Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/23373 )
Change subject: IMPALA-14385: Fix crashes using sha2() in FIPS CentOS 7 ...................................................................... IMPALA-14385: Fix crashes using sha2() in FIPS CentOS 7 This commit fixes a crash in the sha2() function that occurs when Impala is run on a FIPS enabled OS, particularly CentOS 7. Running sha2() with 384 or 512-bit lengths would cause the impalad to crash with an OpenSSL assertion failure: "Low level API call to digest SHA384 forbidden in FIPS mode!" The root cause was the direct use of low-level OpenSSL API calls like SHA384(), SHA512(). OpenSSL 1.0 (used in RHEL/CentOS 7) is particularly strict and forbids these calls in FIPS mode, causing the module to terminate the process. This patch changes to use the high-level, FIPS compliant EVP_Digest API to perform the hash in sha2() function implementation. Tests: Ran sha2() in FIPS enabled CentOs 7 after the change and succeeded. Passed exhaustive tests. Change-Id: I694532350285534fd935c92b7a78bed91ded3cb5 Reviewed-on: http://gerrit.cloudera.org:8080/23373 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/exprs/utility-functions-ir.cc 1 file changed, 18 insertions(+), 13 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/23373 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I694532350285534fd935c92b7a78bed91ded3cb5 Gerrit-Change-Number: 23373 Gerrit-PatchSet: 3 Gerrit-Owner: Yida Wu <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]>
