Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/18025 )
Change subject: [security] KUDU-3316 Add encrypted file keys ...................................................................... Patch Set 11: (3 comments) http://gerrit.cloudera.org:8080/#/c/18025/8//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/18025/8//COMMIT_MSG@36 PS8, Line 36: manually with encryption enabled > I don't think it would be necessary, but I guess i wouldn't hurt. Is there Well, I guess the regular way should work there, like KUDU_ALLOW_SLOW_TESTS=1 ../../build-support/dist_test.py <other_cmd_line_flags> If that doesn't work for you, then maybe update the code to run with encryption by default and run the newly built code :) http://gerrit.cloudera.org:8080/#/c/18025/8/src/kudu/util/env_posix.cc File src/kudu/util/env_posix.cc: http://gerrit.cloudera.org:8080/#/c/18025/8/src/kudu/util/env_posix.cc@827 PS8, Line 827: > Yea, I agree this is weird, do you have a suggestion for a cleaner approach One alternative might be passing 'eh' as const pointer and removing the 'decrypt' parameter for DoReadV(). Passing null 'eh' would automatically mean no decryption is needed. http://gerrit.cloudera.org:8080/#/c/18025/11/src/kudu/util/env_posix.cc File src/kudu/util/env_posix.cc: http://gerrit.cloudera.org:8080/#/c/18025/11/src/kudu/util/env_posix.cc@243 PS11, Line 243: AES128ECB = 0xFD, : AES192ECB = 0XFE, : AES256ECB = 0xFF, > What's the rationale behind these values, vs just continuing at 0x03? nit: I'd also expect just adding some bit (e.g. the MSB) for ECB vs CTR, like AES128ECB = 0x80, AES192ECB = 0x81, AES256ECB = 0x82, -- To view, visit http://gerrit.cloudera.org:8080/18025 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Idb1282c117271fda63a8cc54c00add7cc96dcffd Gerrit-Change-Number: 18025 Gerrit-PatchSet: 11 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Tue, 25 Jan 2022 05:59:15 +0000 Gerrit-HasComments: Yes
