Daniel Becker created IMPALA-14052:
--------------------------------------
Summary: DCHECK with GCM in aes_decrypt()
Key: IMPALA-14052
URL: https://issues.apache.org/jira/browse/IMPALA-14052
Project: IMPALA
Issue Type: Bug
Components: Backend
Reporter: Daniel Becker
If aes_decrypt() is called with GCM mode and a ciphertext that is shorter than
AES_BLOCK_SIZE, Impala hits a DCHECK and crashes. Note that this input is
invalid because the GCM tag is AES_BLOCK SIZE long, so the ciphertext should be
at least this long, but we should return an error message instead of crashing.
The cause is that during decryption we deduct AES_BLOCK_SIZE from the length of
the ciphertext to get the part without the GCM tag, and in the above case the
length becomes negative.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
