[
https://issues.apache.org/jira/browse/IMPALA-14754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Smith resolved IMPALA-14754.
------------------------------------
Fix Version/s: Impala 5.0.0
Resolution: Fixed
> AES cipher mode selection is bound to PCLMULQDQ
> -----------------------------------------------
>
> Key: IMPALA-14754
> URL: https://issues.apache.org/jira/browse/IMPALA-14754
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Peter Rozsa
> Assignee: Pranav Yogi Lodha
> Priority: Major
> Fix For: Impala 5.0.0
>
>
> EncryptionKey::IsModeSupported checks for
> PCLMULQDQ CPU capability, even on an ARM platform, that makes
> 'test_encryption_exprs' fail on ARM, by throwing an error that shows
> AES_256_GCM is not supported on that version of OpenSSL, even though the
> oldest version of supported ARM platforms support AES_256_GCM.
>
> By checking the source for OpenSSL 1.1.1, there's a hardware-accelerated
> solution for GHASH (which is required for AES_256_GCM)
> ([https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/modes/asm/ghashv8-armx.pl|https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/modes/asm/ghashv8-armx.pl)])
> and it's building on PMULL ARM capability.
> To resolve this issue, Impala should check for PMULL capability as well, but
> it will introduce different default mode selection for different purposes:
> IsModeSupported is called for spill encryption and for aes_*crypt UDFs as
> well, and it should be decoupled to make the UDFs consistent across
> platforms.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
