[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871973#comment-17871973 ] ASF GitHub Bot commented on HADOOP-17609: - iwasakims commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-2275656614 I merged this to trunk and branch-3.4. Thanks, @steveloughran. > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871972#comment-17871972 ] ASF GitHub Bot commented on HADOOP-17609: - iwasakims merged PR #3019: URL: https://github.com/apache/hadoop/pull/3019 > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871947#comment-17871947 ] ASF GitHub Bot commented on HADOOP-17609: - zhengchenyu commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-2275536366 > Related unit tests passed on my local environment. Manual testing looks fine as before. The error does not appear to involve unit test. It seems that some build server does not get docker repo's authorization. I have also encountered it before, when I start a new pr and another build server to execute, then pass. But I don't know how to fix authorization. ``` ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed ``` > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871935#comment-17871935 ] ASF GitHub Bot commented on HADOOP-17609: - iwasakims commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-2275501426 Related unit tests passed on my local environment. Manual testing looks fine as before. > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871878#comment-17871878
]
ASF GitHub Bot commented on HADOOP-17609:
-
iwasakims commented on code in PR #3019:
URL: https://github.com/apache/hadoop/pull/3019#discussion_r1708757047
##
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java:
##
@@ -107,4 +107,11 @@ public void testDoFinalArguments() throws Exception {
"Direct buffer is required", e);
}
}
+
+ @Test(timeout=12)
+ public void testIsSupportedSuite() throws Exception {
+Assume.assumeTrue(OpensslCipher.getLoadingFailureReason() == null);
+Assert.assertFalse(OpensslCipher.isSupported(CipherSuite.UNKNOWN));
Review Comment:
added.
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Affects Versions: 3.4.0
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871877#comment-17871877
]
ASF GitHub Bot commented on HADOOP-17609:
-
iwasakims commented on code in PR #3019:
URL: https://github.com/apache/hadoop/pull/3019#discussion_r1708756247
##
hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c:
##
@@ -245,7 +248,7 @@ JNIEXPORT void JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_initIDs
if (jthr) {
(*env)->DeleteLocalRef(env, jthr);
THROW(env, "java/lang/UnsatisfiedLinkError", \
-"Cannot find AES-CTR/SM4-CTR support, is your version of Openssl new
enough?");
+"Cannot find AES-CTR support, is your version of Openssl new enough?");
Review Comment:
fixed.
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Affects Versions: 3.4.0
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871874#comment-17871874
]
ASF GitHub Bot commented on HADOOP-17609:
-
iwasakims commented on code in PR #3019:
URL: https://github.com/apache/hadoop/pull/3019#discussion_r1708752202
##
hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c:
##
@@ -554,3 +557,24 @@ JNIEXPORT jstring JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_getLibrary
}
#endif
}
+
+JNIEXPORT jboolean JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_isSupportedSuite
+(JNIEnv *env, jclass clazz, jint alg, jint padding)
+{
+ if (padding != NOPADDING) {
+return JNI_FALSE;
+ }
+
+ if (alg == AES_CTR && (dlsym_EVP_aes_256_ctr != NULL &&
dlsym_EVP_aes_128_ctr != NULL)) {
Review Comment:
Yes. Both is loaded in `loadAesCtr` .
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Affects Versions: 3.4.0
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871657#comment-17871657
]
ASF GitHub Bot commented on HADOOP-17609:
-
steveloughran commented on code in PR #3019:
URL: https://github.com/apache/hadoop/pull/3019#discussion_r1707038476
##
hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c:
##
@@ -245,7 +248,7 @@ JNIEXPORT void JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_initIDs
if (jthr) {
(*env)->DeleteLocalRef(env, jthr);
THROW(env, "java/lang/UnsatisfiedLinkError", \
-"Cannot find AES-CTR/SM4-CTR support, is your version of Openssl new
enough?");
+"Cannot find AES-CTR support, is your version of Openssl new enough?");
Review Comment:
change to OpenSSL
##
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java:
##
@@ -107,4 +107,11 @@ public void testDoFinalArguments() throws Exception {
"Direct buffer is required", e);
}
}
+
+ @Test(timeout=12)
+ public void testIsSupportedSuite() throws Exception {
+Assume.assumeTrue(OpensslCipher.getLoadingFailureReason() == null);
+Assert.assertFalse(OpensslCipher.isSupported(CipherSuite.UNKNOWN));
Review Comment:
add error message for these two assertions
##
hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c:
##
@@ -554,3 +557,24 @@ JNIEXPORT jstring JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_getLibrary
}
#endif
}
+
+JNIEXPORT jboolean JNICALL
Java_org_apache_hadoop_crypto_OpensslCipher_isSupportedSuite
+(JNIEnv *env, jclass clazz, jint alg, jint padding)
+{
+ if (padding != NOPADDING) {
+return JNI_FALSE;
+ }
+
+ if (alg == AES_CTR && (dlsym_EVP_aes_256_ctr != NULL &&
dlsym_EVP_aes_128_ctr != NULL)) {
Review Comment:
so this requires both aes 128 and aes 256?
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Affects Versions: 3.4.0
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871548#comment-17871548 ] ASF GitHub Bot commented on HADOOP-17609: - iwasakims commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-2272722629 @zhengchenyu I'm still willing to fix this and waiting for +1 from another committer. > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17871528#comment-17871528 ] ASF GitHub Bot commented on HADOOP-17609: - zhengchenyu commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-2272528072 @jojochuang @iwasakims Are you ok to merge this pr? It seems that changes to the common project's c code may trigger "Doesn't support SM4 CTR." For example: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6813/5/artifact/out/patch-unit-hadoop-common-project_hadoop-common.txt > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681656#comment-17681656 ] ASF GitHub Bot commented on HADOOP-17609: - iwasakims commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-1407530427 @snmvaughan Thanks for testing this. > I'd suggest making it easy to control with a Maven system property like -Dopenssl.no.sm4. Please file another JIRA issue for you proposal. I'm not intending to disable SM4 even if the platform support it. > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681610#comment-17681610 ] ASF GitHub Bot commented on HADOOP-17609: - snmvaughan commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-1407454938 I'd suggest making it easy to control with a Maven system property like `-Dopenssl.no.sm4`. [OPENSSL_NO_SM4.patch](https://github.com/apache/hadoop/files/10527948/OPENSSL_NO_SM4.patch) > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[ https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681415#comment-17681415 ] ASF GitHub Bot commented on HADOOP-17609: - snmvaughan commented on PR #3019: URL: https://github.com/apache/hadoop/pull/3019#issuecomment-1406819254 I was able to test this locally and it worked as expected. > Make SM4 support optional for OpenSSL native code > - > > Key: HADOOP-17609 > URL: https://issues.apache.org/jira/browse/HADOOP-17609 > Project: Hadoop Common > Issue Type: Improvement > Components: native >Affects Versions: 3.4.0 >Reporter: Masatake Iwasaki >Assignee: Masatake Iwasaki >Priority: Major > Labels: pull-request-available > Time Spent: 4h 50m > Remaining Estimate: 0h > > openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098 > because the SM4 is not enabled on the openssl package. We should not force > users to install OpenSSL from source code even if they do not use SM4 feature. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17312447#comment-17312447
]
Masatake Iwasaki commented on HADOOP-17609:
---
SM4 is intentionally disabled in openssl-1.1.1 of CentOS.
https://git.centos.org/rpms/openssl/blob/3dfed0dc2b196e3d2f958d4951348f41b6cea64b/f/SPECS/openssl.spec#_280
{noformat}
# ia64, x86_64, ppc are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5\
enable-weak-ssl-ciphers \
no-mdc2 no-ec2m no-sm2 no-sm4 \
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
{noformat}
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Affects Versions: 3.4.0
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-17609) Make SM4 support optional for OpenSSL native code
[
https://issues.apache.org/jira/browse/HADOOP-17609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17310426#comment-17310426
]
Masatake Iwasaki commented on HADOOP-17609:
---
{noformat}
$ openssl enc -ciphers | grep -i sm4
$ rpm -q openssl-devel
openssl-devel-1.1.1g-12.el8_3.x86_64
$ bin/hadoop checknative
2021-03-29 04:52:27,019 INFO bzip2.Bzip2Factory: Successfully loaded &
initialized native-bzip2 library system-native
2021-03-29 04:52:27,022 INFO zlib.ZlibFactory: Successfully loaded &
initialized native-zlib library
2021-03-29 04:52:27,145 INFO nativeio.NativeIO: The native code was built
without PMDK support.
Native library checking:
hadoop: true
/home/centos/dist/hadoop-3.4.0-SNAPSHOT/lib/native/libhadoop.so.1.0.0
zlib:true /lib64/libz.so.1
zstd : true /lib64/libzstd.so.1
bzip2: true /lib64/libbz2.so.1
openssl: false Cannot find AES-CTR/SM4-CTR support, is your version of Openssl
new enough?
ISA-L: true /lib64/libisal.so.2
PMDK:false The native code was built without PMDK support.
{noformat}
> Make SM4 support optional for OpenSSL native code
> -
>
> Key: HADOOP-17609
> URL: https://issues.apache.org/jira/browse/HADOOP-17609
> Project: Hadoop Common
> Issue Type: Improvement
> Components: native
>Reporter: Masatake Iwasaki
>Assignee: Masatake Iwasaki
>Priority: Major
>
> openssl-devel-1.1.1g provided by CentOS 8 does not work after HDFS-15098
> because the SM4 is not enabled on the openssl package. We should not force
> users to install OpenSSL from source code even if they do not use SM4 feature.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
