Todd Lipcon has posted comments on this change. Change subject: [security] sign/verify data using RSA key pair ......................................................................
Patch Set 2: (3 comments) http://gerrit.cloudera.org:8080/#/c/5805/2/src/kudu/security/openssl_util.cc File src/kudu/security/openssl_util.cc: PS2, Line 436: default: : CHECK(false) << "unsupported digest operation"; per comment on the review the other day, I think it's better to just not list a default, since this is an internally defined enum PS2, Line 440: const void* mdata = reinterpret_cast<const void*>(data.data()); : auto membio = ssl_make_unique(BIO_new_mem_buf( : #if OPENSSL_VERSION_NUMBER < 0x10002000L : const_cast<void*>(mdata), : #else : mdata, : #endif : data.size())); : BIO* inp = BIO_push(bmd.get(), membio.get()); : while (true) { : unsigned char buf[1024]; : const int rc = BIO_read(inp, buf, sizeof(buf)); : if (rc < 0) { : return Status::RuntimeError(Substitute("error reading data: $0", : GetOpenSSLErrors())); : } : if (rc == 0) { : break; : } : } hrm, not quite following what this BIO stuff is doing. Can we just use EVP_DigestSignUpdate(mctx, &data[0], data.size()); ? I'm looking at the bottom section of https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying which seems much simpler than the code in this function http://gerrit.cloudera.org:8080/#/c/5805/2/src/kudu/security/openssl_util.h File src/kudu/security/openssl_util.h: PS2, Line 194: template<typename KeyType> : Status MakeSignature(DigestType digest, const KeyType& key, hrm, why are these standalone templated functions instead of just being members of the Key/PrivateKey classes? -- To view, visit http://gerrit.cloudera.org:8080/5805 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3fa04bb7d09aa416363998e2f8d7ccbdea625e4f Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes