Gregory P. Smith

We've simplified our sha3 fallback code when OpenSSL doesn't provide it to be tiny_sha3 in https://github.com/python/cpython/issues/91254. Supporting things outside of the very standardized hashes realm is better left to PyPI...

at first glance this is likely good, i'll need to dive into the case or suite code to understand the postmortem hook stuff better. having some other eyeballs on this...

from the buildbots... tests leak some file descriptors. not too surprising given the bit of code the test pokes into, i'll see what can be done to manage those.

> Did we have any discussion about using boringSSL by vendoring them to the CPython repo? I'm not sure how well that would work out. boringSSL isn't really intended to...

> > it doesn't guarantee a stable AP > > Oh, I thought that we can manage the boringSSL as the vendored library likewise libexpat or mimalloc. We could and...

in 3.8 this was not a valid codec name: "เ_เ_เ_iDnA" in 3.9 it gets treated as idna and triggers the punycode decoder when passed to bytes.decode(codec). Discovered by oss-fuzz. _Likely_...

while figuring this issue out, it may also make sense to address https://github.com/python/cpython/issues/88886 as well.

oss-fuzz issue that discovered this: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44030#c9 (opening to the public next week)

fwiw this sort of thing may be reasonable to backport to 3.9 as it is more than just a performance enhancement but also a resource consumption bug and should result...

I created a new PR and included fixing a similar legacy design issue in `unquote()` as well as the original report's `unquote_to_bytes()`. Some performance microbenchmarks need running before I'll consider...