[kudu-CR] [security] sign/verify data using RSA key pair

Thu, 26 Jan 2017 15:56:55 -0800 

Todd Lipcon has posted comments on this change.

Change subject: [security] sign/verify data using RSA key pair
......................................................................


Patch Set 2:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/5805/2/src/kudu/security/openssl_util.cc
File src/kudu/security/openssl_util.cc:

PS2, Line 436: default:
             :       CHECK(false) << "unsupported digest operation";
per comment on the review the other day, I think it's better to just not list a 
default, since this is an internally defined enum


PS2, Line 440:   const void* mdata = reinterpret_cast<const void*>(data.data());
             :   auto membio = ssl_make_unique(BIO_new_mem_buf(
             : #if OPENSSL_VERSION_NUMBER < 0x10002000L
             :       const_cast<void*>(mdata),
             : #else
             :       mdata,
             : #endif
             :       data.size()));
             :   BIO* inp = BIO_push(bmd.get(), membio.get());
             :   while (true) {
             :     unsigned char buf[1024];
             :     const int rc = BIO_read(inp, buf, sizeof(buf));
             :     if (rc < 0) {
             :       return Status::RuntimeError(Substitute("error reading 
data: $0",
             :                                              
GetOpenSSLErrors()));
             :     }
             :     if (rc == 0) {
             :       break;
             :     }
             :   }
hrm, not quite following what this BIO stuff is doing. Can we just use 
EVP_DigestSignUpdate(mctx, &data[0], data.size()); ? I'm looking at the bottom 
section of https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying which 
seems much simpler than the code in this function


http://gerrit.cloudera.org:8080/#/c/5805/2/src/kudu/security/openssl_util.h
File src/kudu/security/openssl_util.h:

PS2, Line 194: template<typename KeyType>
             : Status MakeSignature(DigestType digest, const KeyType& key,
hrm, why are these standalone templated functions instead of just being members 
of the Key/PrivateKey classes?


-- 
To view, visit http://gerrit.cloudera.org:8080/5805
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I3fa04bb7d09aa416363998e2f8d7ccbdea625e4f
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-HasComments: Yes

Reply via email to