hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10693) Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
Date Thu, 26 Jun 2014 00:47:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044222#comment-14044222

Yi Liu commented on HADOOP-10693:

Thanks [~cmccabe] for the review and good comments.
Are you familiar with {{checknative}}? It prints out a bunch of information about the native
libraries which are available. For example, this is what it prints for me:
It would be great to include {{openssl.so}} in here as well.
Actually this is already included in the latest patch HADOOP-10693.2.patch. 

What's the best way to test this JNI code? Perhaps running {{TestCryptoCodec}} with the correct
configuration? Perhaps we ought to have a subclass of {{TestCryptoCodec}} that sets this configuration
and then runs the parent class. If we don't have any unit test coverage on Jenkins, then I
am afraid this might bitrot.
Actually in the patches, we have test cases {{TestCryptoStreamsWithOpenSSLCipher}} to cover
crypto functionality with correct configuration. It includes lots of tests.  I will add more
test cases for {{OpenSSLAESCTRCryptoCodec}}.
public class TestCryptoStreamsWithOpenSSLCipher extends TestCryptoStreams {

For other comments, I will update in next patch.

> Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
> ----------------------------------------------------------
>                 Key: HADOOP-10693
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10693
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>         Attachments: HADOOP-10693.1.patch, HADOOP-10693.2.patch, HADOOP-10693.patch
> In HADOOP-10603, we have an implementation of AES-CTR CryptoCodec using Java JCE provider.

> To get high performance, the configured JCE provider should utilize native code and AES-NI,
but in JDK6,7 the Java embedded provider doesn't support it.
> Considering not all hadoop user will use the provider like Diceros or able to get signed
certificate from oracle to develop a custom provider, so this JIRA will have an implementation
of AES-CTR CryptoCodec using JNI to OpenSSL directly.

This message was sent by Atlassian JIRA

View raw message