Yida Wu created IMPALA-14385:
--------------------------------
Summary: Sha2() with 384/512 bit can fail in FIPS mode
Key: IMPALA-14385
URL: https://issues.apache.org/jira/browse/IMPALA-14385
Project: IMPALA
Issue Type: Bug
Reporter: Yida Wu
Assignee: Yida Wu
SHA2 with 384 or 512 bit length should work in FIPS mode, however impalad could
hit the assertion to crash running sha2() function in FIPS mode with the
following error message:
{code:java}
sha512.c(63): OpenSSL internal error, assertion failed: Low level API call to
digest SHA384 forbidden in FIPS mode!
{code}
The issue can be reproduced in OS centos79fips with OpenSSL 1.0.2zd-fips, but
it doesn’t have the same issue in OS redhat810fips with OpenSSL 1.1.1k FIPS.
Running below sqls in impala shell can trigger the issue.
{code:java}
select sha2('test', 512);
{code}
or
{code:java}
select sha2('test', 384);
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
