hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10735) Fall back AesCtrCryptoCodec implementation from OpenSSL to JCE if non native support.
Date Wed, 09 Jul 2014 12:55:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14056191#comment-14056191
] 

Yi Liu commented on HADOOP-10735:
---------------------------------

Thanks [~umamaheswararao] for review.

{quote}
Want to understand why fallback suite cannot have different cipherSuite?
{quote}
This statement makes sure {{algorithm/mode/padding}} of default and fallback crypto codes
are the same, then using Openssl and JCE will get same encryption/decryption result. In cluster
environment, some nodes may choose default crypto code and other nodes may choose fallback
one. if default and fallback crypto codes have different {{algorithm/mode/padding}}, this
may cause decryption failed.

{quote}
Please include invalid configuration item also in log
{quote}
OK, will update it.


> Fall back AesCtrCryptoCodec implementation from OpenSSL to JCE if non native support.
> -------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10735
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10735
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10735.001.patch
>
>
> If there is no native support or OpenSSL version is too low not supporting AES-CTR, but
{{OpensslAesCtrCryptoCodec}} is configured, we need to fall back it to JCE implementation.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message