Peter Rozsa created IMPALA-14754:
------------------------------------
Summary: AES cipher mode selection is bound to PCLMULQDQ
Key: IMPALA-14754
URL: https://issues.apache.org/jira/browse/IMPALA-14754
Project: IMPALA
Issue Type: Bug
Components: Backend
Reporter: Peter Rozsa
Assignee: Pranav Yogi Lodha
EncryptionKey::IsModeSupported checks for
PCLMULQDQ CPU capability, even on an ARM platform, that makes
'test_encryption_exprs' fail on ARM, by throwing an error that shows
AES_256_GCM is not supported on that version of OpenSSL, even though the oldest
version of supported ARM platforms support AES_256_GCM.
By checking the source for OpenSSL 1.1.1, there's a hardware-accelerated
solution for GHASH (which is required for AES_256_GCM)
([https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/modes/asm/ghashv8-armx.pl|https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/modes/asm/ghashv8-armx.pl)])
and it's building on PMULL ARM capability.
To resolve this issue, Impala should check for PMULL capability as well, but it
will introduce different default mode selection for different purposes:
IsModeSupported is called for spill encryption and for aes_*crypt UDFs as well,
and it should be decoupled to make the UDFs consistent across platforms.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
