hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10693) Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
Date Tue, 24 Jun 2014 22:28:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042784#comment-14042784
] 

Alejandro Abdelnur commented on HADOOP-10693:
---------------------------------------------

[~hitliuyi], a couple of comments on the Java side of things:

In the OpenSSLAESCTRCryptoCodec#process(), shouldn't we check as precondition that the byte
buffers are direct byte buffers (to avoid obscure error messages coming back from JNI/OpenSSL)?

Are you planning to fallback to Java impl if JNI/OpenSSL is not avail? If so, it should be
possible to disable the fallback via configuration to avoid accidental fallback because of
misconfiguration and user not noticing that. Else a BIG warning in the logs that the fallback
is happening.


> Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
> ----------------------------------------------------------
>
>                 Key: HADOOP-10693
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10693
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10693.1.patch, HADOOP-10693.patch
>
>
> In HADOOP-10603, we have an implementation of AES-CTR CryptoCodec using Java JCE provider.

> To get high performance, the configured JCE provider should utilize native code and AES-NI,
but in JDK6,7 the Java embedded provider doesn't support it.
>  
> Considering not all hadoop user will use the provider like Diceros or able to get signed
certificate from oracle to develop a custom provider, so this JIRA will have an implementation
of AES-CTR CryptoCodec using JNI to OpenSSL directly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message