Hello Alexey Serbin, Andrew Wong, Grant Henke, I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/17163 to review the following change. Change subject: KUDU-3207 Switch RSA private key format to PKCS#8 ...................................................................... KUDU-3207 Switch RSA private key format to PKCS#8 When Kudu writes a private key in PEM format, it uses RSAPrivateKey family, which doesn't specify the output format, meaning it's up to OpenSSL to decide the format it uses. There are several private keys in the tests stored in PKCS#1 format which are string matched against. If OpenSSL uses PKCS#8, such as in case of the FIPS-approved environment I used, these assertions fail. This commit changes the private key format to PKCS#8, re-enables the test that was skipped in FIPS-approved mode as a workaround, and changes all test private keys that were stored in PKCS#1 to PKCS#8. The actual keys weren't changed, only the storage format. I ran all tests manually in a non-FIPS environment (CentOS 7.9.2009 with OpenSSL 1.0.2k-fips, fips mode off) and a FIPS environment (CentOS 7.8.2003 with OpenSSL 1.0.2v-fips, fips mode on). Change-Id: Ie46fd4f0b8bafcbe606a444e31c9af9e09291e64 --- M src/kudu/security/crypto-test.cc M src/kudu/security/crypto.cc M src/kudu/security/test/test_certs.cc 3 files changed, 189 insertions(+), 191 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/63/17163/1 -- To view, visit http://gerrit.cloudera.org:8080/17163 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ie46fd4f0b8bafcbe606a444e31c9af9e09291e64 Gerrit-Change-Number: 17163 Gerrit-PatchSet: 1 Gerrit-Owner: Attila Bukor <abu...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Grant Henke <granthe...@apache.org>