[jira] [Commented] (IMPALA-7018) OpenSSL pending errors not cleared when spill-to-disk encryption is enabled

Tue, 15 May 2018 19:54:28 -0700 

    [ 
https://issues.apache.org/jira/browse/IMPALA-7018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16476763#comment-16476763
 ] 

ASF subversion and git services commented on IMPALA-7018:
---------------------------------------------------------

Commit 5e32c08385e935068b7a2b16e4448b0ad2ab4678 in impala's branch 
refs/heads/2.x from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=impala.git;h=5e32c08 ]

IMPALA-7018: fix spill-to-disk encryption err handling

The EVP_CIPHER_CTX_ctrl() function was being misused:
1. It was called before initialising the context
2. Errors were not being handled (including the error from #1)

Testing:
Added some checks to assert that the OpenSSL error queue is empty.

Change-Id: I054a5e76df51b293f4728d30fd3b3cd7640624fb
Reviewed-on: http://gerrit.cloudera.org:8080/10385
Reviewed-by: Tim Armstrong <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>


> OpenSSL pending errors not cleared when spill-to-disk encryption is enabled
> ---------------------------------------------------------------------------
>
>                 Key: IMPALA-7018
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7018
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Backend
>    Affects Versions: Impala 2.13.0, Impala 3.1.0
>            Reporter: Tim Armstrong
>            Assignee: Tim Armstrong
>            Priority: Critical
>              Labels: crash
>             Fix For: Impala 2.13.0, Impala 3.1.0
>
>
> Hit DCHECK because of OpenSSL pending errors in my precommit job for enabling 
> disk spill encryption by default: 
> https://jenkins.impala.io/job/ubuntu-16.04-from-scratch/212
> {noformat}
> F0509 19:35:46.537220 33290 openssl_util.h:201] Check failed: 
> ERR_peek_error() == 0 (101171331 vs. 0) Expected no pending OpenSSL errors on 
> kudu::Status 
> kudu::security::TlsContext::InitiateHandshake(kudu::security::TlsHandshakeType,
>  kudu::security::TlsHandshake*) const entry, but had: error:0607C083:digital 
> envelope routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 eF0509 19:35:46.537292 33290 openssl_util.h:201] Check 
> failed: ERR_peek_error() == 0 (101171331 vs. 0) Expected no pending OpenSSL 
> errors on kudu::Status 
> kudu::security::TlsContext::InitiateHandshake(kudu::security::TlsHandshakeType,
>  kudu::security::TlsHandshake*) const entry, but had: error:0607C083:digital 
> envelope routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610 
> error:0607C083:digital envelope routines:EVP_CIPHER_CTX_ctrl:no cipher 
> set:evp_enc.c:610 error:0607C083:digital envelope 
> routines:EVP_CIPHER_CTX_ctrl:no cipher set:evp_enc.c:610
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to