Skip to content

Comments

feat: Indicate that md5 is used as a CRC#1522

Merged
chandra-siri merged 3 commits intogoogleapis:mainfrom
xnox:main
Oct 23, 2025
Merged

feat: Indicate that md5 is used as a CRC#1522
chandra-siri merged 3 commits intogoogleapis:mainfrom
xnox:main

Conversation

@xnox
Copy link
Contributor

@xnox xnox commented Aug 18, 2025

MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with usedforsecurity=False to ensure that Python in FIPS mode can
fetch MD5 implementation for such non cryptographically secure
purpose.

This is no effective change on non-FIPS mode Python installations.

This improves compatibility with most FIPS mode Python installations.

@xnox xnox requested review from a team as code owners August 18, 2025 18:39
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Aug 18, 2025
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Aug 18, 2025
@xnox
Copy link
Contributor Author

xnox commented Aug 30, 2025

@chandra-siri can you please approve this workflows to run?

This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode.

@chandra-siri chandra-siri added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 1, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 1, 2025
chandra-siri
chandra-siri requested changes Sep 1, 2025
View reviewed changes
@chandra-siri
Copy link
Collaborator

chandra-siri commented Sep 1, 2025

@chandra-siri can you please approve this workflows to run?

This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode.

Hi @xnox ,

Sorry for the late response.

I've added a minor comment, also please apply the latest changes to your working branch.

@xnox xnox requested a review from chandra-siri September 1, 2025 11:58
chandra-siri
chandra-siri previously approved these changes Sep 1, 2025
View reviewed changes
@chandra-siri chandra-siri dismissed their stale review September 1, 2025 16:53

Some of system tests are failing, will re-approve once those are fixed

@xnox xnox requested a review from chandra-siri September 5, 2025 14:38
@xnox
Copy link
Contributor Author

xnox commented Sep 5, 2025

@chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now?

@chandra-siri chandra-siri added the kokoro:run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:run Add this label to force Kokoro to re-run the tests. label Sep 9, 2025
@chandra-siri
Copy link
Collaborator

chandra-siri commented Sep 10, 2025

@chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now?

Hi @xnox ,

It's still failing, please see this - https://btx.cloud.google.com/invocations/6f42249a-525b-49ba-bb9b-eab6c1d6301c/targets/cloud-devrel%2Fclient-libraries%2Fpython%2Fgoogleapis%2Fpython-storage%2Fpresubmit%2Fpresubmit;config=default/log#:~:text=E%20%20%20%20%20%20%20%20%20%20%20TypeError%3A%20__call__()%20got%20an%20unexpected%20keyword%20argument%20%27usedforsecurity%27

@xnox
Copy link
Contributor Author

xnox commented Sep 10, 2025

Thank you! Will look into fixing that mock.

@xnox
feat: Indicate that md5 is used as a CRC
93814a9 
MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with `usedforsecurity=False` to ensure that Python in FIPS mode can
fetch MD5 implementation for such non cryptographically secure
purpose.

This is no effective change on non-FIPS mode Python installations.

This improves compatibility with most FIPS mode Python installations.
@xnox
Copy link
Contributor Author

xnox commented Sep 10, 2025 

1909 passed, 26 warnings in 22.95s
nox > Session unit-3.13 was successful.

There are many other warnings about other mocks which print a lot of noise, but hopefully all of these are ok.

The _MD5 mock is now updated and the test pass with at least one python version, I do not have older versions of python readily available to me.

@xnox
Copy link
Contributor Author

xnox commented Oct 3, 2025

@chandra-siri ping, did you have a chance to look at the update code with fixup mock for the tests?

@xnox
Copy link
Contributor Author

xnox commented Oct 21, 2025

@Pulkit0110 @chandra-siri are you able to review please? all previous feedback and testsuite failure have been addressed.

@chandra-siri
Copy link
Collaborator

chandra-siri commented Oct 21, 2025

@Pulkit0110 @chandra-siri are you able to review please? all previous feedback and testsuite failure have been addressed.

Hey @xnox - sorry for the delay. It got skipped !

@xnox
Copy link
Contributor Author

xnox commented Oct 21, 2025

No worries, there were lots of holidays and events in the mean time.

@xnox
Copy link
Contributor Author

xnox commented Oct 21, 2025

Does this PR need a label kokoro:run for CI to trigger? sort of expected it to report by now.

@Pulkit0110 Pulkit0110 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 22, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 22, 2025
@xnox
Copy link
Contributor Author

xnox commented Oct 22, 2025

CI looks green! Just need a second reviewer now.

@xnox
Copy link
Contributor Author

xnox commented Oct 22, 2025

kokoro:force-run label needed again?

@chandra-siri chandra-siri added the owlbot:run Add this label to trigger the Owlbot post processor. label Oct 22, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Oct 22, 2025
@chandra-siri chandra-siri added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 22, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 22, 2025
@chandra-siri chandra-siri merged commit 961536c into googleapis:main Oct 23, 2025
15 checks passed
@release-please release-please bot mentioned this pull request Oct 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chandra-siri chandra-siri chandra-siri approved these changes

@Pulkit0110 Pulkit0110 Pulkit0110 approved these changes

Assignees

@chandra-siri chandra-siri

Labels

api: storage Issues related to the googleapis/python-storage API. size: xs Pull request size is extra small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@xnox @chandra-siri @Pulkit0110 @yoshi-kokoro