iwasakims commented on pull request #2847: URL: https://github.com/apache/hadoop/pull/2847#issuecomment-811597921
I manually tested the fix on CentOS 8 with bcprov-ext-jdk15on-165.jar set up based on [the comment of HDFS-15098](https://issues.apache.org/jira/browse/HDFS-15098?focusedCommentId=17112893&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17112893). OpensslCipher is available but SM4 is not suppored. `hadoop key create key1 -cipher 'SM4/CTR/NoPadding'` worked (by falling back from OpensslSm4CtrCryptoCodec to JceSm4CtrCryptoCodec). ``` $ grep Bouncy /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider $ bin/hadoop checknative 2>/dev/null Native library checking: hadoop: true /home/centos/dist/hadoop-3.4.0-SNAPSHOT-HADOOP-17609/lib/native/libhadoop.so.1.0.0 zlib: true /lib64/libz.so.1 zstd : true /lib64/libzstd.so.1 bzip2: true /lib64/libbz2.so.1 openssl: true /lib64/libcrypto.so ISA-L: true /lib64/libisal.so.2 PMDK: false The native code was built without PMDK support. $ bin/hadoop --daemon start kms $ bin/hadoop key create key1 -cipher 'SM4/CTR/NoPadding' 2021-04-01 02:38:10,276 DEBUG kms.KMSClientProvider: KMSClientProvider created for KMS url: http://localhost:9600/kms/v1/ delegation token service: kms://http@localhost:9600/kms canonical service: 127.0.0.1:9600. 2021-04-01 02:38:10,288 DEBUG kms.LoadBalancingKMSClientProvider: Created LoadBalancingKMSClientProvider for KMS url: kms://http@localhost:9600/kms with 1 providers. delegation token service: kms://http@localhost:9600/kms, canonical service: 127.0.0.1:9600 2021-04-01 02:38:10,447 DEBUG kms.KMSClientProvider: Current UGI: centos (auth:SIMPLE) 2021-04-01 02:38:10,450 DEBUG kms.KMSClientProvider: Login UGI: centos (auth:SIMPLE) key1 has been successfully created with options Options{cipher='SM4/CTR/NoPadding', bitLength=128, description='null', attributes=null}. org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider@41e1e210 has been updated. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
