sweisdb opened a new pull request, #40903:
URL: https://github.com/apache/spark/pull/40903
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
https://spark.apache.org/contributing.html
2. Ensure you have added or run the appropriate tests for your PR:
https://spark.apache.org/developer-tools.html
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g.,
'[WIP][SPARK-XXXX] Your PR title ...'.
4. Be sure to keep the PR description updated to reflect all changes.
5. Please write your PR title to summarize what this PR proposes.
6. If possible, provide a concise example to reproduce the issue for a
faster review.
7. If you want to add a new configuration, please read the guideline first
for naming configurations in
'core/src/main/scala/org/apache/spark/internal/config/ConfigEntry.scala'.
8. If you want to add or modify an error type or message, please read the
guideline first in
'core/src/main/resources/error/README.md'.
-->
### What changes were proposed in this pull request?
The `aes_encrypt` support for CBC mode currently uses a key derivation
function from OpenSSL's EVP_BytesToKey to generate an initalization vector.
This is not typical. This KDF is intended to be used with a passphrase and is
discouraged from being used in general.
This change updates `aes_encrypt` to generate a radnom initialization vector
and prepend it to the ciphertext. This is identical to how the existing GCM
mode works.
### Why are the changes needed?
We want to have the ciphertext output similar across different modes. We
don't want CBC to use a rarely-used, out of date KDF to derive an
initialization vector. Rather, we will generate a random vector.
### Does this PR introduce _any_ user-facing change?
Not immediately. AES CBC support is landed, but in development.
### How was this patch tested?
A new unit test in `DataFrameFunctionsSuite` was added to test both GCM and
CBC modes. Also, a new standalone unit test suite was added in
`ExpressionImplUtilsSuite` to test all the modes and various key lengths.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
