René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Replace built-in hashlib with verified implementations from HACL*","articleBody":"# Feature or enhancement\r\n\r\nWe propose to replace the non-OpenSSL cryptographic primitives in hashlib with high-assurance, verified versions from the HACL* project. \r\n\r\n# Pitch\r\n\r\nAs evidenced by the recent SHA3 buffer overflow, cryptographic primitives are tricky to implement correctly. There might be issues with memory management, exceeding lengths, incorrect buffer management, or worse, incorrect implementations in corner cases.\r\n\r\nThe HACL* project \u003chttps://github.com/hacl-star/hacl-star\u003e provides _verified_ implementations of cryptographic primitives. These implementations are mathematically shown to be:\r\n- memory safe (no buffer overflows, no use-after-free)\r\n- functionally correct (they always compute the right result)\r\n- side-channel resistant (the most egregious variants of side-channels, such as memory and timing leaks, are ruled out by construction).\r\n\r\nSee https://hacl-star.github.io/Overview.html#what-is-verified-software for a longer description of how formal methods can help write high-assurance software and rule out entire classes of bugs.\r\n\r\nThe performance of HACL* is competitive with, and sometimes exceeds, that of OpenSSL. HACL* is distributed as pure C, and therefore is portable. Parts of HACL* have been adopted in Mozilla, Linux, the Tezos blockchain, and many more, thereby demonstrating that formally verified code is ready for production-time.\r\n\r\n# Previous discussion\r\n\r\nTagging @alex with whom I've informally discussed this.\n\n\u003c!-- gh-pr-number: gh-99109 --\u003e\n* PR: gh-99109\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-101707 --\u003e\n* PR: gh-101707\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-101917 --\u003e\n* PR: gh-101917\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-101924 --\u003e\n* PR: gh-101924\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-102089 --\u003e\n* PR: gh-102089\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-102183 --\u003e\n* PR: gh-102183\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-102308 --\u003e\n* PR: gh-102308\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-103597 --\u003e\n* PR: gh-103597\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104293 --\u003e\n* PR: gh-104293\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104401 --\u003e\n* PR: gh-104401\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104675 --\u003e\n* PR: gh-104675\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104776 --\u003e\n* PR: gh-104776\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104808 --\u003e\n* PR: gh-104808\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-104893 --\u003e\n* PR: gh-104893\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-105634 --\u003e\n* PR: gh-105634\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-105635 --\u003e\n* PR: gh-105635\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-117237 --\u003e\n* PR: gh-117237\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-117243 --\u003e\n* PR: gh-117243\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-117295 --\u003e\n* PR: gh-117295\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-117302 --\u003e\n* PR: gh-117302\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-119316 --\u003e\n* PR: gh-119316\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-123027 --\u003e\n* PR: gh-123027\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-123146 --\u003e\n* PR: gh-123146\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-124304 --\u003e\n* PR: gh-124304\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-125244 --\u003e\n* PR: gh-125244\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-126270 --\u003e\n* PR: gh-126270\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-126359 --\u003e\n* PR: gh-126359\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-130157 --\u003e\n* PR: gh-130157\n\u003c!-- /gh-pr-number --\u003e\n\n\n\u003c!-- gh-pr-number: gh-132120 --\u003e\n* PR: gh-132120\n\u003c!-- /gh-pr-number --\u003e\n","author":{"url":"https://github.com/msprotz","@type":"Person","name":"msprotz"},"datePublished":"2022-11-04T21:43:46.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":36},"url":"https://github.com/99108/cpython/issues/99108"}