Impala Public Jenkins has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/23373 )

Change subject: IMPALA-14385: Fix crashes using sha2() in FIPS CentOS 7
......................................................................

IMPALA-14385: Fix crashes using sha2() in FIPS CentOS 7

This commit fixes a crash in the sha2() function that occurs when
Impala is run on a FIPS enabled OS, particularly CentOS 7. Running
sha2() with 384 or 512-bit lengths would cause the impalad
to crash with an OpenSSL assertion failure:
"Low level API call to digest SHA384 forbidden in FIPS mode!"

The root cause was the direct use of low-level OpenSSL API calls
like SHA384(), SHA512(). OpenSSL 1.0 (used in RHEL/CentOS 7) is
particularly strict and forbids these calls in FIPS mode, causing
the module to terminate the process.

This patch changes to use the high-level, FIPS compliant EVP_Digest
API to perform the hash in sha2() function implementation.

Tests:
Ran sha2() in FIPS enabled CentOs 7 after the change and succeeded.
Passed exhaustive tests.

Change-Id: I694532350285534fd935c92b7a78bed91ded3cb5
Reviewed-on: http://gerrit.cloudera.org:8080/23373
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
---
M be/src/exprs/utility-functions-ir.cc
1 file changed, 18 insertions(+), 13 deletions(-)

Approvals:
  Impala Public Jenkins: Looks good to me, approved; Verified

--
To view, visit http://gerrit.cloudera.org:8080/23373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I694532350285534fd935c92b7a78bed91ded3cb5
Gerrit-Change-Number: 23373
Gerrit-PatchSet: 3
Gerrit-Owner: Yida Wu <[email protected]>
Gerrit-Reviewer: Daniel Becker <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Michael Smith <[email protected]>

Reply via email to