mirror of
https://github.com/python/cpython.git
synced 2024-12-12 03:04:15 +08:00
15665d896b
Replaces our built-in SHA3 implementation with a verified one from the HACL* project. This implementation is used when OpenSSL does not provide SHA3 or is not present. 3.11 shiped with a very slow tiny sha3 implementation to get off of the <=3.10 reference implementation that wound up having serious bugs. This brings us back to a reasonably performing built-in implementation consistent with what we've just replaced our other guaranteed available standard hash algorithms with: code from the HACL* project. --------- Co-authored-by: Gregory P. Smith <greg@krypto.org> |
||
---|---|---|
.. | ||
include/krml | ||
internal | ||
Hacl_Hash_MD5.c | ||
Hacl_Hash_MD5.h | ||
Hacl_Hash_SHA1.c | ||
Hacl_Hash_SHA1.h | ||
Hacl_Hash_SHA3.c | ||
Hacl_Hash_SHA3.h | ||
Hacl_Streaming_SHA2.c | ||
Hacl_Streaming_SHA2.h | ||
Hacl_Streaming_Types.h | ||
python_hacl_namespaces.h | ||
README.md | ||
refresh.sh |
Algorithm implementations used by the hashlib
module.
This code comes from the HACL* project.
HACL* is a cryptographic library that has been formally verified for memory safety, functional correctness, and secret independence.
Updating HACL*
Use the refresh.sh
script in this directory to pull in a new upstream code
version. The upstream git hash used for the most recent code pull is recorded
in the script. Modify the script as needed to bring in more if changes are
needed based on upstream code refactoring.
Never manually edit HACL* files. Always add transformation shell code to the
refresh.sh
script to perform any necessary edits. If there are serious code
changes needed, work with the upstream repository.
Local files
./include/python_hacl_namespaces.h
./README.md
./refresh.sh
ACKS
- Jonathan Protzenko aka @msprotz on Github contributed our HACL* based builtin code.