feat: Indicate that md5 is used as a CRC #1522
Conversation
product-auto-label bot added the api: storage 
| @chandra-siri can you please approve this workflows to run? This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode. |
chandra-siri added the kokoro:force-run 
yoshi-kokoro removed the kokoro:force-run 
Hi @xnox , Sorry for the late response. I've added a minor comment, also please apply the latest changes to your working branch. |
chandra-siri dismissed their stale review Some of system tests are failing, will re-approve once those are fixed
| @chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now? |
chandra-siri added the kokoro:run yoshi-kokoro removed the kokoro:run
Hi @xnox , It's still failing, please see this - https://btx.cloud.google.com/invocations/6f42249a-525b-49ba-bb9b-eab6c1d6301c/targets/cloud-devrel%2Fclient-libraries%2Fpython%2Fgoogleapis%2Fpython-storage%2Fpresubmit%2Fpresubmit;config=default/log#:~:text=E%20%20%20%20%20%20%20%20%20%20%20TypeError%3A%20__call__()%20got%20an%20unexpected%20keyword%20argument%20%27usedforsecurity%27 |
| Thank you! Will look into fixing that mock. |
MD5 in storage helpers is used as a CRC function for non-cryptographically secure purposes. Ensure that md5 is initiated with `usedforsecurity=False` to ensure that Python in FIPS mode can fetch MD5 implementation for such non cryptographically secure purpose. This is no effective change on non-FIPS mode Python installations. This improves compatibility with most FIPS mode Python installations.
There are many other warnings about other mocks which print a lot of noise, but hopefully all of these are ok. The _MD5 mock is now updated and the test pass with at least one python version, I do not have older versions of python readily available to me. |
| @chandra-siri ping, did you have a chance to look at the update code with fixup mock for the tests? |
| @Pulkit0110 @chandra-siri are you able to review please? all previous feedback and testsuite failure have been addressed. |
Hey @xnox - sorry for the delay. It got skipped ! |
| No worries, there were lots of holidays and events in the mean time. |
| Does this PR need a label kokoro:run for CI to trigger? sort of expected it to report by now. |
Pulkit0110 added the kokoro:force-run yoshi-kokoro removed the kokoro:force-run | CI looks green! Just need a second reviewer now. |
| kokoro:force-run label needed again? |
chandra-siri added the owlbot:run 
gcf-owl-bot bot removed the owlbot:run chandra-siri added the kokoro:force-run yoshi-kokoro removed the kokoro:force-run 
4 participants
MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with
usedforsecurity=Falseto ensure that Python in FIPS mode canfetch MD5 implementation for such non cryptographically secure
purpose.
This is no effective change on non-FIPS mode Python installations.
This improves compatibility with most FIPS mode Python installations.