[
https://issues.apache.org/jira/browse/HADOOP-10734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14054056#comment-14054056
]
Colin Patrick McCabe commented on HADOOP-10734:
-----------------------------------------------
[~tucu00]: I agree with Yi's idea of making this a separate class; coupling it
with CryptoCodec would be confusing. Although they both use the openssl
library, they use different C functions. For example, these functions are not
needed for the crypto codec stuff, only for the random stuff:
{code}
+ LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_finish, env, openssl, "ENGINE_finish");
+ LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_free, env, openssl, "ENGINE_free");
+ LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_cleanup, env, openssl, "ENGINE_cleanup");
+ LOAD_DYNAMIC_SYMBOL(dlsym_RAND_bytes, env, openssl, "RAND_bytes");
+ LOAD_DYNAMIC_SYMBOL(dlsym_ERR_get_error, env, openssl, "ERR_get_error");
{code}
bq. \[Yi wrote\]: I agree it’s not good to test true random numbers in this
way. I try to loop until rand2 is not equal to rand1, but then we need to
Assert something, your suggestion is?
I was just suggesting looping until they're not equal. This catches the case
where it's always returning a constant value (it will timeout). So I don't see
why we "need to assert something."
There definitely are more sophisticated tests for randomness out there, but
that would require a bit of research and might be best to do in another JIRA,
if we do it.
{code}
+static unsigned long pthreads_thread_id(void)
+{
+ return (unsigned long)pthread_self();
+}
{code}
This is still wrong. If you don't want to use gettid, you can use some code
like this:
{code}
pthread_key_t key;
unsigned long highest_thread_id;
static unsigned long pthreads_thread_id(void)
{
void *v;
unsigned long id;
v = pthread_getspecific(key);
if (v) {
return (unsigned long)(uintptr_t)v;
}
id = __add_and_fetch(&highest_thread_id, 1);
pthread_setspecific(key, (void*)id);
return id;
}
{code}
You'll need to manage setting up and tearing down the {{pthread_key_t}} as well.
> Implementation of true secure random with high performance using hardware
> random number generator.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10734
> URL: https://issues.apache.org/jira/browse/HADOOP-10734
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Yi Liu
> Assignee: Yi Liu
> Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
> Attachments: HADOOP-10734.1.patch, HADOOP-10734.2.patch,
> HADOOP-10734.patch
>
>
> This JIRA is to implement Secure random using JNI to OpenSSL, and
> implementation should be thread-safe.
> Utilize RdRand to return random numbers from hardware random number
> generator. It's TRNG(True Random Number generators) having much higher
> performance than {{java.security.SecureRandom}}.
> https://wiki.openssl.org/index.php/Random_Numbers
> http://en.wikipedia.org/wiki/RdRand
> https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl
--
This message was sent by Atlassian JIRA
(v6.2#6252)
