Csaba Ringhofer has posted comments on this change. ( http://gerrit.cloudera.org:8080/20447 )
Change subject: IMPALA-13039: AES Encryption/ Decryption Support in Impala ...................................................................... Patch Set 36: Code-Review+1 (9 comments) lgtm, just a couple of nits http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/exprs/string-functions-ir.cc File be/src/exprs/string-functions-ir.cc: http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/exprs/string-functions-ir.cc@1937 PS36, Line 1937: void StringFunctions::AesPrepare(FunctionContext* context, It could be noted that the state is simply a bool used to reduce log spew http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/exprs/string-functions.cc File be/src/exprs/string-functions.cc: http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/exprs/string-functions.cc@441 PS36, Line 441: StringPiece : (reinterpret_cast<const char*>(mode.ptr), mode.len)) nit: There is a utility function to create an std::string from StringVal: https://github.com/apache/impala/blob/988d353e02430731a212371ad3c37310ad58a07a/be/src/exprs/anyval-util.h#L236 http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util-test.cc File be/src/util/openssl-util-test.cc: http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util-test.cc@81 PS36, Line 81: if (m == AES_CIPHER_MODE::AES_256_GCM || m == AES_CIPHER_MODE::AES_256_CTR || : m == AES_CIPHER_MODE::AES_256_CFB || m == AES_CIPHER_MODE::AES_256_EC nit: The same logic is used in line 129 - there could be some function that returns key len from AES_CIPHER_MODE http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc File be/src/util/openssl-util.cc: http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc@a234 PS36, Line 234: please don't remove this comment http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc@270 PS36, Line 270: ScopedEVPCipherCtx ctx(padding_flag); This is not new code, but I don't get why EVP_CIPHER_CTX_set_padding() is called in ScopedEVPCipherCtx, as it doesn't use the scoping behavior. http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc@287 PS36, Line 287: nullptr): EVP_DecryptInit_ex(ctx.ctx, evpCipher, nit: would be nice to EVP_EncryptInit_ex/EVP_DecryptInit_ex to be in different lines, e.g. by breaking after ? http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc@314 PS36, Line 314: EVP_EncryptUpdate(ctx.ctx, out + output_offset, &output_len, : data + input_offset, in_len) : EVP_DecryptUpdate(ctx.ctx, : out + output_offset, &output_len, data + input_offset, in_len); nit: would be more readable by breaking after EVP_EncryptUpdate - it could fit to less line by moving out + output_offset / data + input_offset to some variable http://gerrit.cloudera.org:8080/#/c/20447/36/be/src/util/openssl-util.cc@335 PS36, Line 335: EVP_DecryptFinal_ex Same as for other encrypy : ? blocks http://gerrit.cloudera.org:8080/#/c/20447/36/common/function-registry/impala_functions.py File common/function-registry/impala_functions.py: http://gerrit.cloudera.org:8080/#/c/20447/36/common/function-registry/impala_functions.py@525 PS36, Line 525: nit: extra line -- To view, visit http://gerrit.cloudera.org:8080/20447 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I3902f2b1d95da4d06995cbd687e79c48e16190c9 Gerrit-Change-Number: 20447 Gerrit-PatchSet: 36 Gerrit-Owner: Pranav Lodha <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Kurt Deschler <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Reviewer: Noemi Pap-Takacs <[email protected]> Gerrit-Reviewer: Pranav Lodha <[email protected]> Gerrit-Comment-Date: Mon, 27 Jan 2025 11:02:13 +0000 Gerrit-HasComments: Yes
