You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@spark.apache.org by "sweisdb (via GitHub)" <gi...@apache.org> on 2023/04/26 22:47:59 UTC
[GitHub] [spark] sweisdb opened a new pull request, #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
sweisdb opened a new pull request, #40969:
URL: https://github.com/apache/spark/pull/40969
### What changes were proposed in this pull request?
The current implementation of AES-CBC mode called via `aes_encrypt` and `aes_decrypt` uses a key derivation function (KDF) based on OpenSSL's [EVP_BytesToKey](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html). This is intended for generating keys based on passwords and OpenSSL's documents discourage its use: "Newer applications should use a more modern algorithm".
`aes_encrypt` and `aes_decrypt` should use the key directly in CBC mode, as it does for both GCM and ECB mode. The output should then be the initialization vector (IV) prepended to the ciphertext – as is done with GCM mode:
`[16-byte randomly generated IV | AES-CBC encrypted ciphertext]`
### Why are the changes needed?
We want to have the ciphertext output similar across different modes. OpenSSL's EVP_BytesToKey is effectively deprecated and their own documentation says not to use it. Instead, CBC mode will generate a random vector.
### Does this PR introduce _any_ user-facing change?
AES-CBC output generated by the previous format will be incompatible with this change. That change was recently landed and we want to land this before CBC mode is used in practice.
### How was this patch tested?
A new unit test in `DataFrameFunctionsSuite` was added to test both GCM and CBC modes. Also, a new standalone unit test suite was added in `ExpressionImplUtilsSuite` to test all the modes and various key lengths.
```
build/sbt "sql/test:testOnly org.apache.spark.sql.DataFrameFunctionsSuite"
build/sbt "sql/test:testOnly org.apache.spark.sql.catalyst.expressions.ExpressionImplUtilsSuite"
```
CBC values can be verified with `openssl enc` using the following command:
```
echo -n "[INPUT]" | openssl enc -a -e -aes-256-cbc -iv [HEX IV] -K [HEX KEY]
echo -n "Spark" | openssl enc -a -e -aes-256-cbc -iv f8c832cc9c61bac6151960a58e4edf86 -K 6162636465666768696a6b6c6d6e6f7031323334353637384142434445464748
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] MaxGekk commented on a diff in pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "MaxGekk (via GitHub)" <gi...@apache.org>.
MaxGekk commented on code in PR #40969:
URL: https://github.com/apache/spark/pull/40969#discussion_r1182229918
##########
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java:
##########
@@ -26,27 +26,59 @@
import javax.crypto.spec.SecretKeySpec;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
-import java.util.Arrays;
+import java.security.spec.AlgorithmParameterSpec;
-import static java.nio.charset.StandardCharsets.US_ASCII;
/**
* An utility class for constructing expressions.
*/
public class ExpressionImplUtils {
- private static final SecureRandom secureRandom = new SecureRandom();
+ private static final ThreadLocal<SecureRandom> threadLocalSecureRandom =
+ new ThreadLocal<SecureRandom>() {
+ @Override
+ public SecureRandom initialValue() {
+ return new SecureRandom();
+ }
+ };
+
private static final int GCM_IV_LEN = 12;
private static final int GCM_TAG_LEN = 128;
-
private static final int CBC_IV_LEN = 16;
- private static final int CBC_SALT_LEN = 8;
- /** OpenSSL's magic initial bytes. */
- private static final String SALTED_STR = "Salted__";
- private static final byte[] SALTED_MAGIC = SALTED_STR.getBytes(US_ASCII);
+ enum CipherMode {
+ ECB("ECB", 0, 0, "AES/ECB/PKCS5Padding", false),
+ CBC("CBC", CBC_IV_LEN, 0, "AES/CBC/PKCS5Padding", true),
+ GCM("GCM", GCM_IV_LEN, GCM_TAG_LEN, "AES/GCM/NoPadding", true);
+
+ private final String name;
Review Comment:
Is the name used somewhere? If not, let's remove it.
##########
sql/core/src/test/scala/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtilsSuite.scala:
##########
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.catalyst.expressions
+
+import org.apache.spark.SparkFunSuite
+import org.apache.spark.unsafe.types.UTF8String
+
+
Review Comment:
nit: remove the empty line.
##########
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java:
##########
@@ -85,85 +117,68 @@ public static byte[] aesDecrypt(byte[] input, byte[] key, UTF8String mode, UTF8S
return aesInternal(input, key, mode.toString(), padding.toString(), Cipher.DECRYPT_MODE);
}
+ private static SecretKeySpec getSecretKeySpec(byte[] key) {
+ switch (key.length) {
+ case 16: case 24: case 32:
+ return new SecretKeySpec(key, 0, key.length, "AES");
+ default:
+ throw QueryExecutionErrors.invalidAesKeyLengthError(key.length);
+ }
+ }
+
+ private static byte[] generateIv(CipherMode mode) {
+ byte[] iv = new byte[mode.ivLength];
+ threadLocalSecureRandom.get().nextBytes(iv);
+ return iv;
+ }
+
+ private static AlgorithmParameterSpec getParamSpec(CipherMode mode, byte[] input, int offset) {
+ switch (mode) {
+ case CBC:
+ return new IvParameterSpec(input, offset, mode.ivLength);
+ case GCM:
+ return new GCMParameterSpec(mode.tagLength, input, offset, mode.ivLength);
+ default:
+ return null;
+ }
+ }
+
private static byte[] aesInternal(
byte[] input,
byte[] key,
String mode,
String padding,
int opmode) {
- SecretKeySpec secretKey;
-
- switch (key.length) {
- case 16:
- case 24:
- case 32:
- secretKey = new SecretKeySpec(key, 0, key.length, "AES");
- break;
- default:
- throw QueryExecutionErrors.invalidAesKeyLengthError(key.length);
- }
-
try {
- if (mode.equalsIgnoreCase("ECB") &&
- (padding.equalsIgnoreCase("PKCS") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- cipher.init(opmode, secretKey);
- return cipher.doFinal(input, 0, input.length);
- } else if (mode.equalsIgnoreCase("GCM") &&
- (padding.equalsIgnoreCase("NONE") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
- if (opmode == Cipher.ENCRYPT_MODE) {
- byte[] iv = new byte[GCM_IV_LEN];
- secureRandom.nextBytes(iv);
- GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LEN, iv);
- cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec);
- byte[] encrypted = cipher.doFinal(input, 0, input.length);
+ SecretKeySpec secretKey = getSecretKeySpec(key);
+ CipherMode cipherMode = CipherMode.fromString(mode, padding);
+ Cipher cipher = Cipher.getInstance(cipherMode.transformation);
+ if (opmode == Cipher.ENCRYPT_MODE) {
+ // This IV will be 0-length for ECB
+ byte[] iv = generateIv(cipherMode);
+ if (cipherMode.usesSpec) {
+ AlgorithmParameterSpec algSpec = getParamSpec(cipherMode, iv, 0);
+ cipher.init(opmode, secretKey, algSpec);
+ } else {
+ cipher.init(opmode, secretKey);
+ }
+ byte[] encrypted = cipher.doFinal(input, 0, input.length);
+ if (iv.length > 0) {
ByteBuffer byteBuffer = ByteBuffer.allocate(iv.length + encrypted.length);
byteBuffer.put(iv);
byteBuffer.put(encrypted);
return byteBuffer.array();
} else {
- assert(opmode == Cipher.DECRYPT_MODE);
- GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LEN, input, 0, GCM_IV_LEN);
- cipher.init(Cipher.DECRYPT_MODE, secretKey, parameterSpec);
- return cipher.doFinal(input, GCM_IV_LEN, input.length - GCM_IV_LEN);
+ return encrypted;
}
- } else if (mode.equalsIgnoreCase("CBC") &&
- (padding.equalsIgnoreCase("PKCS") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
- if (opmode == Cipher.ENCRYPT_MODE) {
- byte[] salt = new byte[CBC_SALT_LEN];
- secureRandom.nextBytes(salt);
- final byte[] keyAndIv = getKeyAndIv(key, salt);
- final byte[] keyValue = Arrays.copyOfRange(keyAndIv, 0, key.length);
- final byte[] iv = Arrays.copyOfRange(keyAndIv, key.length, key.length + CBC_IV_LEN);
- cipher.init(
- Cipher.ENCRYPT_MODE,
- new SecretKeySpec(keyValue, "AES"),
- new IvParameterSpec(iv));
- byte[] encrypted = cipher.doFinal(input, 0, input.length);
- ByteBuffer byteBuffer = ByteBuffer.allocate(
- SALTED_MAGIC.length + CBC_SALT_LEN + encrypted.length);
- byteBuffer.put(SALTED_MAGIC);
- byteBuffer.put(salt);
- byteBuffer.put(encrypted);
- return byteBuffer.array();
+ } else if (opmode == Cipher.DECRYPT_MODE) {
Review Comment:
We pass `opmode` here in the file above, so, let's replace this `else if` by `else` and add an assert.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] sweisdb commented on a diff in pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "sweisdb (via GitHub)" <gi...@apache.org>.
sweisdb commented on code in PR #40969:
URL: https://github.com/apache/spark/pull/40969#discussion_r1183127444
##########
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java:
##########
@@ -85,85 +117,68 @@ public static byte[] aesDecrypt(byte[] input, byte[] key, UTF8String mode, UTF8S
return aesInternal(input, key, mode.toString(), padding.toString(), Cipher.DECRYPT_MODE);
}
+ private static SecretKeySpec getSecretKeySpec(byte[] key) {
+ switch (key.length) {
+ case 16: case 24: case 32:
+ return new SecretKeySpec(key, 0, key.length, "AES");
+ default:
+ throw QueryExecutionErrors.invalidAesKeyLengthError(key.length);
+ }
+ }
+
+ private static byte[] generateIv(CipherMode mode) {
+ byte[] iv = new byte[mode.ivLength];
+ threadLocalSecureRandom.get().nextBytes(iv);
+ return iv;
+ }
+
+ private static AlgorithmParameterSpec getParamSpec(CipherMode mode, byte[] input, int offset) {
+ switch (mode) {
+ case CBC:
+ return new IvParameterSpec(input, offset, mode.ivLength);
+ case GCM:
+ return new GCMParameterSpec(mode.tagLength, input, offset, mode.ivLength);
+ default:
+ return null;
+ }
+ }
+
private static byte[] aesInternal(
byte[] input,
byte[] key,
String mode,
String padding,
int opmode) {
- SecretKeySpec secretKey;
-
- switch (key.length) {
- case 16:
- case 24:
- case 32:
- secretKey = new SecretKeySpec(key, 0, key.length, "AES");
- break;
- default:
- throw QueryExecutionErrors.invalidAesKeyLengthError(key.length);
- }
-
try {
- if (mode.equalsIgnoreCase("ECB") &&
- (padding.equalsIgnoreCase("PKCS") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
- cipher.init(opmode, secretKey);
- return cipher.doFinal(input, 0, input.length);
- } else if (mode.equalsIgnoreCase("GCM") &&
- (padding.equalsIgnoreCase("NONE") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
- if (opmode == Cipher.ENCRYPT_MODE) {
- byte[] iv = new byte[GCM_IV_LEN];
- secureRandom.nextBytes(iv);
- GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LEN, iv);
- cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec);
- byte[] encrypted = cipher.doFinal(input, 0, input.length);
+ SecretKeySpec secretKey = getSecretKeySpec(key);
+ CipherMode cipherMode = CipherMode.fromString(mode, padding);
+ Cipher cipher = Cipher.getInstance(cipherMode.transformation);
+ if (opmode == Cipher.ENCRYPT_MODE) {
+ // This IV will be 0-length for ECB
+ byte[] iv = generateIv(cipherMode);
+ if (cipherMode.usesSpec) {
+ AlgorithmParameterSpec algSpec = getParamSpec(cipherMode, iv, 0);
+ cipher.init(opmode, secretKey, algSpec);
+ } else {
+ cipher.init(opmode, secretKey);
+ }
+ byte[] encrypted = cipher.doFinal(input, 0, input.length);
+ if (iv.length > 0) {
ByteBuffer byteBuffer = ByteBuffer.allocate(iv.length + encrypted.length);
byteBuffer.put(iv);
byteBuffer.put(encrypted);
return byteBuffer.array();
} else {
- assert(opmode == Cipher.DECRYPT_MODE);
- GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LEN, input, 0, GCM_IV_LEN);
- cipher.init(Cipher.DECRYPT_MODE, secretKey, parameterSpec);
- return cipher.doFinal(input, GCM_IV_LEN, input.length - GCM_IV_LEN);
+ return encrypted;
}
- } else if (mode.equalsIgnoreCase("CBC") &&
- (padding.equalsIgnoreCase("PKCS") || padding.equalsIgnoreCase("DEFAULT"))) {
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
- if (opmode == Cipher.ENCRYPT_MODE) {
- byte[] salt = new byte[CBC_SALT_LEN];
- secureRandom.nextBytes(salt);
- final byte[] keyAndIv = getKeyAndIv(key, salt);
- final byte[] keyValue = Arrays.copyOfRange(keyAndIv, 0, key.length);
- final byte[] iv = Arrays.copyOfRange(keyAndIv, key.length, key.length + CBC_IV_LEN);
- cipher.init(
- Cipher.ENCRYPT_MODE,
- new SecretKeySpec(keyValue, "AES"),
- new IvParameterSpec(iv));
- byte[] encrypted = cipher.doFinal(input, 0, input.length);
- ByteBuffer byteBuffer = ByteBuffer.allocate(
- SALTED_MAGIC.length + CBC_SALT_LEN + encrypted.length);
- byteBuffer.put(SALTED_MAGIC);
- byteBuffer.put(salt);
- byteBuffer.put(encrypted);
- return byteBuffer.array();
+ } else if (opmode == Cipher.DECRYPT_MODE) {
Review Comment:
Makes sense. Will do.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] MaxGekk closed pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "MaxGekk (via GitHub)" <gi...@apache.org>.
MaxGekk closed pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
URL: https://github.com/apache/spark/pull/40969
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] sweisdb commented on pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "sweisdb (via GitHub)" <gi...@apache.org>.
sweisdb commented on PR #40969:
URL: https://github.com/apache/spark/pull/40969#issuecomment-1536807767
> @sweisdb Could you remove the error class `AES_SALTED_MAGIC` from `error-classes.json`, and related function `aesInvalidSalt()` + the test "INVALID_PARAMETER_VALUE.AES_SALTED_MAGIC: AES decrypt failure - invalid salt"
Updated to address this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] sweisdb commented on a diff in pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "sweisdb (via GitHub)" <gi...@apache.org>.
sweisdb commented on code in PR #40969:
URL: https://github.com/apache/spark/pull/40969#discussion_r1183127684
##########
sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java:
##########
@@ -26,27 +26,59 @@
import javax.crypto.spec.SecretKeySpec;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
-import java.util.Arrays;
+import java.security.spec.AlgorithmParameterSpec;
-import static java.nio.charset.StandardCharsets.US_ASCII;
/**
* An utility class for constructing expressions.
*/
public class ExpressionImplUtils {
- private static final SecureRandom secureRandom = new SecureRandom();
+ private static final ThreadLocal<SecureRandom> threadLocalSecureRandom =
+ new ThreadLocal<SecureRandom>() {
+ @Override
+ public SecureRandom initialValue() {
+ return new SecureRandom();
+ }
+ };
+
private static final int GCM_IV_LEN = 12;
private static final int GCM_TAG_LEN = 128;
-
private static final int CBC_IV_LEN = 16;
- private static final int CBC_SALT_LEN = 8;
- /** OpenSSL's magic initial bytes. */
- private static final String SALTED_STR = "Salted__";
- private static final byte[] SALTED_MAGIC = SALTED_STR.getBytes(US_ASCII);
+ enum CipherMode {
+ ECB("ECB", 0, 0, "AES/ECB/PKCS5Padding", false),
+ CBC("CBC", CBC_IV_LEN, 0, "AES/CBC/PKCS5Padding", true),
+ GCM("GCM", GCM_IV_LEN, GCM_TAG_LEN, "AES/GCM/NoPadding", true);
+
+ private final String name;
Review Comment:
I updated the switch statement below to use these values.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] MaxGekk commented on pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "MaxGekk (via GitHub)" <gi...@apache.org>.
MaxGekk commented on PR #40969:
URL: https://github.com/apache/spark/pull/40969#issuecomment-1539725033
+1, LGTM. Merging to master.
Thank you, @sweisdb.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] sweisdb commented on a diff in pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "sweisdb (via GitHub)" <gi...@apache.org>.
sweisdb commented on code in PR #40969:
URL: https://github.com/apache/spark/pull/40969#discussion_r1183128808
##########
sql/core/src/test/scala/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtilsSuite.scala:
##########
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.catalyst.expressions
+
+import org.apache.spark.SparkFunSuite
+import org.apache.spark.unsafe.types.UTF8String
+
+
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] sweisdb commented on pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "sweisdb (via GitHub)" <gi...@apache.org>.
sweisdb commented on PR #40969:
URL: https://github.com/apache/spark/pull/40969#issuecomment-1539009810
@MaxGekk Sure, that worked and it's all green now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] MaxGekk commented on pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "MaxGekk (via GitHub)" <gi...@apache.org>.
MaxGekk commented on PR #40969:
URL: https://github.com/apache/spark/pull/40969#issuecomment-1537132762
@sweisdb Could you re-trigger GitHub actions, please. Highly likely the failure of the test org.apache.spark.storage.BlockManagerBasicStrategyReplicationSuite is not related to your changes but just in case let's re-run all tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] MaxGekk commented on pull request #40969: [SPARK-43286][SQL] Updates aes_encrypt CBC mode to generate random IVs
Posted by "MaxGekk (via GitHub)" <gi...@apache.org>.
MaxGekk commented on PR #40969:
URL: https://github.com/apache/spark/pull/40969#issuecomment-1539729811
@sweisdb Congratulations with your first contribution to Apache Spark!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org