Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 730B711FD7 for ; Thu, 26 Jun 2014 00:47:26 +0000 (UTC) Received: (qmail 98253 invoked by uid 500); 26 Jun 2014 00:47:26 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 98206 invoked by uid 500); 26 Jun 2014 00:47:26 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 98190 invoked by uid 99); 26 Jun 2014 00:47:26 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Jun 2014 00:47:26 +0000 Date: Thu, 26 Jun 2014 00:47:25 +0000 (UTC) From: "Yi Liu (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10693) Implementation of AES-CTR CryptoCodec using JNI to OpenSSL MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044222#comment-14044222 ] Yi Liu commented on HADOOP-10693: --------------------------------- Thanks [~cmccabe] for the review and good comments. {quote} Are you familiar with {{checknative}}? It prints out a bunch of information about the native libraries which are available. For example, this is what it prints for me: It would be great to include {{openssl.so}} in here as well. {quote} Actually this is already included in the latest patch HADOOP-10693.2.patch. {quote} What's the best way to test this JNI code? Perhaps running {{TestCryptoCodec}} with the correct configuration? Perhaps we ought to have a subclass of {{TestCryptoCodec}} that sets this configuration and then runs the parent class. If we don't have any unit test coverage on Jenkins, then I am afraid this might bitrot. {quote} Actually in the patches, we have test cases {{TestCryptoStreamsWithOpenSSLCipher}} to cover crypto functionality with correct configuration. It includes lots of tests. I will add more test cases for {{OpenSSLAESCTRCryptoCodec}}. {code} public class TestCryptoStreamsWithOpenSSLCipher extends TestCryptoStreams { {code} For other comments, I will update in next patch. > Implementation of AES-CTR CryptoCodec using JNI to OpenSSL > ---------------------------------------------------------- > > Key: HADOOP-10693 > URL: https://issues.apache.org/jira/browse/HADOOP-10693 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) > Reporter: Yi Liu > Assignee: Yi Liu > Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) > > Attachments: HADOOP-10693.1.patch, HADOOP-10693.2.patch, HADOOP-10693.patch > > > In HADOOP-10603, we have an implementation of AES-CTR CryptoCodec using Java JCE provider. > To get high performance, the configured JCE provider should utilize native code and AES-NI, but in JDK6,7 the Java embedded provider doesn't support it. > > Considering not all hadoop user will use the provider like Diceros or able to get signed certificate from oracle to develop a custom provider, so this JIRA will have an implementation of AES-CTR CryptoCodec using JNI to OpenSSL directly. -- This message was sent by Atlassian JIRA (v6.2#6252)