[New-bugs-announce] [issue47095] Deprecate blake2's tree hashing feature

Christian Heimes report at bugs.python.org
Tue Mar 22 15:51:17 EDT 2022

New submission from Christian Heimes <lists at cheimes.de>:

Python's blake2 implementation provides hashing, MAC (key, salt, personalization), variable length output, and tree hashing [1]. All features except for tree hashing are provided by OpenSSL 3.0.0 and newer [2]. It is unlikely that OpenSSL will get tree hashing any time soon, if all. [3]

I would like to remove our vendored copy of blake2 eventually and just rely on OpenSSL. Therefore I propose to deprecate tree hashing feature so we can drop it in Python 3.13. The tree hashing parameters are: fanout, depth, leaf_size, node_offset, node_depth, inner_size, last_node

Note: OpenSSL 3.0 might impose additional restrictions on the parameter. It might be possible that OpenSSL does not support salt and personalization (OSSL_MAC_PARAM_CUSTOM) without a MAC key.

Alternatively we could replace our copy of blake2 and depend on libb2 from https://blake2.net/. libb2 is available in Fedora.

[1] https://docs.python.org/3/library/hashlib.html#hashlib.blake2b
[2] https://www.openssl.org/docs/manmaster/man7/EVP_MAC-BLAKE2.html
[3] https://github.com/openssl/openssl/issues/980

components: Extension Modules
messages: 415807
nosy: christian.heimes, gregory.p.smith
priority: normal
severity: normal
status: open
title: Deprecate blake2's tree hashing feature
type: behavior
versions: Python 3.11

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list