feat: Indicate that md5 is used as a CRC#1522
Conversation
product-auto-label
bot
added
the
api: storage
|
@chandra-siri can you please approve this workflows to run? This is currently blocking multiple deployments to access GCP storage when using Python in FIPS mode. |
chandra-siri
added
the
kokoro:force-run
yoshi-kokoro
removed
the
kokoro:force-run
Hi @xnox , Sorry for the late response. I've added a minor comment, also please apply the latest changes to your working branch. |
chandra-siri
dismissed
their stale review
Some of system tests are failing, will re-approve once those are fixed
|
@chandra-siri I see that most checks are now passing on the mainline. I have rebased this PR. Would it manage to pass presubmit CI now? |
chandra-siri
added
the
kokoro:run
yoshi-kokoro
removed
the
kokoro:run
Hi @xnox , It's still failing, please see this - https://btx.cloud.google.com/invocations/6f42249a-525b-49ba-bb9b-eab6c1d6301c/targets/cloud-devrel%2Fclient-libraries%2Fpython%2Fgoogleapis%2Fpython-storage%2Fpresubmit%2Fpresubmit;config=default/log#:~:text=E%20%20%20%20%20%20%20%20%20%20%20TypeError%3A%20__call__()%20got%20an%20unexpected%20keyword%20argument%20%27usedforsecurity%27 |
|
Thank you! Will look into fixing that mock. |
MD5 in storage helpers is used as a CRC function for non-cryptographically secure purposes. Ensure that md5 is initiated with `usedforsecurity=False` to ensure that Python in FIPS mode can fetch MD5 implementation for such non cryptographically secure purpose. This is no effective change on non-FIPS mode Python installations. This improves compatibility with most FIPS mode Python installations.
There are many other warnings about other mocks which print a lot of noise, but hopefully all of these are ok. The _MD5 mock is now updated and the test pass with at least one python version, I do not have older versions of python readily available to me. |
|
@chandra-siri ping, did you have a chance to look at the update code with fixup mock for the tests? |
|
@Pulkit0110 @chandra-siri are you able to review please? all previous feedback and testsuite failure have been addressed. |
Hey @xnox - sorry for the delay. It got skipped ! |
|
No worries, there were lots of holidays and events in the mean time. |
|
Does this PR need a label kokoro:run for CI to trigger? sort of expected it to report by now. |
Pulkit0110
added
the
kokoro:force-run
yoshi-kokoro
removed
the
kokoro:force-run
|
CI looks green! Just need a second reviewer now. |
|
kokoro:force-run label needed again? |
chandra-siri
added
the
owlbot:run
gcf-owl-bot
bot
removed
the
owlbot:run
chandra-siri
added
the
kokoro:force-run
yoshi-kokoro
removed
the
kokoro:force-run
4 participants
MD5 in storage helpers is used as a CRC function for
non-cryptographically secure purposes. Ensure that md5 is initiated
with
usedforsecurity=Falseto ensure that Python in FIPS mode canfetch MD5 implementation for such non cryptographically secure
purpose.
This is no effective change on non-FIPS mode Python installations.
This improves compatibility with most FIPS mode Python installations.