This is an automated email from the ASF dual-hosted git repository.
apitrou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new f078942ce2 GH-43141: [C++][Parquet] Replace use of int with int32_t in
the internal Parquet encryption APIs (#43413)
f078942ce2 is described below
commit f078942ce2df68de8f48c3b4233132133601ca53
Author: Adam Reeve <[email protected]>
AuthorDate: Thu Aug 22 02:59:04 2024 +1200
GH-43141: [C++][Parquet] Replace use of int with int32_t in the internal
Parquet encryption APIs (#43413)
### Rationale for this change
See #43141
### What changes are included in this PR?
* Changes uses of int to int32_t in the Encryptor and Decryptor APIs,
except where interfacing with OpenSSL.
* Also change RandBytes to use size_t instead of int and check for overflow.
* Check the return code from OpenSSL's Rand_bytes in case there is a
failure generating random bytes
### Are these changes tested?
Yes, this doesn't change behaviour and is covered by existing tests.
### Are there any user-facing changes?
No
* GitHub Issue: #43141
Authored-by: Adam Reeve <[email protected]>
Signed-off-by: Antoine Pitrou <[email protected]>
---
cpp/src/parquet/column_reader.cc | 4 +-
cpp/src/parquet/encryption/crypto_factory.cc | 6 +-
cpp/src/parquet/encryption/encryption_internal.cc | 251 ++++++++++++---------
cpp/src/parquet/encryption/encryption_internal.h | 46 ++--
.../encryption/encryption_internal_nossl.cc | 47 ++--
.../parquet/encryption/encryption_internal_test.cc | 22 +-
cpp/src/parquet/encryption/file_key_wrapper.cc | 4 +-
.../parquet/encryption/internal_file_decryptor.cc | 12 +-
.../parquet/encryption/internal_file_decryptor.h | 8 +-
.../parquet/encryption/internal_file_encryptor.cc | 10 +-
.../parquet/encryption/internal_file_encryptor.h | 6 +-
cpp/src/parquet/encryption/key_toolkit_internal.cc | 2 +-
cpp/src/parquet/metadata.cc | 6 +-
cpp/src/parquet/thrift_internal.h | 2 +-
14 files changed, 233 insertions(+), 193 deletions(-)
diff --git a/cpp/src/parquet/column_reader.cc b/cpp/src/parquet/column_reader.cc
index 05ee6a16c5..60a8a2176b 100644
--- a/cpp/src/parquet/column_reader.cc
+++ b/cpp/src/parquet/column_reader.cc
@@ -468,8 +468,8 @@ std::shared_ptr<Page> SerializedPageReader::NextPage() {
// Advance the stream offset
PARQUET_THROW_NOT_OK(stream_->Advance(header_size));
- int compressed_len = current_page_header_.compressed_page_size;
- int uncompressed_len = current_page_header_.uncompressed_page_size;
+ int32_t compressed_len = current_page_header_.compressed_page_size;
+ int32_t uncompressed_len = current_page_header_.uncompressed_page_size;
if (compressed_len < 0 || uncompressed_len < 0) {
throw ParquetException("Invalid page header");
}
diff --git a/cpp/src/parquet/encryption/crypto_factory.cc
b/cpp/src/parquet/encryption/crypto_factory.cc
index 72506bdc01..56069d5597 100644
--- a/cpp/src/parquet/encryption/crypto_factory.cc
+++ b/cpp/src/parquet/encryption/crypto_factory.cc
@@ -72,8 +72,7 @@ std::shared_ptr<FileEncryptionProperties>
CryptoFactory::GetFileEncryptionProper
int dek_length = dek_length_bits / 8;
std::string footer_key(dek_length, '\0');
- RandBytes(reinterpret_cast<uint8_t*>(&footer_key[0]),
- static_cast<int>(footer_key.size()));
+ RandBytes(reinterpret_cast<uint8_t*>(footer_key.data()), footer_key.size());
std::string footer_key_metadata =
key_wrapper.GetEncryptionKeyMetadata(footer_key, footer_key_id, true);
@@ -148,8 +147,7 @@ ColumnPathToEncryptionPropertiesMap
CryptoFactory::GetColumnEncryptionProperties
}
std::string column_key(dek_length, '\0');
- RandBytes(reinterpret_cast<uint8_t*>(&column_key[0]),
- static_cast<int>(column_key.size()));
+ RandBytes(reinterpret_cast<uint8_t*>(column_key.data()),
column_key.size());
std::string column_key_key_metadata =
key_wrapper->GetEncryptionKeyMetadata(column_key, column_key_id,
false);
diff --git a/cpp/src/parquet/encryption/encryption_internal.cc
b/cpp/src/parquet/encryption/encryption_internal.cc
index 99d1707f4a..a0d9367b61 100644
--- a/cpp/src/parquet/encryption/encryption_internal.cc
+++ b/cpp/src/parquet/encryption/encryption_internal.cc
@@ -18,6 +18,7 @@
#include "parquet/encryption/encryption_internal.h"
#include <openssl/aes.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
@@ -36,10 +37,10 @@ using parquet::ParquetException;
namespace parquet::encryption {
-constexpr int kGcmMode = 0;
-constexpr int kCtrMode = 1;
-constexpr int kCtrIvLength = 16;
-constexpr int kBufferSizeLength = 4;
+constexpr int32_t kGcmMode = 0;
+constexpr int32_t kCtrMode = 1;
+constexpr int32_t kCtrIvLength = 16;
+constexpr int32_t kBufferSizeLength = 4;
#define ENCRYPT_INIT(CTX, ALG) \
if (1 != EVP_EncryptInit_ex(CTX, ALG, nullptr, nullptr, nullptr)) { \
@@ -53,17 +54,17 @@ constexpr int kBufferSizeLength = 4;
class AesEncryptor::AesEncryptorImpl {
public:
- explicit AesEncryptorImpl(ParquetCipher::type alg_id, int key_len, bool
metadata,
+ explicit AesEncryptorImpl(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool write_length);
~AesEncryptorImpl() { WipeOut(); }
- int Encrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
- span<const uint8_t> aad, span<uint8_t> ciphertext);
+ int32_t Encrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
+ span<const uint8_t> aad, span<uint8_t> ciphertext);
- int SignedFooterEncrypt(span<const uint8_t> footer, span<const uint8_t> key,
- span<const uint8_t> aad, span<const uint8_t> nonce,
- span<uint8_t> encrypted_footer);
+ int32_t SignedFooterEncrypt(span<const uint8_t> footer, span<const uint8_t>
key,
+ span<const uint8_t> aad, span<const uint8_t>
nonce,
+ span<uint8_t> encrypted_footer);
void WipeOut() {
if (nullptr != ctx_) {
EVP_CIPHER_CTX_free(ctx_);
@@ -89,21 +90,22 @@ class AesEncryptor::AesEncryptorImpl {
private:
EVP_CIPHER_CTX* ctx_;
- int aes_mode_;
- int key_length_;
- int ciphertext_size_delta_;
- int length_buffer_length_;
+ int32_t aes_mode_;
+ int32_t key_length_;
+ int32_t ciphertext_size_delta_;
+ int32_t length_buffer_length_;
- int GcmEncrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
- span<const uint8_t> nonce, span<const uint8_t> aad,
- span<uint8_t> ciphertext);
+ int32_t GcmEncrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
+ span<const uint8_t> nonce, span<const uint8_t> aad,
+ span<uint8_t> ciphertext);
- int CtrEncrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
- span<const uint8_t> nonce, span<uint8_t> ciphertext);
+ int32_t CtrEncrypt(span<const uint8_t> plaintext, span<const uint8_t> key,
+ span<const uint8_t> nonce, span<uint8_t> ciphertext);
};
-AesEncryptor::AesEncryptorImpl::AesEncryptorImpl(ParquetCipher::type alg_id,
int key_len,
- bool metadata, bool
write_length) {
+AesEncryptor::AesEncryptorImpl::AesEncryptorImpl(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata,
+ bool write_length) {
openssl::EnsureInitialized();
ctx_ = nullptr;
@@ -151,11 +153,9 @@
AesEncryptor::AesEncryptorImpl::AesEncryptorImpl(ParquetCipher::type alg_id, int
}
}
-int AesEncryptor::AesEncryptorImpl::SignedFooterEncrypt(span<const uint8_t>
footer,
- span<const uint8_t>
key,
- span<const uint8_t>
aad,
- span<const uint8_t>
nonce,
- span<uint8_t>
encrypted_footer) {
+int32_t AesEncryptor::AesEncryptorImpl::SignedFooterEncrypt(
+ span<const uint8_t> footer, span<const uint8_t> key, span<const uint8_t>
aad,
+ span<const uint8_t> nonce, span<uint8_t> encrypted_footer) {
if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
@@ -176,10 +176,10 @@ int
AesEncryptor::AesEncryptorImpl::SignedFooterEncrypt(span<const uint8_t> foot
return GcmEncrypt(footer, key, nonce, aad, encrypted_footer);
}
-int AesEncryptor::AesEncryptorImpl::Encrypt(span<const uint8_t> plaintext,
- span<const uint8_t> key,
- span<const uint8_t> aad,
- span<uint8_t> ciphertext) {
+int32_t AesEncryptor::AesEncryptorImpl::Encrypt(span<const uint8_t> plaintext,
+ span<const uint8_t> key,
+ span<const uint8_t> aad,
+ span<uint8_t> ciphertext) {
if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
@@ -205,13 +205,13 @@ int AesEncryptor::AesEncryptorImpl::Encrypt(span<const
uint8_t> plaintext,
return CtrEncrypt(plaintext, key, nonce, ciphertext);
}
-int AesEncryptor::AesEncryptorImpl::GcmEncrypt(span<const uint8_t> plaintext,
- span<const uint8_t> key,
- span<const uint8_t> nonce,
- span<const uint8_t> aad,
- span<uint8_t> ciphertext) {
+int32_t AesEncryptor::AesEncryptorImpl::GcmEncrypt(span<const uint8_t>
plaintext,
+ span<const uint8_t> key,
+ span<const uint8_t> nonce,
+ span<const uint8_t> aad,
+ span<uint8_t> ciphertext) {
int len;
- int ciphertext_len;
+ int32_t ciphertext_len;
std::array<uint8_t, kGcmTagLength> tag{};
@@ -227,12 +227,22 @@ int AesEncryptor::AesEncryptorImpl::GcmEncrypt(span<const
uint8_t> plaintext,
}
// Setting additional authenticated data
+ if (aad.size() > static_cast<size_t>(std::numeric_limits<int>::max())) {
+ std::stringstream ss;
+ ss << "AAD size " << aad.size() << " overflows int";
+ throw ParquetException(ss.str());
+ }
if ((!aad.empty()) && (1 != EVP_EncryptUpdate(ctx_, nullptr, &len,
aad.data(),
static_cast<int>(aad.size())))) {
throw ParquetException("Couldn't set AAD");
}
// Encryption
+ if (plaintext.size() > static_cast<size_t>(std::numeric_limits<int>::max()))
{
+ std::stringstream ss;
+ ss << "Plaintext size " << plaintext.size() << " overflows int";
+ throw ParquetException(ss.str());
+ }
if (1 !=
EVP_EncryptUpdate(ctx_, ciphertext.data() + length_buffer_length_ +
kNonceLength,
&len, plaintext.data(),
static_cast<int>(plaintext.size()))) {
@@ -256,7 +266,7 @@ int AesEncryptor::AesEncryptorImpl::GcmEncrypt(span<const
uint8_t> plaintext,
}
// Copying the buffer size, nonce and tag to ciphertext
- int buffer_size = kNonceLength + ciphertext_len + kGcmTagLength;
+ int32_t buffer_size = kNonceLength + ciphertext_len + kGcmTagLength;
if (length_buffer_length_ > 0) {
ciphertext[3] = static_cast<uint8_t>(0xff & (buffer_size >> 24));
ciphertext[2] = static_cast<uint8_t>(0xff & (buffer_size >> 16));
@@ -271,12 +281,12 @@ int AesEncryptor::AesEncryptorImpl::GcmEncrypt(span<const
uint8_t> plaintext,
return length_buffer_length_ + buffer_size;
}
-int AesEncryptor::AesEncryptorImpl::CtrEncrypt(span<const uint8_t> plaintext,
- span<const uint8_t> key,
- span<const uint8_t> nonce,
- span<uint8_t> ciphertext) {
+int32_t AesEncryptor::AesEncryptorImpl::CtrEncrypt(span<const uint8_t>
plaintext,
+ span<const uint8_t> key,
+ span<const uint8_t> nonce,
+ span<uint8_t> ciphertext) {
int len;
- int ciphertext_len;
+ int32_t ciphertext_len;
if (nonce.size() != static_cast<size_t>(kNonceLength)) {
std::stringstream ss;
@@ -298,6 +308,11 @@ int AesEncryptor::AesEncryptorImpl::CtrEncrypt(span<const
uint8_t> plaintext,
}
// Encryption
+ if (plaintext.size() > static_cast<size_t>(std::numeric_limits<int>::max()))
{
+ std::stringstream ss;
+ ss << "Plaintext size " << plaintext.size() << " overflows int";
+ throw ParquetException(ss.str());
+ }
if (1 !=
EVP_EncryptUpdate(ctx_, ciphertext.data() + length_buffer_length_ +
kNonceLength,
&len, plaintext.data(),
static_cast<int>(plaintext.size()))) {
@@ -316,7 +331,7 @@ int AesEncryptor::AesEncryptorImpl::CtrEncrypt(span<const
uint8_t> plaintext,
ciphertext_len += len;
// Copying the buffer size and nonce to ciphertext
- int buffer_size = kNonceLength + ciphertext_len;
+ int32_t buffer_size = kNonceLength + ciphertext_len;
if (length_buffer_length_ > 0) {
ciphertext[3] = static_cast<uint8_t>(0xff & (buffer_size >> 24));
ciphertext[2] = static_cast<uint8_t>(0xff & (buffer_size >> 16));
@@ -331,9 +346,11 @@ int AesEncryptor::AesEncryptorImpl::CtrEncrypt(span<const
uint8_t> plaintext,
AesEncryptor::~AesEncryptor() {}
-int AesEncryptor::SignedFooterEncrypt(span<const uint8_t> footer, span<const
uint8_t> key,
- span<const uint8_t> aad, span<const
uint8_t> nonce,
- span<uint8_t> encrypted_footer) {
+int32_t AesEncryptor::SignedFooterEncrypt(span<const uint8_t> footer,
+ span<const uint8_t> key,
+ span<const uint8_t> aad,
+ span<const uint8_t> nonce,
+ span<uint8_t> encrypted_footer) {
return impl_->SignedFooterEncrypt(footer, key, aad, nonce, encrypted_footer);
}
@@ -343,25 +360,25 @@ int32_t AesEncryptor::CiphertextLength(int64_t
plaintext_len) const {
return impl_->CiphertextLength(plaintext_len);
}
-int AesEncryptor::Encrypt(span<const uint8_t> plaintext, span<const uint8_t>
key,
- span<const uint8_t> aad, span<uint8_t> ciphertext) {
+int32_t AesEncryptor::Encrypt(span<const uint8_t> plaintext, span<const
uint8_t> key,
+ span<const uint8_t> aad, span<uint8_t>
ciphertext) {
return impl_->Encrypt(plaintext, key, aad, ciphertext);
}
-AesEncryptor::AesEncryptor(ParquetCipher::type alg_id, int key_len, bool
metadata,
+AesEncryptor::AesEncryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool write_length)
: impl_{std::unique_ptr<AesEncryptorImpl>(
new AesEncryptorImpl(alg_id, key_len, metadata, write_length))} {}
class AesDecryptor::AesDecryptorImpl {
public:
- explicit AesDecryptorImpl(ParquetCipher::type alg_id, int key_len, bool
metadata,
+ explicit AesDecryptorImpl(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool contains_length);
~AesDecryptorImpl() { WipeOut(); }
- int Decrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
- span<const uint8_t> aad, span<uint8_t> plaintext);
+ int32_t Decrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
+ span<const uint8_t> aad, span<uint8_t> plaintext);
void WipeOut() {
if (nullptr != ctx_) {
@@ -370,7 +387,7 @@ class AesDecryptor::AesDecryptorImpl {
}
}
- [[nodiscard]] int PlaintextLength(int ciphertext_len) const {
+ [[nodiscard]] int32_t PlaintextLength(int32_t ciphertext_len) const {
if (ciphertext_len < ciphertext_size_delta_) {
std::stringstream ss;
ss << "Ciphertext length " << ciphertext_len << " is invalid, expected
at least "
@@ -380,12 +397,13 @@ class AesDecryptor::AesDecryptorImpl {
return ciphertext_len - ciphertext_size_delta_;
}
- [[nodiscard]] int CiphertextLength(int plaintext_len) const {
+ [[nodiscard]] int32_t CiphertextLength(int32_t plaintext_len) const {
if (plaintext_len < 0) {
std::stringstream ss;
ss << "Negative plaintext length " << plaintext_len;
throw ParquetException(ss.str());
- } else if (plaintext_len > std::numeric_limits<int>::max() -
ciphertext_size_delta_) {
+ } else if (plaintext_len >
+ std::numeric_limits<int32_t>::max() - ciphertext_size_delta_) {
std::stringstream ss;
ss << "Plaintext length " << plaintext_len << " plus ciphertext size
delta "
<< ciphertext_size_delta_ << " overflows int32";
@@ -396,24 +414,24 @@ class AesDecryptor::AesDecryptorImpl {
private:
EVP_CIPHER_CTX* ctx_;
- int aes_mode_;
- int key_length_;
- int ciphertext_size_delta_;
- int length_buffer_length_;
+ int32_t aes_mode_;
+ int32_t key_length_;
+ int32_t ciphertext_size_delta_;
+ int32_t length_buffer_length_;
/// Get the actual ciphertext length, inclusive of the length buffer length,
/// and validate that the provided buffer size is large enough.
- [[nodiscard]] int GetCiphertextLength(span<const uint8_t> ciphertext) const;
+ [[nodiscard]] int32_t GetCiphertextLength(span<const uint8_t> ciphertext)
const;
- int GcmDecrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
- span<const uint8_t> aad, span<uint8_t> plaintext);
+ int32_t GcmDecrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
+ span<const uint8_t> aad, span<uint8_t> plaintext);
- int CtrDecrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
- span<uint8_t> plaintext);
+ int32_t CtrDecrypt(span<const uint8_t> ciphertext, span<const uint8_t> key,
+ span<uint8_t> plaintext);
};
-int AesDecryptor::Decrypt(span<const uint8_t> ciphertext, span<const uint8_t>
key,
- span<const uint8_t> aad, span<uint8_t> plaintext) {
+int32_t AesDecryptor::Decrypt(span<const uint8_t> ciphertext, span<const
uint8_t> key,
+ span<const uint8_t> aad, span<uint8_t>
plaintext) {
return impl_->Decrypt(ciphertext, key, aad, plaintext);
}
@@ -421,8 +439,9 @@ void AesDecryptor::WipeOut() { impl_->WipeOut(); }
AesDecryptor::~AesDecryptor() {}
-AesDecryptor::AesDecryptorImpl::AesDecryptorImpl(ParquetCipher::type alg_id,
int key_len,
- bool metadata, bool
contains_length) {
+AesDecryptor::AesDecryptorImpl::AesDecryptorImpl(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata,
+ bool contains_length) {
openssl::EnsureInitialized();
ctx_ = nullptr;
@@ -469,13 +488,14 @@
AesDecryptor::AesDecryptorImpl::AesDecryptorImpl(ParquetCipher::type alg_id, int
}
}
-std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
int key_len,
- bool metadata) {
+std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata) {
return Make(alg_id, key_len, metadata, true /*write_length*/);
}
-std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
int key_len,
- bool metadata, bool
write_length) {
+std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata,
+ bool write_length) {
if (ParquetCipher::AES_GCM_V1 != alg_id && ParquetCipher::AES_GCM_CTR_V1 !=
alg_id) {
std::stringstream ss;
ss << "Crypto algorithm " << alg_id << " is not supported";
@@ -485,13 +505,13 @@ std::unique_ptr<AesEncryptor>
AesEncryptor::Make(ParquetCipher::type alg_id, int
return std::make_unique<AesEncryptor>(alg_id, key_len, metadata,
write_length);
}
-AesDecryptor::AesDecryptor(ParquetCipher::type alg_id, int key_len, bool
metadata,
+AesDecryptor::AesDecryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool contains_length)
: impl_{std::unique_ptr<AesDecryptorImpl>(
new AesDecryptorImpl(alg_id, key_len, metadata, contains_length))} {}
std::shared_ptr<AesDecryptor> AesDecryptor::Make(
- ParquetCipher::type alg_id, int key_len, bool metadata,
+ ParquetCipher::type alg_id, int32_t key_len, bool metadata,
std::vector<std::weak_ptr<AesDecryptor>>* all_decryptors) {
if (ParquetCipher::AES_GCM_V1 != alg_id && ParquetCipher::AES_GCM_CTR_V1 !=
alg_id) {
std::stringstream ss;
@@ -506,15 +526,15 @@ std::shared_ptr<AesDecryptor> AesDecryptor::Make(
return decryptor;
}
-int AesDecryptor::PlaintextLength(int ciphertext_len) const {
+int32_t AesDecryptor::PlaintextLength(int32_t ciphertext_len) const {
return impl_->PlaintextLength(ciphertext_len);
}
-int AesDecryptor::CiphertextLength(int plaintext_len) const {
+int32_t AesDecryptor::CiphertextLength(int32_t plaintext_len) const {
return impl_->CiphertextLength(plaintext_len);
}
-int AesDecryptor::AesDecryptorImpl::GetCiphertextLength(
+int32_t AesDecryptor::AesDecryptorImpl::GetCiphertextLength(
span<const uint8_t> ciphertext) const {
if (length_buffer_length_ > 0) {
// Note: length_buffer_length_ must be either 0 or kBufferSizeLength
@@ -533,10 +553,11 @@ int AesDecryptor::AesDecryptorImpl::GetCiphertextLength(
(static_cast<uint32_t>(ciphertext[0]));
if (written_ciphertext_len >
- static_cast<uint32_t>(std::numeric_limits<int>::max() -
length_buffer_length_)) {
+ static_cast<uint32_t>(std::numeric_limits<int32_t>::max() -
+ length_buffer_length_)) {
std::stringstream ss;
ss << "Written ciphertext length " << written_ciphertext_len
- << " plus length buffer length " << length_buffer_length_ << "
overflows int";
+ << " plus length buffer length " << length_buffer_length_ << "
overflows int32";
throw ParquetException(ss.str());
} else if (ciphertext.size() <
static_cast<size_t>(written_ciphertext_len) +
length_buffer_length_) {
@@ -548,28 +569,28 @@ int AesDecryptor::AesDecryptorImpl::GetCiphertextLength(
throw ParquetException(ss.str());
}
- return static_cast<int>(written_ciphertext_len) + length_buffer_length_;
+ return static_cast<int32_t>(written_ciphertext_len) +
length_buffer_length_;
} else {
- if (ciphertext.size() >
static_cast<size_t>(std::numeric_limits<int>::max())) {
+ if (ciphertext.size() >
static_cast<size_t>(std::numeric_limits<int32_t>::max())) {
std::stringstream ss;
- ss << "Ciphertext buffer length " << ciphertext.size() << " overflows
int";
+ ss << "Ciphertext buffer length " << ciphertext.size() << " overflows
int32";
throw ParquetException(ss.str());
}
- return static_cast<int>(ciphertext.size());
+ return static_cast<int32_t>(ciphertext.size());
}
}
-int AesDecryptor::AesDecryptorImpl::GcmDecrypt(span<const uint8_t> ciphertext,
- span<const uint8_t> key,
- span<const uint8_t> aad,
- span<uint8_t> plaintext) {
+int32_t AesDecryptor::AesDecryptorImpl::GcmDecrypt(span<const uint8_t>
ciphertext,
+ span<const uint8_t> key,
+ span<const uint8_t> aad,
+ span<uint8_t> plaintext) {
int len;
- int plaintext_len;
+ int32_t plaintext_len;
std::array<uint8_t, kGcmTagLength> tag{};
std::array<uint8_t, kNonceLength> nonce{};
- int ciphertext_len = GetCiphertextLength(ciphertext);
+ int32_t ciphertext_len = GetCiphertextLength(ciphertext);
if (plaintext.size() < static_cast<size_t>(ciphertext_len) -
ciphertext_size_delta_) {
std::stringstream ss;
@@ -597,16 +618,22 @@ int AesDecryptor::AesDecryptorImpl::GcmDecrypt(span<const
uint8_t> ciphertext,
}
// Setting additional authenticated data
+ if (aad.size() > static_cast<size_t>(std::numeric_limits<int>::max())) {
+ std::stringstream ss;
+ ss << "AAD size " << aad.size() << " overflows int";
+ throw ParquetException(ss.str());
+ }
if ((!aad.empty()) && (1 != EVP_DecryptUpdate(ctx_, nullptr, &len,
aad.data(),
static_cast<int>(aad.size())))) {
throw ParquetException("Couldn't set AAD");
}
// Decryption
- if (!EVP_DecryptUpdate(
- ctx_, plaintext.data(), &len,
- ciphertext.data() + length_buffer_length_ + kNonceLength,
- ciphertext_len - length_buffer_length_ - kNonceLength -
kGcmTagLength)) {
+ int decryption_length =
+ ciphertext_len - length_buffer_length_ - kNonceLength - kGcmTagLength;
+ if (!EVP_DecryptUpdate(ctx_, plaintext.data(), &len,
+ ciphertext.data() + length_buffer_length_ +
kNonceLength,
+ decryption_length)) {
throw ParquetException("Failed decryption update");
}
@@ -626,15 +653,15 @@ int AesDecryptor::AesDecryptorImpl::GcmDecrypt(span<const
uint8_t> ciphertext,
return plaintext_len;
}
-int AesDecryptor::AesDecryptorImpl::CtrDecrypt(span<const uint8_t> ciphertext,
- span<const uint8_t> key,
- span<uint8_t> plaintext) {
+int32_t AesDecryptor::AesDecryptorImpl::CtrDecrypt(span<const uint8_t>
ciphertext,
+ span<const uint8_t> key,
+ span<uint8_t> plaintext) {
int len;
- int plaintext_len;
+ int32_t plaintext_len;
std::array<uint8_t, kCtrIvLength> iv{};
- int ciphertext_len = GetCiphertextLength(ciphertext);
+ int32_t ciphertext_len = GetCiphertextLength(ciphertext);
if (plaintext.size() < static_cast<size_t>(ciphertext_len) -
ciphertext_size_delta_) {
std::stringstream ss;
@@ -665,9 +692,10 @@ int AesDecryptor::AesDecryptorImpl::CtrDecrypt(span<const
uint8_t> ciphertext,
}
// Decryption
+ int decryption_length = ciphertext_len - length_buffer_length_ -
kNonceLength;
if (!EVP_DecryptUpdate(ctx_, plaintext.data(), &len,
ciphertext.data() + length_buffer_length_ +
kNonceLength,
- ciphertext_len - length_buffer_length_ -
kNonceLength)) {
+ decryption_length)) {
throw ParquetException("Failed decryption update");
}
@@ -682,10 +710,10 @@ int AesDecryptor::AesDecryptorImpl::CtrDecrypt(span<const
uint8_t> ciphertext,
return plaintext_len;
}
-int AesDecryptor::AesDecryptorImpl::Decrypt(span<const uint8_t> ciphertext,
- span<const uint8_t> key,
- span<const uint8_t> aad,
- span<uint8_t> plaintext) {
+int32_t AesDecryptor::AesDecryptorImpl::Decrypt(span<const uint8_t> ciphertext,
+ span<const uint8_t> key,
+ span<const uint8_t> aad,
+ span<uint8_t> plaintext) {
if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
@@ -758,9 +786,22 @@ void QuickUpdatePageAad(int32_t new_page_ordinal,
std::string* AAD) {
std::memcpy(AAD->data() + AAD->length() - 2, page_ordinal_bytes.data(), 2);
}
-void RandBytes(unsigned char* buf, int num) {
+void RandBytes(unsigned char* buf, size_t num) {
+ if (num > static_cast<size_t>(std::numeric_limits<int>::max())) {
+ std::stringstream ss;
+ ss << "Length " << num << " for RandBytes overflows int";
+ throw ParquetException(ss.str());
+ }
openssl::EnsureInitialized();
- RAND_bytes(buf, num);
+ int status = RAND_bytes(buf, static_cast<int>(num));
+ if (status != 1) {
+ const auto error_code = ERR_get_error();
+ char buffer[256];
+ ERR_error_string_n(error_code, buffer, sizeof(buffer));
+ std::stringstream ss;
+ ss << "Failed to generate random bytes: " << buffer;
+ throw ParquetException(ss.str());
+ }
}
void EnsureBackendInitialized() { openssl::EnsureInitialized(); }
diff --git a/cpp/src/parquet/encryption/encryption_internal.h
b/cpp/src/parquet/encryption/encryption_internal.h
index c874b137ad..d79ff56ad4 100644
--- a/cpp/src/parquet/encryption/encryption_internal.h
+++ b/cpp/src/parquet/encryption/encryption_internal.h
@@ -29,8 +29,8 @@ using parquet::ParquetCipher;
namespace parquet::encryption {
-constexpr int kGcmTagLength = 16;
-constexpr int kNonceLength = 12;
+constexpr int32_t kGcmTagLength = 16;
+constexpr int32_t kNonceLength = 12;
// Module types
constexpr int8_t kFooter = 0;
@@ -49,13 +49,13 @@ class PARQUET_EXPORT AesEncryptor {
public:
/// Can serve one key length only. Possible values: 16, 24, 32 bytes.
/// If write_length is true, prepend ciphertext length to the ciphertext
- explicit AesEncryptor(ParquetCipher::type alg_id, int key_len, bool metadata,
+ explicit AesEncryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool write_length = true);
- static std::unique_ptr<AesEncryptor> Make(ParquetCipher::type alg_id, int
key_len,
+ static std::unique_ptr<AesEncryptor> Make(ParquetCipher::type alg_id,
int32_t key_len,
bool metadata);
- static std::unique_ptr<AesEncryptor> Make(ParquetCipher::type alg_id, int
key_len,
+ static std::unique_ptr<AesEncryptor> Make(ParquetCipher::type alg_id,
int32_t key_len,
bool metadata, bool write_length);
~AesEncryptor();
@@ -65,17 +65,17 @@ class PARQUET_EXPORT AesEncryptor {
/// Encrypts plaintext with the key and aad. Key length is passed only for
validation.
/// If different from value in constructor, exception will be thrown.
- int Encrypt(::arrow::util::span<const uint8_t> plaintext,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<uint8_t> ciphertext);
+ int32_t Encrypt(::arrow::util::span<const uint8_t> plaintext,
+ ::arrow::util::span<const uint8_t> key,
+ ::arrow::util::span<const uint8_t> aad,
+ ::arrow::util::span<uint8_t> ciphertext);
/// Encrypts plaintext footer, in order to compute footer signature (tag).
- int SignedFooterEncrypt(::arrow::util::span<const uint8_t> footer,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<const uint8_t> nonce,
- ::arrow::util::span<uint8_t> encrypted_footer);
+ int32_t SignedFooterEncrypt(::arrow::util::span<const uint8_t> footer,
+ ::arrow::util::span<const uint8_t> key,
+ ::arrow::util::span<const uint8_t> aad,
+ ::arrow::util::span<const uint8_t> nonce,
+ ::arrow::util::span<uint8_t> encrypted_footer);
void WipeOut();
@@ -90,7 +90,7 @@ class PARQUET_EXPORT AesDecryptor {
public:
/// Can serve one key length only. Possible values: 16, 24, 32 bytes.
/// If contains_length is true, expect ciphertext length prepended to the
ciphertext
- explicit AesDecryptor(ParquetCipher::type alg_id, int key_len, bool metadata,
+ explicit AesDecryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool contains_length = true);
/// \brief Factory function to create an AesDecryptor
@@ -102,26 +102,26 @@ class PARQUET_EXPORT AesDecryptor {
/// out when decryption is finished
/// \return shared pointer to a new AesDecryptor
static std::shared_ptr<AesDecryptor> Make(
- ParquetCipher::type alg_id, int key_len, bool metadata,
+ ParquetCipher::type alg_id, int32_t key_len, bool metadata,
std::vector<std::weak_ptr<AesDecryptor>>* all_decryptors);
~AesDecryptor();
void WipeOut();
/// The size of the plaintext, for this cipher and the specified ciphertext
length.
- [[nodiscard]] int PlaintextLength(int ciphertext_len) const;
+ [[nodiscard]] int32_t PlaintextLength(int32_t ciphertext_len) const;
/// The size of the ciphertext, for this cipher and the specified plaintext
length.
- [[nodiscard]] int CiphertextLength(int plaintext_len) const;
+ [[nodiscard]] int32_t CiphertextLength(int32_t plaintext_len) const;
/// Decrypts ciphertext with the key and aad. Key length is passed only for
/// validation. If different from value in constructor, exception will be
thrown.
/// The caller is responsible for ensuring that the plaintext buffer is at
least as
/// large as PlaintextLength(ciphertext_len).
- int Decrypt(::arrow::util::span<const uint8_t> ciphertext,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<uint8_t> plaintext);
+ int32_t Decrypt(::arrow::util::span<const uint8_t> ciphertext,
+ ::arrow::util::span<const uint8_t> key,
+ ::arrow::util::span<const uint8_t> aad,
+ ::arrow::util::span<uint8_t> plaintext);
private:
// PIMPL Idiom
@@ -139,7 +139,7 @@ std::string CreateFooterAad(const std::string&
aad_prefix_bytes);
void QuickUpdatePageAad(int32_t new_page_ordinal, std::string* AAD);
// Wraps OpenSSL RAND_bytes function
-void RandBytes(unsigned char* buf, int num);
+void RandBytes(unsigned char* buf, size_t num);
// Ensure OpenSSL is initialized.
//
diff --git a/cpp/src/parquet/encryption/encryption_internal_nossl.cc
b/cpp/src/parquet/encryption/encryption_internal_nossl.cc
index 2cce83915d..2a8162ed39 100644
--- a/cpp/src/parquet/encryption/encryption_internal_nossl.cc
+++ b/cpp/src/parquet/encryption/encryption_internal_nossl.cc
@@ -29,11 +29,11 @@ class AesEncryptor::AesEncryptorImpl {};
AesEncryptor::~AesEncryptor() {}
-int AesEncryptor::SignedFooterEncrypt(::arrow::util::span<const uint8_t>
footer,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<const uint8_t> nonce,
- ::arrow::util::span<uint8_t>
encrypted_footer) {
+int32_t AesEncryptor::SignedFooterEncrypt(::arrow::util::span<const uint8_t>
footer,
+ ::arrow::util::span<const uint8_t>
key,
+ ::arrow::util::span<const uint8_t>
aad,
+ ::arrow::util::span<const uint8_t>
nonce,
+ ::arrow::util::span<uint8_t>
encrypted_footer) {
ThrowOpenSSLRequiredException();
return -1;
}
@@ -45,25 +45,25 @@ int32_t AesEncryptor::CiphertextLength(int64_t
plaintext_len) const {
return -1;
}
-int AesEncryptor::Encrypt(::arrow::util::span<const uint8_t> plaintext,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<uint8_t> ciphertext) {
+int32_t AesEncryptor::Encrypt(::arrow::util::span<const uint8_t> plaintext,
+ ::arrow::util::span<const uint8_t> key,
+ ::arrow::util::span<const uint8_t> aad,
+ ::arrow::util::span<uint8_t> ciphertext) {
ThrowOpenSSLRequiredException();
return -1;
}
-AesEncryptor::AesEncryptor(ParquetCipher::type alg_id, int key_len, bool
metadata,
+AesEncryptor::AesEncryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool write_length) {
ThrowOpenSSLRequiredException();
}
class AesDecryptor::AesDecryptorImpl {};
-int AesDecryptor::Decrypt(::arrow::util::span<const uint8_t> ciphertext,
- ::arrow::util::span<const uint8_t> key,
- ::arrow::util::span<const uint8_t> aad,
- ::arrow::util::span<uint8_t> plaintext) {
+int32_t AesDecryptor::Decrypt(::arrow::util::span<const uint8_t> ciphertext,
+ ::arrow::util::span<const uint8_t> key,
+ ::arrow::util::span<const uint8_t> aad,
+ ::arrow::util::span<uint8_t> plaintext) {
ThrowOpenSSLRequiredException();
return -1;
}
@@ -72,36 +72,37 @@ void AesDecryptor::WipeOut() {
ThrowOpenSSLRequiredException(); }
AesDecryptor::~AesDecryptor() {}
-std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
int key_len,
- bool metadata) {
+std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata) {
ThrowOpenSSLRequiredException();
return NULLPTR;
}
-std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
int key_len,
- bool metadata, bool
write_length) {
+std::unique_ptr<AesEncryptor> AesEncryptor::Make(ParquetCipher::type alg_id,
+ int32_t key_len, bool
metadata,
+ bool write_length) {
ThrowOpenSSLRequiredException();
return NULLPTR;
}
-AesDecryptor::AesDecryptor(ParquetCipher::type alg_id, int key_len, bool
metadata,
+AesDecryptor::AesDecryptor(ParquetCipher::type alg_id, int32_t key_len, bool
metadata,
bool contains_length) {
ThrowOpenSSLRequiredException();
}
std::shared_ptr<AesDecryptor> AesDecryptor::Make(
- ParquetCipher::type alg_id, int key_len, bool metadata,
+ ParquetCipher::type alg_id, int32_t key_len, bool metadata,
std::vector<std::weak_ptr<AesDecryptor>>* all_decryptors) {
ThrowOpenSSLRequiredException();
return NULLPTR;
}
-int AesDecryptor::PlaintextLength(int ciphertext_len) const {
+int32_t AesDecryptor::PlaintextLength(int32_t ciphertext_len) const {
ThrowOpenSSLRequiredException();
return -1;
}
-int AesDecryptor::CiphertextLength(int plaintext_len) const {
+int32_t AesDecryptor::CiphertextLength(int32_t plaintext_len) const {
ThrowOpenSSLRequiredException();
return -1;
}
@@ -122,7 +123,7 @@ void QuickUpdatePageAad(int32_t new_page_ordinal,
std::string* AAD) {
ThrowOpenSSLRequiredException();
}
-void RandBytes(unsigned char* buf, int num) { ThrowOpenSSLRequiredException();
}
+void RandBytes(unsigned char* buf, size_t num) {
ThrowOpenSSLRequiredException(); }
void EnsureBackendInitialized() {}
diff --git a/cpp/src/parquet/encryption/encryption_internal_test.cc
b/cpp/src/parquet/encryption/encryption_internal_test.cc
index 22e14663ea..bf6607e328 100644
--- a/cpp/src/parquet/encryption/encryption_internal_test.cc
+++ b/cpp/src/parquet/encryption/encryption_internal_test.cc
@@ -41,22 +41,22 @@ class TestAesEncryption : public ::testing::Test {
encryptor.CiphertextLength(static_cast<int64_t>(plain_text_.size()));
std::vector<uint8_t> ciphertext(expected_ciphertext_len, '\0');
- int ciphertext_length = encryptor.Encrypt(str2span(plain_text_),
str2span(key_),
- str2span(aad_), ciphertext);
+ int32_t ciphertext_length = encryptor.Encrypt(str2span(plain_text_),
str2span(key_),
+ str2span(aad_), ciphertext);
ASSERT_EQ(ciphertext_length, expected_ciphertext_len);
AesDecryptor decryptor(cipher_type, key_length_, metadata, write_length);
- int expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
+ int32_t expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
std::vector<uint8_t> decrypted_text(expected_plaintext_length, '\0');
- int plaintext_length =
+ int32_t plaintext_length =
decryptor.Decrypt(ciphertext, str2span(key_), str2span(aad_),
decrypted_text);
std::string decrypted_text_str(decrypted_text.begin(),
decrypted_text.end());
- ASSERT_EQ(plaintext_length, static_cast<int>(plain_text_.size()));
+ ASSERT_EQ(plaintext_length, static_cast<int32_t>(plain_text_.size()));
ASSERT_EQ(plaintext_length, expected_plaintext_length);
ASSERT_EQ(decrypted_text_str, plain_text_);
}
@@ -68,10 +68,10 @@ class TestAesEncryption : public ::testing::Test {
AesDecryptor decryptor(cipher_type, key_length_, metadata, write_length);
// Create ciphertext of all zeros, so the ciphertext length will be read
as zero
- const int ciphertext_length = 100;
+ constexpr int32_t ciphertext_length = 100;
std::vector<uint8_t> ciphertext(ciphertext_length, '\0');
- int expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
+ int32_t expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
std::vector<uint8_t> decrypted_text(expected_plaintext_length, '\0');
EXPECT_THROW(
@@ -89,12 +89,12 @@ class TestAesEncryption : public ::testing::Test {
encryptor.CiphertextLength(static_cast<int64_t>(plain_text_.size()));
std::vector<uint8_t> ciphertext(expected_ciphertext_len, '\0');
- int ciphertext_length = encryptor.Encrypt(str2span(plain_text_),
str2span(key_),
- str2span(aad_), ciphertext);
+ int32_t ciphertext_length = encryptor.Encrypt(str2span(plain_text_),
str2span(key_),
+ str2span(aad_), ciphertext);
AesDecryptor decryptor(cipher_type, key_length_, metadata, write_length);
- int expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
+ int32_t expected_plaintext_length =
decryptor.PlaintextLength(ciphertext_length);
std::vector<uint8_t> decrypted_text(expected_plaintext_length, '\0');
::arrow::util::span<uint8_t> truncated_ciphertext(ciphertext.data(),
@@ -105,7 +105,7 @@ class TestAesEncryption : public ::testing::Test {
}
private:
- int key_length_ = 0;
+ int32_t key_length_ = 0;
std::string key_;
std::string aad_;
std::string plain_text_;
diff --git a/cpp/src/parquet/encryption/file_key_wrapper.cc
b/cpp/src/parquet/encryption/file_key_wrapper.cc
index 032ae45821..8ce563e60d 100644
--- a/cpp/src/parquet/encryption/file_key_wrapper.cc
+++ b/cpp/src/parquet/encryption/file_key_wrapper.cc
@@ -112,10 +112,10 @@ std::string
FileKeyWrapper::GetEncryptionKeyMetadata(const std::string& data_key
KeyEncryptionKey FileKeyWrapper::CreateKeyEncryptionKey(
const std::string& master_key_id) {
std::string kek_bytes(kKeyEncryptionKeyLength, '\0');
- RandBytes(reinterpret_cast<uint8_t*>(&kek_bytes[0]),
kKeyEncryptionKeyLength);
+ RandBytes(reinterpret_cast<uint8_t*>(kek_bytes.data()),
kKeyEncryptionKeyLength);
std::string kek_id(kKeyEncryptionKeyIdLength, '\0');
- RandBytes(reinterpret_cast<uint8_t*>(&kek_id[0]), kKeyEncryptionKeyIdLength);
+ RandBytes(reinterpret_cast<uint8_t*>(kek_id.data()),
kKeyEncryptionKeyIdLength);
// Encrypt KEK with Master key
std::string encoded_wrapped_kek = kms_client_->WrapKey(kek_bytes,
master_key_id);
diff --git a/cpp/src/parquet/encryption/internal_file_decryptor.cc
b/cpp/src/parquet/encryption/internal_file_decryptor.cc
index fae5ce1f7a..53a2f8c021 100644
--- a/cpp/src/parquet/encryption/internal_file_decryptor.cc
+++ b/cpp/src/parquet/encryption/internal_file_decryptor.cc
@@ -33,16 +33,16 @@
Decryptor::Decryptor(std::shared_ptr<encryption::AesDecryptor> aes_decryptor,
aad_(aad),
pool_(pool) {}
-int Decryptor::PlaintextLength(int ciphertext_len) const {
+int32_t Decryptor::PlaintextLength(int32_t ciphertext_len) const {
return aes_decryptor_->PlaintextLength(ciphertext_len);
}
-int Decryptor::CiphertextLength(int plaintext_len) const {
+int32_t Decryptor::CiphertextLength(int32_t plaintext_len) const {
return aes_decryptor_->CiphertextLength(plaintext_len);
}
-int Decryptor::Decrypt(::arrow::util::span<const uint8_t> ciphertext,
- ::arrow::util::span<uint8_t> plaintext) {
+int32_t Decryptor::Decrypt(::arrow::util::span<const uint8_t> ciphertext,
+ ::arrow::util::span<uint8_t> plaintext) {
return aes_decryptor_->Decrypt(ciphertext, str2span(key_), str2span(aad_),
plaintext);
}
@@ -143,7 +143,7 @@ std::shared_ptr<Decryptor>
InternalFileDecryptor::GetFooterDecryptor(
// Create both data and metadata decryptors to avoid redundant retrieval of
key
// from the key_retriever.
- int key_len = static_cast<int>(footer_key.size());
+ auto key_len = static_cast<int32_t>(footer_key.size());
std::shared_ptr<encryption::AesDecryptor> aes_metadata_decryptor;
std::shared_ptr<encryption::AesDecryptor> aes_data_decryptor;
@@ -197,7 +197,7 @@ std::shared_ptr<Decryptor>
InternalFileDecryptor::GetColumnDecryptor(
throw HiddenColumnException("HiddenColumnException, path=" + column_path);
}
- int key_len = static_cast<int>(column_key.size());
+ auto key_len = static_cast<int32_t>(column_key.size());
std::lock_guard<std::mutex> lock(mutex_);
auto aes_decryptor =
encryption::AesDecryptor::Make(algorithm_, key_len, metadata,
&all_decryptors_);
diff --git a/cpp/src/parquet/encryption/internal_file_decryptor.h
b/cpp/src/parquet/encryption/internal_file_decryptor.h
index 8af3587acf..08423de7fe 100644
--- a/cpp/src/parquet/encryption/internal_file_decryptor.h
+++ b/cpp/src/parquet/encryption/internal_file_decryptor.h
@@ -45,10 +45,10 @@ class PARQUET_EXPORT Decryptor {
void UpdateAad(const std::string& aad) { aad_ = aad; }
::arrow::MemoryPool* pool() { return pool_; }
- [[nodiscard]] int PlaintextLength(int ciphertext_len) const;
- [[nodiscard]] int CiphertextLength(int plaintext_len) const;
- int Decrypt(::arrow::util::span<const uint8_t> ciphertext,
- ::arrow::util::span<uint8_t> plaintext);
+ [[nodiscard]] int32_t PlaintextLength(int32_t ciphertext_len) const;
+ [[nodiscard]] int32_t CiphertextLength(int32_t plaintext_len) const;
+ int32_t Decrypt(::arrow::util::span<const uint8_t> ciphertext,
+ ::arrow::util::span<uint8_t> plaintext);
private:
std::shared_ptr<encryption::AesDecryptor> aes_decryptor_;
diff --git a/cpp/src/parquet/encryption/internal_file_encryptor.cc
b/cpp/src/parquet/encryption/internal_file_encryptor.cc
index 285c2100be..94094e6aca 100644
--- a/cpp/src/parquet/encryption/internal_file_encryptor.cc
+++ b/cpp/src/parquet/encryption/internal_file_encryptor.cc
@@ -35,8 +35,8 @@ int32_t Encryptor::CiphertextLength(int64_t plaintext_len)
const {
return aes_encryptor_->CiphertextLength(plaintext_len);
}
-int Encryptor::Encrypt(::arrow::util::span<const uint8_t> plaintext,
- ::arrow::util::span<uint8_t> ciphertext) {
+int32_t Encryptor::Encrypt(::arrow::util::span<const uint8_t> plaintext,
+ ::arrow::util::span<uint8_t> ciphertext) {
return aes_encryptor_->Encrypt(plaintext, str2span(key_), str2span(aad_),
ciphertext);
}
@@ -143,7 +143,7 @@
InternalFileEncryptor::InternalFileEncryptor::GetColumnEncryptor(
return encryptor;
}
-int InternalFileEncryptor::MapKeyLenToEncryptorArrayIndex(int key_len) const {
+int InternalFileEncryptor::MapKeyLenToEncryptorArrayIndex(int32_t key_len)
const {
if (key_len == 16)
return 0;
else if (key_len == 24)
@@ -155,7 +155,7 @@ int
InternalFileEncryptor::MapKeyLenToEncryptorArrayIndex(int key_len) const {
encryption::AesEncryptor* InternalFileEncryptor::GetMetaAesEncryptor(
ParquetCipher::type algorithm, size_t key_size) {
- int key_len = static_cast<int>(key_size);
+ auto key_len = static_cast<int32_t>(key_size);
int index = MapKeyLenToEncryptorArrayIndex(key_len);
if (meta_encryptor_[index] == nullptr) {
meta_encryptor_[index] = encryption::AesEncryptor::Make(algorithm,
key_len, true);
@@ -165,7 +165,7 @@ encryption::AesEncryptor*
InternalFileEncryptor::GetMetaAesEncryptor(
encryption::AesEncryptor* InternalFileEncryptor::GetDataAesEncryptor(
ParquetCipher::type algorithm, size_t key_size) {
- int key_len = static_cast<int>(key_size);
+ auto key_len = static_cast<int32_t>(key_size);
int index = MapKeyLenToEncryptorArrayIndex(key_len);
if (data_encryptor_[index] == nullptr) {
data_encryptor_[index] = encryption::AesEncryptor::Make(algorithm,
key_len, false);
diff --git a/cpp/src/parquet/encryption/internal_file_encryptor.h
b/cpp/src/parquet/encryption/internal_file_encryptor.h
index 91b6e9fe5a..5a3d743ce5 100644
--- a/cpp/src/parquet/encryption/internal_file_encryptor.h
+++ b/cpp/src/parquet/encryption/internal_file_encryptor.h
@@ -45,8 +45,8 @@ class PARQUET_EXPORT Encryptor {
[[nodiscard]] int32_t CiphertextLength(int64_t plaintext_len) const;
- int Encrypt(::arrow::util::span<const uint8_t> plaintext,
- ::arrow::util::span<uint8_t> ciphertext);
+ int32_t Encrypt(::arrow::util::span<const uint8_t> plaintext,
+ ::arrow::util::span<uint8_t> ciphertext);
bool EncryptColumnMetaData(
bool encrypted_footer,
@@ -103,7 +103,7 @@ class InternalFileEncryptor {
encryption::AesEncryptor* GetDataAesEncryptor(ParquetCipher::type algorithm,
size_t key_len);
- int MapKeyLenToEncryptorArrayIndex(int key_len) const;
+ int MapKeyLenToEncryptorArrayIndex(int32_t key_len) const;
};
} // namespace parquet
diff --git a/cpp/src/parquet/encryption/key_toolkit_internal.cc
b/cpp/src/parquet/encryption/key_toolkit_internal.cc
index 5d7925aa03..89a52a2bcd 100644
--- a/cpp/src/parquet/encryption/key_toolkit_internal.cc
+++ b/cpp/src/parquet/encryption/key_toolkit_internal.cc
@@ -53,7 +53,7 @@ std::string DecryptKeyLocally(const std::string&
encoded_encrypted_key,
static_cast<int>(master_key.size()), false,
false /*contains_length*/);
- int decrypted_key_len =
+ int32_t decrypted_key_len =
key_decryptor.PlaintextLength(static_cast<int>(encrypted_key.size()));
std::string decrypted_key(decrypted_key_len, '\0');
::arrow::util::span<uint8_t> decrypted_key_span(
diff --git a/cpp/src/parquet/metadata.cc b/cpp/src/parquet/metadata.cc
index 4f2aa6e373..423154f864 100644
--- a/cpp/src/parquet/metadata.cc
+++ b/cpp/src/parquet/metadata.cc
@@ -751,7 +751,7 @@ class FileMetaData::FileMetaDataImpl {
std::shared_ptr<Buffer> encrypted_buffer = AllocateBuffer(
file_decryptor_->pool(),
aes_encryptor->CiphertextLength(serialized_len));
- uint32_t encrypted_len = aes_encryptor->SignedFooterEncrypt(
+ int32_t encrypted_len = aes_encryptor->SignedFooterEncrypt(
serialized_data_span, str2span(key), str2span(aad), nonce,
encrypted_buffer->mutable_span_as<uint8_t>());
// Delete AES encryptor object. It was created only to verify the footer
signature.
@@ -799,7 +799,7 @@ class FileMetaData::FileMetaDataImpl {
// encrypt the footer key
std::vector<uint8_t>
encrypted_data(encryptor->CiphertextLength(serialized_len));
- int encrypted_len = encryptor->Encrypt(serialized_data_span,
encrypted_data);
+ int32_t encrypted_len = encryptor->Encrypt(serialized_data_span,
encrypted_data);
// write unencrypted footer
PARQUET_THROW_NOT_OK(dst->Write(serialized_data, serialized_len));
@@ -1672,7 +1672,7 @@ class
ColumnChunkMetaDataBuilder::ColumnChunkMetaDataBuilderImpl {
serialized_len);
std::vector<uint8_t>
encrypted_data(encryptor->CiphertextLength(serialized_len));
- int encrypted_len = encryptor->Encrypt(serialized_data_span,
encrypted_data);
+ int32_t encrypted_len = encryptor->Encrypt(serialized_data_span,
encrypted_data);
const char* temp =
const_cast<const
char*>(reinterpret_cast<char*>(encrypted_data.data()));
diff --git a/cpp/src/parquet/thrift_internal.h
b/cpp/src/parquet/thrift_internal.h
index b21b0e07af..e7bfd434c8 100644
--- a/cpp/src/parquet/thrift_internal.h
+++ b/cpp/src/parquet/thrift_internal.h
@@ -530,7 +530,7 @@ class ThriftSerializer {
auto cipher_buffer =
AllocateBuffer(encryptor->pool(),
encryptor->CiphertextLength(out_length));
::arrow::util::span<const uint8_t> out_span(out_buffer, out_length);
- int cipher_buffer_len =
+ int32_t cipher_buffer_len =
encryptor->Encrypt(out_span,
cipher_buffer->mutable_span_as<uint8_t>());
PARQUET_THROW_NOT_OK(out->Write(cipher_buffer->data(), cipher_buffer_len));
