<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I agree! Silently changing semantics under one’s feet may be bad, but one needn’t remove the function itself. That’s just work for library maintainers!<div class=""><br class=""></div><div class="">Cheers,</div><div class="">Vanessa McHale<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Aug 9, 2020, at 10:43 PM, Carter Schonwald <<a href="mailto:carter.schonwald@gmail.com" class="">carter.schonwald@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><div dir="auto" class="">The real issue here isn’t fromintrgral, but that everything defaults to wrapping semantics </div></div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">Adding variants that do signaling/exceptions and clipping Variants Of finite word/Int data types rather than just wrapping is the right path forward. </div><div dir="auto" class=""><br class=""></div><div dir="auto" class=""><br class=""></div><div class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 8, 2020 at 2:20 AM Herbert Valerio Riedel <<a href="mailto:hvriedel@gmail.com" class="">hvriedel@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Btw, subtle correctness issues hiding throughout the vast monolithic<br class="">
codebase like these were part of the reason (other reasons are<br class="">
explained in <a href="https://old.reddit.com/r/haskell/comments/5lxv75/psa_please_use_unique_module_names_when_uploading/dbzegx3/" rel="noreferrer" target="_blank" class="">https://old.reddit.com/r/haskell/comments/5lxv75/psa_please_use_unique_module_names_when_uploading/dbzegx3/</a>)<br class="">
why cryptohash/cryptonite/foundation has been banned from our<br class="">
codebases not the least because it's hopeless to get something like<br class="">
cryptonite through formal certification for security critical<br class="">
applications. At the time the author made it clear he didn't welcome<br class="">
my bug reports (later I learned the author was merely peculiar as to<br class="">
what they consider an actual bug worth reporting). And whenever I<br class="">
mentioned this in the past on reddit as a PSA, I got defensive<br class="">
reactions and disbelief from certain people who were already invested<br class="">
in the cryptonite ecosystem and I was accused of spreading unfounded<br class="">
FUD... and so I stopped bringing up this kind of "heresy" publicly.<br class="">
<br class="">
However, as you can see in<br class="">
<br class="">
<a href="https://hackage.haskell.org/package/cryptohash-sha256/changelog" rel="noreferrer" target="_blank" class="">https://hackage.haskell.org/package/cryptohash-sha256/changelog</a><br class="">
<br class="">
this particular 32-bit overflow issue was one of the critical bugfixes<br class="">
I ran into and repaired in the very first release right after the<br class="">
initial-fork-release back in 2016. It's astonishing it took over 4<br class="">
years for this bug to keep lingering in cryptonite/cryptohash before<br class="">
it was detected. You'd expect this to have been detected in code<br class="">
audits performed by Haskell companies that actively promote the use of<br class="">
cryptonite early on.<br class="">
<br class="">
On Sat, Aug 8, 2020 at 5:09 AM Niklas Hambüchen via Libraries<br class="">
<<a href="mailto:libraries@haskell.org" target="_blank" class="">libraries@haskell.org</a>> wrote:<br class="">
><br class="">
> Today I found another big bug caused by `fromIntegral`:<br class="">
><br class="">
> <a href="https://github.com/haskell-crypto/cryptonite/issues/330" rel="noreferrer" target="_blank" class="">https://github.com/haskell-crypto/cryptonite/issues/330</a><br class="">
><br class="">
> Incorrect hashes for all hash algorithms beyond 4 GiB of input. SHA hash collisions in my productions system.<br class="">
><br class="">
> Restating what I said there:<br class="">
><br class="">
> * Until we deprecate fromIntegral, Haskell code will always be subtly wrong and never be secure.<br class="">
> * If we don't fix this, people will shy away from using Haskell for serious work (or learn it the hard way). Rust and C both do this better.<br class="">
> * If the authors of key crypto libraries fall for these traps (no blame on them), who can get it right? We should remove the traps.<br class="">
><br class="">
> The wrong code,<br class="">
><br class="">
> hashInternalUpdate ctx d (fromIntegral $ B.length b)<br class="">
><br class="">
> exists because it simply does not look like wrong code. In contrast,<br class="">
><br class="">
> hashInternalUpdate ctx d (fromIntegralWrapping $ B.length b)<br class="">
><br class="">
> does look like wrong code and would make anyone scrolling by suspicious.<br class="">
><br class="">
> We can look away while continuing to claim that Haskell is a high-correctness language, or fix stuff like this and make it one.<br class="">
> _______________________________________________<br class="">
> Libraries mailing list<br class="">
> <a href="mailto:Libraries@haskell.org" target="_blank" class="">Libraries@haskell.org</a><br class="">
> <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer" target="_blank" class="">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br class="">
_______________________________________________<br class="">
Libraries mailing list<br class="">
<a href="mailto:Libraries@haskell.org" target="_blank" class="">Libraries@haskell.org</a><br class="">
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer" target="_blank" class="">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br class="">
</blockquote></div></div>
_______________________________________________<br class="">Libraries mailing list<br class=""><a href="mailto:Libraries@haskell.org" class="">Libraries@haskell.org</a><br class="">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries<br class=""></div></blockquote></div><br class=""></div></body></html>