hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
Date Thu, 01 Apr 2021 03:23:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-17609?focusedWorklogId=575287&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-575287
]

ASF GitHub Bot logged work on HADOOP-17609:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 01/Apr/21 03:22
            Start Date: 01/Apr/21 03:22
    Worklog Time Spent: 10m 
      Work Description: iwasakims edited a comment on pull request #2847:
URL: https://github.com/apache/hadoop/pull/2847#issuecomment-811597921


   I manually tested the fix on CentOS 8 with bcprov-ext-jdk15on-168.jar set up based on [the
comment of HDFS-15098](https://issues.apache.org/jira/browse/HDFS-15098?focusedCommentId=17112893&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17112893).
OpensslCipher is available but SM4 is not suppored. `hadoop key create key1 -cipher 'SM4/CTR/NoPadding'`
worked (by falling back from OpensslSm4CtrCryptoCodec to JceSm4CtrCryptoCodec).
   
   ```
   $ grep Bouncy /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security
   security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
   
   $ bin/hadoop checknative 2>/dev/null
   Native library checking:
   hadoop:  true /home/centos/dist/hadoop-3.4.0-SNAPSHOT-HADOOP-17609/lib/native/libhadoop.so.1.0.0
   zlib:    true /lib64/libz.so.1
   zstd  :  true /lib64/libzstd.so.1
   bzip2:   true /lib64/libbz2.so.1
   openssl: true /lib64/libcrypto.so
   ISA-L:   true /lib64/libisal.so.2
   PMDK:    false The native code was built without PMDK support.
   
   $ bin/hadoop --daemon start kms
   $ bin/hadoop key create key1 -cipher 'SM4/CTR/NoPadding'
   2021-04-01 02:38:10,276 DEBUG kms.KMSClientProvider: KMSClientProvider created for KMS
url: http://localhost:9600/kms/v1/ delegation token service: kms://http@localhost:9600/kms
canonical service: 127.0.0.1:9600.
   2021-04-01 02:38:10,288 DEBUG kms.LoadBalancingKMSClientProvider: Created LoadBalancingKMSClientProvider
for KMS url: kms://http@localhost:9600/kms with 1 providers. delegation token service: kms://http@localhost:9600/kms,
canonical service: 127.0.0.1:9600
   2021-04-01 02:38:10,447 DEBUG kms.KMSClientProvider: Current UGI: centos (auth:SIMPLE)
   2021-04-01 02:38:10,450 DEBUG kms.KMSClientProvider: Login UGI: centos (auth:SIMPLE)
   key1 has been successfully created with options Options{cipher='SM4/CTR/NoPadding', bitLength=128,
description='null', attributes=null}.
   org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider@41e1e210 has been updated.
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 575287)
    Time Spent: 40m  (was: 0.5h)

> Make SM4 support optional for OpenSSL native code
> -------------------------------------------------
>
>                 Key: HADOOP-17609
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17609
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: native
>    Affects Versions: 3.4.0
>            Reporter: Masatake Iwasaki
>            Assignee: Masatake Iwasaki
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 because the
SM4 is not enabled on the openssl package. We should not force users to install OpenSSL from
source code even if they do not use SM4 feature.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message