accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ctubbsii commented on a change in pull request #322: ACCUMULO-4740 Enable GCM mode for crypto
Date Thu, 01 Jan 1970 00:00:00 GMT
ctubbsii commented on a change in pull request #322: ACCUMULO-4740 Enable GCM mode for crypto
URL: https://github.com/apache/accumulo/pull/322#discussion_r151210587
 
 

 ##########
 File path: core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BCFile.java
 ##########
 @@ -160,9 +160,12 @@ public WBlockState(Algorithm compressionAlgo, PositionedDataOutputStream
fsOut,
         // *This* is also very important. We don't want the underlying stream messed with.
         cryptoParams.setRecordParametersToStream(false);
 
-        // It is also important to make sure we get a new initialization vector on every
call in here,
-        // so set any existing one to null, in case we're reusing a parameters object for
its RNG or other bits
-        cryptoParams.setInitializationVector(null);
+        // It is also important to make sure we get a new initialization vector on every
call in here.
+        // This was originally done by setting any existing one to null, in case we were
reusing a parameters object.
+        // We are also now keeping track of the IV across the use of a specific file key,
because if the encryption
+        // mode is GCM, it's important to guarantee unique IVs. The updateInitializationVector
will increment the vector if it
+        // already exists for GCM, or it will set the IV to null in other cases.
+        cryptoParams.updateInitializationVector();
 
 Review comment:
   The embedded comments probably do not need to explain the previous behavior which no longer
applies. They can be simplified to explain the current requirements and behavior.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message