[jira] [Commented] (HDFS-15098) Add SM4 encryption method for HDFS

Wed, 08 Jan 2020 17:49:50 -0800 


    [ 
https://issues.apache.org/jira/browse/HDFS-15098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17011296#comment-17011296
 ] 

Wei-Chiu Chuang commented on HDFS-15098:
----------------------------------------

Some quick comments:

1. does it depend on a specific version of openssl? It appears SM4 is a new 
thing in openssl and only the latest openssl 1.1.1 
(https://www.openssl.org/blog/blog/2018/09/11/release111/) has it. It is not 
clear to me if Hadoop support openssl 1.1.1 (HADOOP-16647). What happens if a 
lower version of openssl is loaded? does it emit a clear error message?
2. please add documentation
3. please add the new configuration key/value/description in core-default.xml
4. if openssl is not available, will it simply fail? the existing crypto 
implementation falls back to a Java implementation if openssl is not loaded.
5. please use OpensslSecureRandom instead of OsSecureRandom. The former has 
better performance.
6. add tests please
7. what happens if a client configures SM4 but server side configures AES? does 
it fail or is there a negotiation between them to find a common codec??

> Add SM4 encryption method for HDFS
> ----------------------------------
>
>                 Key: HDFS-15098
>                 URL: https://issues.apache.org/jira/browse/HDFS-15098
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: liusheng
>            Priority: Major
>         Attachments: HDFS-15098.001.patch
>
>
> SM4 (formerly SMS4)is a block cipher used in the Chinese National Standard 
> for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure).
> SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far 
> been rejected by ISO. One of the reasons for the rejection has been 
> opposition to the WAPI fast-track proposal by the IEEE. please see:
> [https://en.wikipedia.org/wiki/SM4_(cipher)]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to