[ https://issues.apache.org/jira/browse/IMPALA-13592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913776#comment-17913776 ]
ASF subversion and git services commented on IMPALA-13592: ---------------------------------------------------------- Commit 99545fbf4511df76b69e58f1a4abe5e58ccfce49 in impala's branch refs/heads/master from Csaba Ringhofer [ https://gitbox.apache.org/repos/asf?p=impala.git;h=99545fbf4 ] IMPALA-13592: Set IV length before setting IV in OpenSsl Setting IV with non default length before setting the length is not correct. With newer OpenSsl (3.2) this lead to failing AES-GCM encryption (likely since https://github.com/openssl/openssl/pull/22590). The fix is to call EVP_(En/De)cryptInit_ex first without iv, then set iv length and call EVP_EncryptInit_ex again with iv (but without mode). Change-Id: I243f1d487d8ba5dc44b5cc361e041c83598d83c1 Reviewed-on: http://gerrit.cloudera.org:8080/22337 Reviewed-by: Csaba Ringhofer <csringho...@cloudera.com> Tested-by: Csaba Ringhofer <csringho...@cloudera.com> > OpenSSL rebase to 3.2 in RHEL / Rocky 9.5 breaks Impala > ------------------------------------------------------- > > Key: IMPALA-13592 > URL: https://issues.apache.org/jira/browse/IMPALA-13592 > Project: IMPALA > Issue Type: Bug > Affects Versions: Impala 4.5.0 > Reporter: Laszlo Gaal > Assignee: Csaba Ringhofer > Priority: Critical > > Impala builds on Rocky 9 (or other Red Hat 9 - compatible platforms) started > running into multiple test failures after the release of RHEL 9.5. > This release has rebased OpenSSL from 3.0.2 to 3.2.x [1], see > https://issues.redhat.com/browse/RHEL-26271. Unfortunately the stream model > adopted by RHEL means that simply installing OpenSSL (even on a nominally > older version) will give you the latest package version, i.e. 3.2.2. > Impala has clear problems with this OpenSSL release: a recent test run on > Rocky 9 shows more than 1000 failed end2end and cluster tests, caused by > Impala cluster failures (in addition to the usual BE_TESTs that need tweaking > for new OpenSSL versions). > [1] > https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/overview#overview-major-changes -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org