[
https://issues.apache.org/jira/browse/IMPALA-7018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472815#comment-16472815
]
Tim Armstrong commented on IMPALA-7018:
---------------------------------------
It looks like the first call to EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_GCM_SET_IVLEN, AES_BLOCK_SIZE, NULL) returns an error and is a no-op -
I think it is called in the wrong sequence. I think the implication of this is
that we use the default block size of 12 instead of the block size of 16.
> OpenSSL pending errors not cleared when spill-to-disk encryption is enabled
> ---------------------------------------------------------------------------
>
> Key: IMPALA-7018
> URL: https://issues.apache.org/jira/browse/IMPALA-7018
> Project: IMPALA
> Issue Type: Improvement
> Components: Backend
> Affects Versions: Impala 2.13.0, Impala 3.1.0
> Reporter: Tim Armstrong
> Assignee: Tim Armstrong
> Priority: Critical
>
> Hit DCHECK because of OpenSSL pending errors in my precommit job for enabling
> disk spill encryption by default:
> https://jenkins.impala.io/job/ubuntu-16.04-from-scratch/212
> {noformat}
> F0509 19:35:46.537220 33290 openssl_util.h:201] Check failed:
> ERR_peek_error() == 0 (101171331 vs. 0) Expected no pending OpenSSL errors on
> kudu::Status
> kudu::security::TlsContext::InitiateHandshake(kudu::security::TlsHandshakeType,
> kudu::security::TlsHandshake*) const entry, but had: error:0607C083:digital
> envelope routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 eF0509 19:35:46.537292 33290 openssl_util.h:201] Check
> failed: ERR_peek_error() == 0 (101171331 vs. 0) Expected no pending OpenSSL
> errors on kudu::Status
> kudu::security::TlsContext::InitiateHandshake(kudu::security::TlsHandshakeType,
> kudu::security::TlsHandshake*) const entry, but had: error:0607C083:digital
> envelope routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher
> set:evp_enc.c:610 error:0607C083:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
