[issue47095] Deprecate blake2's tree hashing feature

2022-03-22 Thread Christian Heimes 


Change by Christian Heimes :


--
keywords: +patch
pull_requests: +30153
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/32059

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47095] Deprecate blake2's tree hashing feature

2022-03-22 Thread Gregory P. Smith 


Gregory P. Smith  added the comment:

In the short term we should prefer libb2 linkage when available.

As for deprecation, it'd be useful to research how often the options going away 
are used in code in PyPI packages and in Github repos to understand the 
deprecation impact.

The PyPI landscape for blake2 modules is not great because we've had it in 
hashlib for a while. One of those, or a new one, would need to be created by 
someone who needs the non openssl features.

ultimate goal: simplify what's in Modules/_blake2/impl/ if it cannot be 
removed. Use an external library for the implementation when possible (and in 
all our binary releases. Those are better maintained to take advantage of 
performance or hw features over time.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47095] Deprecate blake2's tree hashing feature

2022-03-22 Thread Christian Heimes 


New submission from Christian Heimes :

Python's blake2 implementation provides hashing, MAC (key, salt, 
personalization), variable length output, and tree hashing [1]. All features 
except for tree hashing are provided by OpenSSL 3.0.0 and newer [2]. It is 
unlikely that OpenSSL will get tree hashing any time soon, if all. [3]

I would like to remove our vendored copy of blake2 eventually and just rely on 
OpenSSL. Therefore I propose to deprecate tree hashing feature so we can drop 
it in Python 3.13. The tree hashing parameters are: fanout, depth, leaf_size, 
node_offset, node_depth, inner_size, last_node

Note: OpenSSL 3.0 might impose additional restrictions on the parameter. It 
might be possible that OpenSSL does not support salt and personalization 
(OSSL_MAC_PARAM_CUSTOM) without a MAC key.

Alternatively we could replace our copy of blake2 and depend on libb2 from 
https://blake2.net/. libb2 is available in Fedora.

[1] https://docs.python.org/3/library/hashlib.html#hashlib.blake2b
[2] https://www.openssl.org/docs/manmaster/man7/EVP_MAC-BLAKE2.html
[3] https://github.com/openssl/openssl/issues/980

--
components: Extension Modules
messages: 415807
nosy: christian.heimes, gregory.p.smith
priority: normal
severity: normal
status: open
title: Deprecate blake2's tree hashing feature
type: behavior
versions: Python 3.11

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com