rohit-kb commented on PR #8550: URL: https://github.com/apache/hadoop/pull/8550#issuecomment-4718223686
Thanks for confirming UBI 10 build! Regarding your concern, The ENGINE API change only affects how the random bytes are produced internally (RDRAND via ENGINE vs RDRAND via OpenSSL's built-in provider in version 3.x). The output is on par random bytes in both cases. Existing keys, certificates, and encrypted data should not be affected. Here is the overall flow I believe: Encryption: 1. OpensslSecureRandom generates 32 random bytes for the key. 2. Key is stored in KMS 3. File is encrypted with that key and written to HDFS. Decryption: 1. Fetch the key from KMS 2. Use the key to decrypt the file OpensslSecureRandom is never used in decryption. Our change only affects how the random bytes are generated inside OpensslSecureRandom. Whether those random bytes came from Intel RDRAND via the ENGINE path or via OpenSSL's built-in provider. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
