Hello Alexey Serbin, Andrew Wong, Grant Henke,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/17163
to review the following change.
Change subject: KUDU-3207 Switch RSA private key format to PKCS#8
......................................................................
KUDU-3207 Switch RSA private key format to PKCS#8
When Kudu writes a private key in PEM format, it uses RSAPrivateKey
family, which doesn't specify the output format, meaning it's up to
OpenSSL to decide the format it uses. There are several private keys in
the tests stored in PKCS#1 format which are string matched against. If
OpenSSL uses PKCS#8, such as in case of the FIPS-approved environment I
used, these assertions fail.
This commit changes the private key format to PKCS#8, re-enables the
test that was skipped in FIPS-approved mode as a workaround, and changes
all test private keys that were stored in PKCS#1 to PKCS#8. The actual
keys weren't changed, only the storage format.
I ran all tests manually in a non-FIPS environment (CentOS 7.9.2009 with
OpenSSL 1.0.2k-fips, fips mode off) and a FIPS environment (CentOS
7.8.2003 with OpenSSL 1.0.2v-fips, fips mode on).
Change-Id: Ie46fd4f0b8bafcbe606a444e31c9af9e09291e64
---
M src/kudu/security/crypto-test.cc
M src/kudu/security/crypto.cc
M src/kudu/security/test/test_certs.cc
3 files changed, 189 insertions(+), 191 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/63/17163/1
--
To view, visit http://gerrit.cloudera.org:8080/17163
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie46fd4f0b8bafcbe606a444e31c9af9e09291e64
Gerrit-Change-Number: 17163
Gerrit-PatchSet: 1
Gerrit-Owner: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Grant Henke <granthe...@apache.org>
