Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/19615 )
Change subject: KUDU-3448 Plumbing for encrypting key material ...................................................................... KUDU-3448 Plumbing for encrypting key material Key material for the internal PKI and token signing keys are stored in the syscatalog table in clear text, which is okay when volume-level encryption or Kudu's built-in data at rest encryption is used, but in some cases, this is either not used, or it's not enough (FISMA). To allow storing these key materials in encrypted form in the syscatalog table, this patch adds the necessary plumbing in Kudu's OpenSSL wrapper. It is now possible to pass a password callback function to the utility functions responsible for reading from and writing to OpenSSL BIO and strings. Change-Id: I24c5ac8ea0f9a4cab0f35ecccb1b7b00f3acefa8 Reviewed-on: http://gerrit.cloudera.org:8080/19615 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <[email protected]> --- M src/kudu/security/crypto.cc M src/kudu/security/crypto.h M src/kudu/util/openssl_util_bio.h 3 files changed, 75 insertions(+), 5 deletions(-) Approvals: Kudu Jenkins: Verified Alexey Serbin: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/19615 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I24c5ac8ea0f9a4cab0f35ecccb1b7b00f3acefa8 Gerrit-Change-Number: 19615 Gerrit-PatchSet: 5 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ashwani Raina <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Mahesh Reddy <[email protected]> Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Ádám Bakai <[email protected]>
