[ 
https://issues.apache.org/jira/browse/IMPALA-13592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913776#comment-17913776
 ] 

ASF subversion and git services commented on IMPALA-13592:
----------------------------------------------------------

Commit 99545fbf4511df76b69e58f1a4abe5e58ccfce49 in impala's branch 
refs/heads/master from Csaba Ringhofer
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=99545fbf4 ]

IMPALA-13592: Set IV length before setting IV in OpenSsl

Setting IV with non default length before setting the length
is not correct. With newer OpenSsl (3.2) this lead to failing
AES-GCM encryption
(likely since https://github.com/openssl/openssl/pull/22590).

The fix is to call EVP_(En/De)cryptInit_ex first without iv,
then set iv length and call EVP_EncryptInit_ex again with iv
(but without mode).

Change-Id: I243f1d487d8ba5dc44b5cc361e041c83598d83c1
Reviewed-on: http://gerrit.cloudera.org:8080/22337
Reviewed-by: Csaba Ringhofer <csringho...@cloudera.com>
Tested-by: Csaba Ringhofer <csringho...@cloudera.com>


> OpenSSL rebase to 3.2 in RHEL / Rocky 9.5 breaks Impala
> -------------------------------------------------------
>
>                 Key: IMPALA-13592
>                 URL: https://issues.apache.org/jira/browse/IMPALA-13592
>             Project: IMPALA
>          Issue Type: Bug
>    Affects Versions: Impala 4.5.0
>            Reporter: Laszlo Gaal
>            Assignee: Csaba Ringhofer
>            Priority: Critical
>
> Impala builds on Rocky 9 (or other Red Hat 9 - compatible platforms) started 
> running into multiple test failures after the release of RHEL 9.5.
> This release has rebased OpenSSL from 3.0.2 to 3.2.x [1], see 
> https://issues.redhat.com/browse/RHEL-26271. Unfortunately the stream model 
> adopted by RHEL means that simply installing OpenSSL (even on a nominally 
> older version) will give you the latest package version, i.e. 3.2.2.
> Impala has clear problems with this OpenSSL release: a recent test run on 
> Rocky 9 shows more than 1000 failed end2end and cluster tests, caused by 
> Impala cluster failures (in addition to the usual BE_TESTs that need tweaking 
> for new OpenSSL versions).
> [1] 
> https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/overview#overview-major-changes



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to