AMC-team created HADOOP-19667:
---------------------------------
Summary: Clarify legal value constraints for
hadoop.security.crypto.buffer.size (min=512; floor to cipher block size)
Key: HADOOP-19667
URL: https://issues.apache.org/jira/browse/HADOOP-19667
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.8.5
Reporter: AMC-team
In core-default.xml, the property hadoop.security.crypto.buffer.size is
currently documented as “The buffer size used by CryptoInputStream and
CryptoOutputStream.” It does not specify the legal value constraints.
{code:java}
<property>
<name>hadoop.security.crypto.buffer.size</name>
<value>8192</value>
<description>The buffer size used by CryptoInputStream and CryptoOutputStream.
</description>
</property> {code}
The runtime enforces two hidden constraints that are not documented:
1. Minimum value is 512 bytes. Values below 512 cause IllegalArgumentException
at stream construction time.
2. Block-size flooring: The effective buffer size is floored to a multiple of
the cipher algorithm’s block size (e.g., 16 bytes for AES/CTR/NoPadding).
As a result, users may be surprised that:
1. Setting a value like 4100 results in an actual capacity of 4096.
2. Setting values <512 fails fast with IllegalArgumentException.
*Expected*
core-default.xml (and user-facing docs) should explicitly document:
1. Minimum legal value: 512 bytes.
2. The effective value is floored to the nearest multiple of the cipher
algorithm block size (e.g., 16 for AES).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
