Skip to content

feat: Indicate that md5 is used as a CRC #1522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Indicate that md5 is used as a CRC #1522

wants to merge 1 commit into from
+6 −2

Conversation

xnox
Copy link

@xnox xnox commented Aug 18, 2025

MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with usedforsecurity=False to ensure that Python in FIPS mode can
fetch MD5 implementation for such non cryptographically secure
purpose.

This is no effective change on non-FIPS mode Python installations.

This improves compatibility with most FIPS mode Python installations.

@xnox xnox requested review from a team as code owners August 18, 2025 18:39
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Aug 18, 2025
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Aug 18, 2025
@xnox
Copy link
Author

xnox commented Aug 30, 2025

@chandra-siri can you please approve this workflows to run?

This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode.

@chandra-siri chandra-siri added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 1, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 1, 2025
chandra-siri
chandra-siri requested changes Sep 1, 2025
View reviewed changes
@chandra-siri
Copy link
Contributor

@chandra-siri can you please approve this workflows to run?

This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode.

Hi @xnox ,

Sorry for the late response.

I've added a minor comment, also please apply the latest changes to your working branch.

@xnox xnox requested a review from chandra-siri September 1, 2025 11:58
chandra-siri
chandra-siri previously approved these changes Sep 1, 2025
View reviewed changes
@chandra-siri chandra-siri dismissed their stale review September 1, 2025 16:53

Some of system tests are failing, will re-approve once those are fixed

@xnox xnox requested a review from chandra-siri September 5, 2025 14:38
@xnox
Copy link
Author

xnox commented Sep 5, 2025

@chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now?

@chandra-siri chandra-siri added the kokoro:run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025
@chandra-siri
Copy link
Contributor

@chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now?

Hi @xnox ,

It's still failing, please see this - https://btx.cloud.google.com/invocations/6f42249a-525b-49ba-bb9b-eab6c1d6301c/targets/cloud-devrel%2Fclient-libraries%2Fpython%2Fgoogleapis%2Fpython-storage%2Fpresubmit%2Fpresubmit;config=default/log#:~:text=E%20%20%20%20%20%20%20%20%20%20%20TypeError%3A%20__call__()%20got%20an%20unexpected%20keyword%20argument%20%27usedforsecurity%27

@xnox
Copy link
Author

xnox commented Sep 10, 2025

Thank you! Will look into fixing that mock.

@xnox
feat: Indicate that md5 is used as a CRC
93814a9 
MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with `usedforsecurity=False` to ensure that Python in FIPS mode can
fetch MD5 implementation for such non cryptographically secure
purpose.

This is no effective change on non-FIPS mode Python installations.

This improves compatibility with most FIPS mode Python installations.
@xnox
Copy link
Author

xnox commented Sep 10, 2025 

1909 passed, 26 warnings in 22.95s
nox > Session unit-3.13 was successful.

There are many other warnings about other mocks which print a lot of noise, but hopefully all of these are ok.

The _MD5 mock is now updated and the test pass with at least one python version, I do not have older versions of python readily available to me.

@xnox
Copy link
Author

xnox commented Oct 3, 2025

@chandra-siri ping, did you have a chance to look at the update code with fixup mock for the tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chandra-siri chandra-siri Awaiting requested review from chandra-siri

At least 1 approving review is required to merge this pull request.

Assignees

@chandra-siri chandra-siri

Labels
api: storage Issues related to the googleapis/python-storage API. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xnox @chandra-siri @yoshi-kokoro