythongh-99108: Replace SHA3 implementation HACL* version (python#103597) pythongh-104273: Remove redundant len() calls in argparse function (python#104274) pythongh-64660: Don't hardcode Argument Clinic return converter result variable name (python#104200) pythongh-104265 Disallow instantiation of `_csv.Reader` and `_csv.Writer` (python#104266) pythonGH-102613: Improve performance of `pathlib.Path.rglob()` (pythonGH-104244) pythongh-103650: Fix perf maps address format (python#103651) pythonGH-89812: Churn `pathlib.Path` methods (pythonGH-104243) ...
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 9, 2023
* main: (29 commits) pythongh-104276: Make `_struct.unpack_iterator` type use type flag instead of custom constructor (python#104277) pythongh-97696: Move around and update the whatsnew entry for asyncio eager task factory (python#104298) pythongh-103193: Fix refleaks in `test_inspect` and `test_typing` (python#104320) require-pr-label.yml: Add missing "permissions:" (python#104309) pythongh-90656: Add platform triplets for 64-bit LoongArch (LA64) (python#30939) pythongh-104180: Read SOCKS proxies from macOS System Configuration (python#104181) pythongh-97696 Remove unnecessary check for eager_start kwarg (python#104188) pythonGH-104308: socket.getnameinfo should release the GIL (python#104307) pythongh-104310: Add importlib.util.allowing_all_extensions() (pythongh-104311) pythongh-99113: A Per-Interpreter GIL! (pythongh-104210) pythonGH-104284: Fix documentation gettext build (python#104296) pythongh-89550: Buffer GzipFile.write to reduce execution time by ~15% (python#101251) pythongh-104223: Fix issues with inheriting from buffer classes (python#104227) pythongh-99108: fix typo in Modules/Setup (python#104293) pythonGH-104145: Use fully-qualified cross reference types for the bisect module (python#104172) pythongh-103193: Improve `getattr_static` test coverage (python#104286) Trim trailing whitespace and test on CI (python#104275) pythongh-102500: Remove mention of bytes shorthand (python#104281) pythongh-97696: Improve and fix documentation for asyncio eager tasks (python#104256) pythongh-99108: Replace SHA3 implementation HACL* version (python#103597) ...
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 9, 2023
* main: (156 commits) pythongh-97696 Add documentation for get_coro() behavior with eager tasks (python#104304) pythongh-97933: (PEP 709) inline list/dict/set comprehensions (python#101441) pythongh-99889: Fix directory traversal security flaw in uu.decode() (python#104096) pythongh-104184: fix building --with-pydebug --enable-pystats (python#104217) pythongh-104139: Add itms-services to uses_netloc urllib.parse. (python#104312) pythongh-104240: return code unit metadata from codegen (python#104300) pythongh-104276: Make `_struct.unpack_iterator` type use type flag instead of custom constructor (python#104277) pythongh-97696: Move around and update the whatsnew entry for asyncio eager task factory (python#104298) pythongh-103193: Fix refleaks in `test_inspect` and `test_typing` (python#104320) require-pr-label.yml: Add missing "permissions:" (python#104309) pythongh-90656: Add platform triplets for 64-bit LoongArch (LA64) (python#30939) pythongh-104180: Read SOCKS proxies from macOS System Configuration (python#104181) pythongh-97696 Remove unnecessary check for eager_start kwarg (python#104188) pythonGH-104308: socket.getnameinfo should release the GIL (python#104307) pythongh-104310: Add importlib.util.allowing_all_extensions() (pythongh-104311) pythongh-99113: A Per-Interpreter GIL! (pythongh-104210) pythonGH-104284: Fix documentation gettext build (python#104296) pythongh-89550: Buffer GzipFile.write to reduce execution time by ~15% (python#101251) pythongh-104223: Fix issues with inheriting from buffer classes (python#104227) pythongh-99108: fix typo in Modules/Setup (python#104293) ...
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 9, 2023
* main: (35 commits) pythongh-97696 Add documentation for get_coro() behavior with eager tasks (python#104304) pythongh-97933: (PEP 709) inline list/dict/set comprehensions (python#101441) pythongh-99889: Fix directory traversal security flaw in uu.decode() (python#104096) pythongh-104184: fix building --with-pydebug --enable-pystats (python#104217) pythongh-104139: Add itms-services to uses_netloc urllib.parse. (python#104312) pythongh-104240: return code unit metadata from codegen (python#104300) pythongh-104276: Make `_struct.unpack_iterator` type use type flag instead of custom constructor (python#104277) pythongh-97696: Move around and update the whatsnew entry for asyncio eager task factory (python#104298) pythongh-103193: Fix refleaks in `test_inspect` and `test_typing` (python#104320) require-pr-label.yml: Add missing "permissions:" (python#104309) pythongh-90656: Add platform triplets for 64-bit LoongArch (LA64) (python#30939) pythongh-104180: Read SOCKS proxies from macOS System Configuration (python#104181) pythongh-97696 Remove unnecessary check for eager_start kwarg (python#104188) pythonGH-104308: socket.getnameinfo should release the GIL (python#104307) pythongh-104310: Add importlib.util.allowing_all_extensions() (pythongh-104311) pythongh-99113: A Per-Interpreter GIL! (pythongh-104210) pythonGH-104284: Fix documentation gettext build (python#104296) pythongh-89550: Buffer GzipFile.write to reduce execution time by ~15% (python#101251) pythongh-104223: Fix issues with inheriting from buffer classes (python#104227) pythongh-99108: fix typo in Modules/Setup (python#104293) ...
gpshead
pushed a commit
that referenced
this issue
May 11, 2023
Refresh HACL* from upstream and add a SHA3 test hashing over 4GiB of data.
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 12, 2023
* main: pythongh-91896: Fixup some docs issues following ByteString deprecation (python#104422) pythonGH-104371: check return value of calling `mv.release` (python#104417) pythongh-104415: Fix refleak tests for `typing.ByteString` deprecation (python#104416) pythonGH-86275: Implementation of hypothesis stubs for property-based tests, with zoneinfo tests (python#22863) pythonGH-103082: Filter LINE events in VM, to simplify tool implementation. (pythonGH-104387) pythongh-93649: Split gc- and allocation tests from _testcapimodule.c (pythonGH-104403) pythongh-104389: Add 'unused' keyword to Argument Clinic C converters (python#104390) pythongh-101819: Prepare _io._IOBase for module state (python#104386) pythongh-104413: Fix refleak when super attribute throws AttributeError (python#104414) Fix refleak in `super_descr_get` (python#104408) pythongh-87526: Remove dead initialization from _zoneinfo parse_abbr() (python#24700) pythongh-91896: Improve visibility of `ByteString` deprecation warnings (python#104294) pythongh-104371: Fix calls to `__release_buffer__` while an exception is active (python#104378) pythongh-104377: fix cell in comprehension that is free in outer scope (python#104394) pythongh-104392: Remove _paramspec_tvars from typing (python#104393) pythongh-104396: uuid.py to skip platform check for emscripten and wasi (pythongh-104397) pythongh-99108: Refresh HACL* from upstream (python#104401) pythongh-104301: Allow leading whitespace in disambiguated pdb statements (python#104342)
|
Quick update: I took a look at our blake2 code and it doesn't expose enough of the parameterized API which Python currently offers for tree hashing. It's not a big deal, but means there's enough work on our end that Blake2 won't make it into 3.12 but rather into the next release... I'll post updates here once we make enough progress upstream. |
gpshead
added a commit
to gpshead/cpython
that referenced
this issue
May 20, 2023
This matches the GIL releasing behavior of our existing `_hashopenssl` module, extending it to the HACL* built-ins.
gpshead
added a commit
that referenced
this issue
May 23, 2023
This matches the GIL releasing behavior of our existing `_hashopenssl` module, extending it to the HACL* built-ins. Includes adding comments to better describe the ENTER/LEAVE macros purpose and explain the lock strategy in both existing and new code.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
May 23, 2023
…ythonGH-104675) This matches the GIL releasing behavior of our existing `_hashopenssl` module, extending it to the HACL* built-ins. Includes adding comments to better describe the ENTER/LEAVE macros purpose and explain the lock strategy in both existing and new code. (cherry picked from commit 2e5d8a9) Co-authored-by: Gregory P. Smith <greg@krypto.org>
gpshead
added a commit
that referenced
this issue
May 23, 2023
…H-104675) (#104776) gh-99108: Release the GIL around hashlib built-in computation (GH-104675) This matches the GIL releasing behavior of our existing `_hashopenssl` module, extending it to the HACL* built-ins. Includes adding comments to better describe the ENTER/LEAVE macros purpose and explain the lock strategy in both existing and new code. (cherry picked from commit 2e5d8a9) Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
gpshead
pushed a commit
that referenced
this issue
May 24, 2023
Refresh HACL* from upstream to improve SHA2 performance and fix a 32-bit issue in SHA3.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
May 24, 2023
Refresh HACL* from upstream to improve SHA2 performance and fix a 32-bit issue in SHA3. (cherry picked from commit 160321e) Co-authored-by: Jonathan Protzenko <protz@microsoft.com>
gpshead
pushed a commit
that referenced
this issue
May 24, 2023
gpshead
added a commit
to gpshead/cpython
that referenced
this issue
Jun 10, 2023
gpshead
added a commit
that referenced
this issue
Jun 10, 2023
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Jun 10, 2023
(cherry picked from commit 3a314f7) Co-authored-by: Gregory P. Smith <greg@krypto.org>
TheShermanTanker
added a commit
to TheShermanTanker/cpython
that referenced
this issue
Jun 14, 2023
commit 74c2422 Author: Guido van Rossum <guido@python.org> Date: Wed Jun 14 08:19:24 2023 -0700 Update DSL docs for cases generator (python#105753) * Clarify things around goto error/ERROR_IF a bit * Remove docs for super-instructions * Add pseudo; fix heading markup commit 1d857da Author: Mark Shannon <mark@hotpy.org> Date: Wed Jun 14 16:15:08 2023 +0100 pythonGH-77273: Better bytecodes for f-strings (pythonGH-6132) commit 307bcea Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 17:00:40 2023 +0200 xmlrpc.client uses datetime.datetime.isoformat() (python#105741) Reimplement _iso8601_format() using the datetime isoformat() method. Ignore the timezone. Co-Authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com> commit 7b1f0f2 Author: Alex Waygood <Alex.Waygood@Gmail.com> Date: Wed Jun 14 15:58:41 2023 +0100 pythongh-105570: Deprecate unusual ways of creating empty TypedDicts (python#105780) Deprecate two methods of creating typing.TypedDict classes with 0 fields using the functional syntax: `TD = TypedDict("TD")` and `TD = TypedDict("TD", None)`. Both will be disallowed in Python 3.15. To create a TypedDict class with 0 fields, either use `class TD(TypedDict): pass` or `TD = TypedDict("TD", {})`. commit d32e8d6 Author: TATHAGATA ROY <royzen9495@gmail.com> Date: Wed Jun 14 19:51:30 2023 +0530 pythongh-105196: Fix indentations of section headings in C API docs (python#105672) commit 4a113e2 Author: Alex Waygood <Alex.Waygood@Gmail.com> Date: Wed Jun 14 15:19:27 2023 +0100 Typing docs: move the deprecated stuff below the non-deprecated stuff (python#105781) commit 7199584 Author: Mark Shannon <mark@hotpy.org> Date: Wed Jun 14 13:46:37 2023 +0100 pythonGH-100987: Allow objects other than code objects as the "executable" of an internal frame. (pythonGH-105727) * Add table describing possible executable classes for out-of-process debuggers. * Remove shim code object creation code as it is no longer needed. * Make lltrace a bit more robust w.r.t. non-standard frames. commit ad56340 Author: Alex Waygood <Alex.Waygood@Gmail.com> Date: Wed Jun 14 13:38:49 2023 +0100 pythongh-105566: Deprecate unusual ways of creating `typing.NamedTuple` classes (python#105609) Deprecate creating a typing.NamedTuple class using keyword arguments to denote the fields (`NT = NamedTuple("NT", x=int, y=str)`). This will be disallowed in Python 3.15. Use the class-based syntax or the functional syntax instead. Two methods of creating `NamedTuple` classes with 0 fields using the functional syntax are also deprecated, and will be disallowed in Python 3.15: `NT = NamedTuple("NT")` and `NT = NamedTuple("NT", None)`. To create a `NamedTuple` class with 0 fields, either use `class NT(NamedTuple): pass` or `NT = NamedTuple("NT", [])`. commit fc8037d Author: Jelle Zijlstra <jelle.zijlstra@gmail.com> Date: Wed Jun 14 05:35:06 2023 -0700 pythongh-104873: Add typing.get_protocol_members and typing.is_protocol (python#104878) Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> commit ba516e7 Author: Kirill Podoprigora <kirill.bast9@mail.ru> Date: Wed Jun 14 15:17:12 2023 +0300 pythongh-102541: Hide traceback in help prompt (pythongh-102614) commit 0316063 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 12:30:22 2023 +0200 gdb libpython.py: Remove compatibility code (python#105739) Remove compatibility code for Python 2 and early Python 3 versions. * Remove os_fsencode() reimplementation: use os.fsencode() directly. os.fsencode() was added to Python 3.2. * Remove references to Python 2 and "Python 3": just say "Python". * Remove outdated u'' string format: use '' instead. commit e5d45b7 Author: Nikita Sobolev <mail@sobolevn.me> Date: Wed Jun 14 13:29:16 2023 +0300 pythongh-105745: Fix open method of webbrowser.Konqueror (python#105746) commit 67f69db Author: Nikita Sobolev <mail@sobolevn.me> Date: Wed Jun 14 13:26:20 2023 +0300 pythongh-105687: Remove deprecated objects from `re` module (python#105688) commit fb655e0 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 12:12:25 2023 +0200 _ctypes callbacks.c uses _Py_COMP_DIAG_IGNORE_DEPR_DECLS (python#105732) Replace #pragma with _Py_COMP_DIAG_PUSH, _Py_COMP_DIAG_IGNORE_DEPR_DECLS and _Py_COMP_DIAG_POP to ease Python maintenance. Also add a comment explaining why callbacks.c ignores a deprecation warning. commit 5cdd5ba Author: Jelle Zijlstra <jelle.zijlstra@gmail.com> Date: Wed Jun 14 00:26:48 2023 -0700 tarfile: Fix positional-only syntax in docs (pythonGH-105770) The syntax used in the current docs (a / before any args) is invalid. I think the right approach is for the arguments to arbitrary filter functions to be treated as positional-only, meaning that users can supply filter functions with any names for the argument. tarfile.py only calls the filter function with positional arguments. commit 6199fe3 Author: Eddie Elizondo <eduardo.elizondorueda@gmail.com> Date: Wed Jun 14 00:33:32 2023 -0400 pythongh-105587: Remove assertion from `_PyStaticObject_CheckRefcnt` (python#105638) commit dab5a3e Author: Barney Gale <barney.gale@gmail.com> Date: Wed Jun 14 05:06:58 2023 +0100 pythonGH-89812: Clean up pathlib tests. (python#104829) Clean up pathlib tests. Merge `PurePathTest` into `_BasePurePathTest`, and `PathTest` into `_BasePathTest`. commit b95de96 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 05:34:11 2023 +0200 pythongh-105751: test_ctypes avoids "from ctypes import *" (python#105768) Using "import *" prevents linters like pyflakes to detect undefined names (usually missing imports). Replace c_voidp with c_void_p. commit 381a1dc Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 04:47:01 2023 +0200 pythongh-105751: test_ctypes.test_numbers uses top level imports (python#105762) Moroever, c_ulonglong and c_bool are always available. commit ac7b551 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 04:46:47 2023 +0200 pythongh-105751: test_ctypes gets Windows attrs from ctypes (python#105758) test_ctypes now gets attributes specific to Windows from the ctypes module, rather than relying on "from ctypes import *". Attributes: * ctypes.FormatError * ctypes.WINFUNCTYPE * ctypes.WinError * ctypes.WinDLL * ctypes.windll * ctypes.oledll * ctypes.get_last_error() * ctypes.set_last_error() commit b87d288 Author: Eric Snow <ericsnowcurrently@gmail.com> Date: Tue Jun 13 18:58:23 2023 -0600 pythongh-105699: Use a Thread-Local Variable for PKGCONTEXT (pythongh-105740) This fixes a race during import. The existing _PyRuntimeState.imports.pkgcontext is shared between interpreters, and occasionally this would cause a crash when multiple interpreters were importing extensions modules at the same time. To solve this we add a thread-local variable for the value. We also leave the existing state (and infrequent race) in place for platforms that do not support thread-local variables. commit fcf0647 Author: Eric Snow <ericsnowcurrently@gmail.com> Date: Tue Jun 13 18:39:18 2023 -0600 pythongh-104812: Skip Pending Calls Tests if No Threading (pythongh-105761) This fixes the WASM buildbots. commit b542972 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 02:33:00 2023 +0200 pythongh-105387: Limited C API implements Py_INCREF() as func (python#105388) In the limited C API version 3.12, Py_INCREF() and Py_DECREF() functions are now implemented as opaque function calls to hide implementation details. commit f3266c0 Author: zentarim <33746047+zentarim@users.noreply.github.com> Date: Wed Jun 14 02:45:47 2023 +0300 pythonGH-104554: Add RTSPS support to `urllib/parse.py` (python#104605) * pythonGH-104554: Add RTSPS support to `urllib/parse.py` RTSPS is the permanent scheme defined in https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml alongside RTSP and RTSPU schemes. * 📜🤖 Added by blurb_it. --------- Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> commit 4cefe3c Author: Steve Dower <steve.dower@python.org> Date: Wed Jun 14 00:00:16 2023 +0100 pythongh-105436: Ignore unrelated errors when checking empty env (pythonGH-105742) commit 457a459 Author: Victor Stinner <vstinner@python.org> Date: Wed Jun 14 00:32:12 2023 +0200 pythongh-98040: Fix importbench: use types.ModuleType() (python#105743) Replace removed imp.new_module(name) with types.ModuleType(name). commit 757b402 Author: Eric Snow <ericsnowcurrently@gmail.com> Date: Tue Jun 13 15:02:19 2023 -0600 pythongh-104812: Run Pending Calls in any Thread (pythongh-104813) For a while now, pending calls only run in the main thread (in the main interpreter). This PR changes things to allow any thread run a pending call, unless the pending call was explicitly added for the main thread to run. commit 4e80082 Author: Łukasz Langa <lukasz@langa.pl> Date: Tue Jun 13 20:44:27 2023 +0000 pythongh-102613: Bump recursion limit to fix running test_pathlib under Coverage (python#105744) commit be2779c Author: Irit Katriel <1055913+iritkatriel@users.noreply.github.com> Date: Tue Jun 13 21:42:03 2023 +0100 pythongh-105481: add flags to each instr in the opcode metadata table, to replace opcode.hasarg/hasname/hasconst (python#105482) commit 2211454 Author: Victor Stinner <vstinner@python.org> Date: Tue Jun 13 20:16:26 2023 +0200 pythongh-105733: Deprecate ctypes SetPointerType() and ARRAY() (python#105734) commit b97e14a Author: Eric Snow <ericsnowcurrently@gmail.com> Date: Tue Jun 13 11:08:32 2023 -0600 pythongh-105603: Change the PyInterpreterConfig.own gil Field (pythongh-105620) We are changing it to be more flexible that a strict bool can be for possible future expanded used cases. commit abfbab6 Author: Lysandros Nikolaou <lisandrosnik@gmail.com> Date: Tue Jun 13 17:18:11 2023 +0200 pythongh-105718: Fix buffer allocation in tokenizer with readline (python#105728) commit d0f1afd Author: Victor Stinner <vstinner@python.org> Date: Tue Jun 13 13:49:36 2023 +0200 pythongh-105373: Remove PyArg_Parse() deprecation (python#105394) There is no plan to deprecate PyArg_Parse(). The deprecation was added as a comment in the C API documentation in 2007 by commit 85eb8c1. commit ed8217b Author: Lysandros Nikolaou <lisandrosnik@gmail.com> Date: Tue Jun 13 12:39:29 2023 +0200 pythongh-105713: Document that tokenize raises when mixing tabs/spaces (python#105723) * pythongh-105713: Document that tokenize raises when mixing tabs/spaces * Update Doc/whatsnew/3.12.rst Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> commit c3d2d64 Author: Mark Shannon <mark@hotpy.org> Date: Tue Jun 13 10:34:27 2023 +0100 Fix magic number (pythonGH-105722) commit 09ffa69 Author: Mark Shannon <mark@hotpy.org> Date: Tue Jun 13 09:51:05 2023 +0100 pythonGH-105678: Split MAKE_FUNCTION into MAKE_FUNCTION and SET_FUNCTION_ATTRIBUTE (pythonGH-105680) commit 217589d Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Tue Jun 13 10:38:01 2023 +0200 pythongh-105375: Improve error handling in _Unpickler_SetInputStream() (python#105667) Prevent exceptions from possibly being overwritten in case of multiple failures. commit 840d02f Author: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> Date: Tue Jun 13 11:36:40 2023 +0530 pythonGH-105684: Require `asyncio.Task` implementations to support `set_name` method (python#105685) commit 829ac13 Author: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> Date: Tue Jun 13 11:11:34 2023 +0530 pythonGH-104787: use bitfields in `_asyncio` (python#104788) commit 8da9d1b Author: Guido van Rossum <guido@python.org> Date: Mon Jun 12 14:55:15 2023 -0700 pythongh-105540: Fix code generator tests (python#105707) This involves expanding PEEK, POKE and JUMPBY macros, and removing super and register tests (those features no longer exist). commit ca3cc4b Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Mon Jun 12 23:35:07 2023 +0200 pythongh-105375: Explicitly initialise all {Pickler,Unpickler}Object fields (python#105686) All fields must be explicitly initialised to prevent manipulation of uninitialised fields in dealloc. Align initialisation order with the layout of the object structs. commit f0fb782 Author: Jay <74105438+weijay0804@users.noreply.github.com> Date: Tue Jun 13 04:29:02 2023 +0800 pythongh-105331: Change `asyncio.sleep` to raise ``ValueError` for nan (python#105641) Co-authored-by: Guido van Rossum <gvanrossum@gmail.com> Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> commit 9544948 Author: Guido van Rossum <guido@python.org> Date: Mon Jun 12 11:19:04 2023 -0700 Remove support for legacy bytecode instructions (python#105705) (A legacy instruction is of the form `instr(FOOBAR)`, i.e. missing the `(... -- ...)` stack/cache effect annotation.) commit b9e7dc7 Author: Guido van Rossum <guido@python.org> Date: Mon Jun 12 10:47:08 2023 -0700 pythongh-105229: Remove syntactic support for super-instructions (python#105703) It will not be used again. commit 4f7d3b6 Author: Dora203 <66343334+sku2000@users.noreply.github.com> Date: Tue Jun 13 00:14:55 2023 +0800 pythongh-105436: The environment block should end with two null wchar_t values (pythonGH-105495) commit 2b90796 Author: Petr Viktorin <encukou@gmail.com> Date: Mon Jun 12 17:45:49 2023 +0200 pythongh-103968: PyType_FromMetaclass: Allow metaclasses with tp_new=NULL (pythonGH-105386) commit 58f0bda Author: Steve Dower <steve.dower@python.org> Date: Mon Jun 12 16:09:14 2023 +0100 ARM64 clamping bug also exists in MSVC 14.35 (pythonGH-105679) commit a8d69fe Author: Nikita Sobolev <mail@sobolevn.me> Date: Mon Jun 12 11:47:56 2023 +0300 pythongh-105673: Fix uninitialized warning in sysmodule.c (python#105674) In sys_add_xoption(), 'value' may be uninitialized for some error paths. commit 58f5227 Author: Irit Katriel <1055913+iritkatriel@users.noreply.github.com> Date: Sun Jun 11 22:31:59 2023 +0100 pythongh-105481: add pseudo-instructions to the bytecodes DSL (python#105506) commit 20a56d8 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 22:18:46 2023 +0200 pythongh-105375: Harden pyexpat initialisation (python#105606) Add proper error handling to add_errors_module() to prevent exceptions from possibly being overwritten. commit 41cddc2 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 22:02:49 2023 +0200 pythongh-105375: Improve error handling in the sys extension module (python#105611) In _PySys_AddXOptionWithError() and sys_add_xoption(), bail on first error to prevent exceptions from possibly being overwritten. commit e8998e4 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 21:46:19 2023 +0200 pythongh-105375: Improve error handling in _ctypes (python#105593) Prevent repeated PyLong_FromVoidPtr() from possibly overwriting the current exception. commit 555be81 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 21:29:19 2023 +0200 pythongh-105375: Improve error handling in PyUnicode_BuildEncodingMap() (python#105491) Bail on first error to prevent exceptions from possibly being overwritten. commit 567d6ae Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 21:23:28 2023 +0200 pythongh-105375: Improve PyErr_WarnExplicit() error handling (python#105610) Bail on first error to prevent exceptions from possibly being overwritten. commit 3f7c081 Author: Samet YASLAN <sametyaslan@gmail.com> Date: Sun Jun 11 20:51:21 2023 +0200 bpo-44185: Added close() to mock_open __exit__ (python#26902) commit 18d16e9 Author: Tomas R <tomas.roun8@gmail.com> Date: Sun Jun 11 17:50:34 2023 +0200 pythongh-102676: Add more convenience properties to `dis.Instruction` (python#103969) Adds start_offset, cache_offset, end_offset, baseopcode, baseopname, jump_target and oparg to dis.Instruction. Also slightly improves the disassembly output by allowing opnames to overflow into the space reserved for opargs. commit 845e593 Author: litlighilit <97860435+litlighilit@users.noreply.github.com> Date: Sun Jun 11 22:06:42 2023 +0800 Fix typo in configparser module docstring (python#105652) "zc.buildbot" -> "zc.buildout" commit d4fa529 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 12:20:43 2023 +0200 pythongh-105375: Improve error handling in the builtins extension module (python#105585) commit c932f72 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 12:06:06 2023 +0200 pythongh-105375: Improve _decimal error handling (python#105605) Fix a bug where an exception could end up being overwritten. commit 16d4968 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 12:03:09 2023 +0200 pythongh-105375: Harden _datetime initialisation (python#105604) Improve error handling so init bails on the first exception. commit 35cff54 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 11:58:08 2023 +0200 pythongh-105375: Improve array.array exception handling (python#105594) Fix a bug where 'tp_richcompare' could end up overwriting an exception. commit 01f4230 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Sun Jun 11 11:56:32 2023 +0200 pythongh-105375: Harden _ssl initialisation (python#105599) Add proper error handling to prevent reference leaks and overwritten exceptions. commit cc87948 Author: Hugo van Kemenade <hugovk@users.noreply.github.com> Date: Sun Jun 11 12:17:35 2023 +0300 pythongh-80480: Emit DeprecationWarning for array's 'u' type code (python#95760) commit 3a314f7 Author: Gregory P. Smith <greg@krypto.org> Date: Sat Jun 10 12:09:20 2023 -0700 pythongh-99108: Mention HACL\* in the hashlib docs. (python#105634) commit 0d1d6ab Author: Gregory P. Smith <greg@krypto.org> Date: Sat Jun 10 11:49:06 2023 -0700 Cleanup and clarify our hashlib docs. (python#105624) Clarify and improve our hashlib docs. Now with 50% less mess! commit d636d7d Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 23:53:33 2023 +0200 pythongh-105375: Harden error handling in `_testcapi/heaptype.c` (python#105608) Bail on first error in heapctypesubclasswithfinalizer_finalize() commit 33c92c4 Author: Nikita Sobolev <mail@sobolevn.me> Date: Sat Jun 10 00:48:54 2023 +0300 pythongh-105375: Improve error handling in `zoneinfo` module (python#105586) Fix bugs where exceptions could end up being overwritten because of deferred error handling. Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com> commit 91441bf Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 23:14:02 2023 +0200 Docs: fix formatting in 2023-06-09-12-59-18 NEWS item (python#105607) commit b047fa5 Author: Pablo Galindo Salgado <Pablogsal@gmail.com> Date: Fri Jun 9 21:39:01 2023 +0100 pythongh-105549: Tokenize separately NUMBER and NAME tokens and allow 0-prefixed literals (python#105555) commit 00b599a Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 22:35:03 2023 +0200 pythongh-105375: Improve error handling in _elementtree (python#105591) Fix bugs where exceptions could end up being overwritten. commit f668f73 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 22:07:47 2023 +0200 pythongh-105375: Improve posix error handling (python#105592) Fix a bug where an IndexError could end up being overwritten. commit eede1d2 Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 21:57:25 2023 +0200 pythongh-105375: Improve errnomodule error handling (python#105590) Bail immediately if an exception is set, to prevent exceptions from being overwritten. commit 89aac6f Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 19:09:53 2023 +0200 pythongh-105375: Improve _pickle error handling (python#105475) Error handling was deferred in some cases, which could potentially lead to exceptions being overwritten. commit 6c832dd Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 18:55:53 2023 +0200 pythongh-105375: Improve error handling in compiler_enter_scope() (python#105494) commit d7f46bc Author: Pablo Galindo Salgado <Pablogsal@gmail.com> Date: Fri Jun 9 17:01:26 2023 +0100 pythongh-105564: Don't include artificial newlines in the line attribute of tokens (python#105565) commit 1dd267a Author: Pablo Galindo Salgado <Pablogsal@gmail.com> Date: Fri Jun 9 16:59:37 2023 +0100 Clarify the supported cases in the tokenize module (python#105569) commit 59f009e Author: Ethan Furman <ethan@stoneleaf.us> Date: Fri Jun 9 08:56:05 2023 -0700 pythongh-105497: [Enum] Fix Flag inversion when alias/mask members exist. (pythonGH-105542) When inverting a Flag member (or boundary STRICT), only consider other canonical flags; when inverting an IntFlag member (or boundary KEEP), also consider aliases. commit 8e75592 Author: Alex Waygood <Alex.Waygood@Gmail.com> Date: Fri Jun 9 16:08:57 2023 +0100 Miscellaneous improvements to the typing docs (python#105529) Mostly, these are changes so that we use shorter sentences and shorter paragraphs. In particular, I've tried to make the first sentence introducing each object in the typing API short and declarative. commit b8fa7bd Author: Erlend E. Aasland <erlend.aasland@protonmail.com> Date: Fri Jun 9 15:36:59 2023 +0200 pythongh-105557: Remove duplicate sqlite3 test method (python#105558) test_func_return_too_large_int() was defined twice. Keep only the redefined method, as that also checks the tracebacks. commit 9bf8d82 Author: Thomas Grainger <tagrain@gmail.com> Date: Fri Jun 9 14:29:09 2023 +0100 pythongh-94924: support `inspect.iscoroutinefunction` in `create_autospec(async_def)` (python#94962) * support inspect.iscoroutinefunction in create_autospec(async_def) * test create_autospec with inspect.iscoroutine and inspect.iscoroutinefunction * test when create_autospec functions check their signature commit 0f885ff Author: Victor Stinner <vstinner@python.org> Date: Fri Jun 9 14:50:31 2023 +0200 pythongh-105407: Remove unused imports (python#105554)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature or enhancement
We propose to replace the non-OpenSSL cryptographic primitives in hashlib with high-assurance, verified versions from the HACL* project.
Pitch
As evidenced by the recent SHA3 buffer overflow, cryptographic primitives are tricky to implement correctly. There might be issues with memory management, exceeding lengths, incorrect buffer management, or worse, incorrect implementations in corner cases.
The HACL* project https://github.com/hacl-star/hacl-star provides verified implementations of cryptographic primitives. These implementations are mathematically shown to be:
See https://hacl-star.github.io/Overview.html#what-is-verified-software for a longer description of how formal methods can help write high-assurance software and rule out entire classes of bugs.
The performance of HACL* is competitive with, and sometimes exceeds, that of OpenSSL. HACL* is distributed as pure C, and therefore is portable. Parts of HACL* have been adopted in Mozilla, Linux, the Tezos blockchain, and many more, thereby demonstrating that formally verified code is ready for production-time.
Previous discussion
Tagging @alex with whom I've informally discussed this.
The text was updated successfully, but these errors were encountered: