[kudu-CR] [util] fix at-rest {en,de}cryption for OpenSSL 3

Tue, 20 Jun 2023 16:25:35 -0700 

Alexey Serbin has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/20100 )

Change subject: [util] fix at-rest {en,de}cryption for OpenSSL 3
......................................................................

[util] fix at-rest {en,de}cryption for OpenSSL 3

It seems that with OpenSSL 3.0 padding is enabled by default [1].
However, the code in env-posix.cc was relying on an incorrect assumption
that the padding would be always disabled for AES-CTR ciphers, and there
were no calls to EVP_{En,De}cryptFinal_ex() in Do{En,De}cryptV()
correspondingly.

This patch addresses the issue, disabling padding for the cipher
context explicitly. I also updated the order of the expected/actual
arguments for ASSERT_EQ() because the error message was a bit hard
to read and comprehend if the corresponding test failed.

The motivation for this patch were reports on failed env-test if built
and run on RHEL9.

Probably, adding calls to EVP_{En,De}cryptFinal_ex() into
Do{En,De}cryptV() and making sure they return nothing would be a good
invariant to check in DEBUG builds.  I added corresponding TODOs in the
code since it's better to address that in a separate patch.

This is a follow-up to de02a34390f9bdb722be39f96ef9ad9573c0eeeb.

[1] https://www.openssl.org/docs/man3.0/man3/EVP_EncryptUpdate.html

Change-Id: Ia49a51488a0a39953249f24598daa8219583d575
Reviewed-on: http://gerrit.cloudera.org:8080/20100
Reviewed-by: Attila Bukor <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
---
M src/kudu/util/env-test.cc
M src/kudu/util/env_posix.cc
2 files changed, 22 insertions(+), 12 deletions(-)

Approvals:
  Attila Bukor: Looks good to me, approved
  Alexey Serbin: Verified

--
To view, visit http://gerrit.cloudera.org:8080/20100
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia49a51488a0a39953249f24598daa8219583d575
Gerrit-Change-Number: 20100
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Marton Greber <[email protected]>

Reply via email to