hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10693) Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
Date Thu, 03 Jul 2014 20:32:35 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14051886#comment-14051886
] 

Colin Patrick McCabe commented on HADOOP-10693:
-----------------------------------------------

{code}
+static int loadAesCtr(JNIEnv *env)
+{
+#ifdef UNIX
+  dlerror(); // Clear any existing error
+  dlsym_EVP_aes_256_ctr = dlsym(openssl, "EVP_aes_256_ctr");
+  dlsym_EVP_aes_128_ctr = dlsym(openssl, "EVP_aes_128_ctr");
+  if (dlerror() != NULL) {
+    return -1;
+  }
+#endif
+
+#ifdef WINDOWS
+  dlsym_EVP_aes_256_ctr = (__dlsym_EVP_aes_256_ctr) GetProcAddress(openssl,  \
+      "EVP_aes_256_ctr");
+  dlsym_EVP_aes_128_ctr = (__dlsym_EVP_aes_128_ctr) GetProcAddress(openssl,  \
+      "EVP_aes_128_ctr");
+  if (dlsym_EVP_aes_256_ctr == NULL || dlsym_EVP_aes_128_ctr == NULL) {
+    return -1;
+  }
+#endif
+  
+  return 0;
+}
{code}

If the first call to dlsym fails, the second call will clear the dlerror state.  So this isn't
quite going to work, I think.
I think it would be easier to just use the LOAD_DYNAMIC_SYMBOL macro, and then check for the
exception afterwards.  You'd need something like this:

{code}
void loadAes(void)
{
    LOAD_DYNAMIC_SYMBOL(1...)
    LOAD_DYNAMIC_SYMBOL(2...)
}

JNIEXPORT void JNICALL Java_org_apache_hadoop_crypto_OpensslCipher_initIDs
    (JNIEnv *env, jclass clazz)
{
    loadAes();
    jthrowable jthr = (*env)->ExceptionOccurred();
    if (jthr) {
        (*env)->DeleteLocalRef(env, jthr);
        THROW(...)
        return;
    }
    ...
}
{code}

Or something like that.  +1 once this is addressed

> Implementation of AES-CTR CryptoCodec using JNI to OpenSSL
> ----------------------------------------------------------
>
>                 Key: HADOOP-10693
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10693
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10693.1.patch, HADOOP-10693.2.patch, HADOOP-10693.3.patch,
HADOOP-10693.4.patch, HADOOP-10693.5.patch, HADOOP-10693.6.patch, HADOOP-10693.7.patch, HADOOP-10693.patch
>
>
> In HADOOP-10603, we have an implementation of AES-CTR CryptoCodec using Java JCE provider.

> To get high performance, the configured JCE provider should utilize native code and AES-NI,
but in JDK6,7 the Java embedded provider doesn't support it.
>  
> Considering not all hadoop user will use the provider like Diceros or able to get signed
certificate from oracle to develop a custom provider, so this JIRA will have an implementation
of AES-CTR CryptoCodec using JNI to OpenSSL directly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message