[ https://issues.apache.org/jira/browse/HDFS-6737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Uma Maheswara Rao G resolved HDFS-6737. --------------------------------------- Resolution: Won't Fix > DFSClient should use IV generated based on the configured CipherSuite with > codecs used > -------------------------------------------------------------------------------------- > > Key: HDFS-6737 > URL: https://issues.apache.org/jira/browse/HDFS-6737 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: hdfs-client > Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) > Reporter: Uma Maheswara Rao G > Assignee: Uma Maheswara Rao G > Attachments: HDFS-6737.patch > > > Seems like we are using IV as like Encrypted data encryption key iv. But the > underlying Codec's cipher suite may expect different iv length. So, we should > generate IV from the Coec's cipher suite configured. > {code} > final CryptoInputStream cryptoIn = > new CryptoInputStream(dfsis, CryptoCodec.getInstance(conf, > feInfo.getCipherSuite()), > feInfo.getEncryptedDataEncryptionKey(), > feInfo.getIV()); > {code} > So, instead of using feinfo.getIV(), we should generate like > {code} > byte[] iv = new byte[codec.getCipherSuite().getAlgorithmBlockSize()]; > codec.generateSecureRandom(iv); > {code} -- This message was sent by Atlassian JIRA (v6.2#6252)