sha3: Replace Keccak Code Package with tiny_sha3

[tiran]

BPO	47098
Nosy	@gpshead, @tiran, @illia-v
PRs	bpo-47098: Replace Keccak Code Package with tiny_sha3 (GH-32060) #32060 bpo-43669: Drop the internal _sha3 module per PEP 644 #28768 bpo-43279: Update code taken from Keccak Code Package #24601

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = <Date 2022-03-28.06:18:53.615>
created_at = <Date 2022-03-23.09:06:21.997>
labels = ['extension-modules', 'type-feature', '3.11']
title = 'sha3: Replace Keccak Code Package with tiny_sha3'
updated_at = <Date 2022-03-28.06:18:53.615>
user = 'https://github.com/tiran'

bugs.python.org fields:

activity = <Date 2022-03-28.06:18:53.615>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2022-03-28.06:18:53.615>
closer = 'christian.heimes'
components = ['Extension Modules']
creation = <Date 2022-03-23.09:06:21.997>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 47098
keywords = ['patch']
message_count = 2.0
messages = ['415861', '416089']
nosy_count = 3.0
nosy_names = ['gregory.p.smith', 'christian.heimes', 'illia-v']
pr_nums = ['32060', '28768', '24601']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue47098'
versions = ['Python 3.11']

[tiran]

The Keccak Code Package (kcp) provides the reference implementation for SHA3 and SHAKE hashing algorithms. CPython has vendored a copy of KCP since I added SHA3 in 3.6.

CPython 3.10 and newer require OpenSSL >= 1.1.1, which provide an optimized implementation of SHA3 and SHAKE on all platforms. The vast majority of users now use SHA3 from OpenSSL instead our _sha3 module with KCP. Both the KCP and _sha3 module are large. The KCP has 230kB of code. The _sha3 shared library is 390kB on Linux X86_64, stripped 90kB.

I would like to reduce the size of our bundled code. Since SHA3 and SHAKE are listed in hashlib.algorithms_guaranteed and OpenSSL is optional, we cannot just drop the _sha3 module. Instead I propose to replace the implementation with tiny_sha3 https://github.com/mjosaarinen/tiny_sha3 . The tiny implementation is 13 kB of code. The resulting _sha3 shared library is 69 kB (stripped 25 kB).

A Python build without OpenSSL bindings will have a working but slower SHA3 implementation.

[tiran]

New changeset 5fd8c57 by Christian Heimes in branch 'main':
bpo-47098: Replace Keccak Code Package with tiny_sha3 (GH-32060)
5fd8c57