Csaba Ringhofer has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/22337 )
Change subject: IMPALA-13592: Set IV length before setting IV in OpenSsl ...................................................................... IMPALA-13592: Set IV length before setting IV in OpenSsl Setting IV with non default length before setting the length is not correct. With newer OpenSsl (3.2) this lead to failing AES-GCM encryption (likely since https://github.com/openssl/openssl/pull/22590). The fix is to call EVP_(En/De)cryptInit_ex first without iv, then set iv length and call EVP_EncryptInit_ex again with iv (but without mode). Change-Id: I243f1d487d8ba5dc44b5cc361e041c83598d83c1 Reviewed-on: http://gerrit.cloudera.org:8080/22337 Reviewed-by: Csaba Ringhofer <[email protected]> Tested-by: Csaba Ringhofer <[email protected]> --- M be/src/util/openssl-util.cc 1 file changed, 8 insertions(+), 2 deletions(-) Approvals: Csaba Ringhofer: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/22337 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I243f1d487d8ba5dc44b5cc361e041c83598d83c1 Gerrit-Change-Number: 22337 Gerrit-PatchSet: 4 Gerrit-Owner: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
