You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2022/03/01 05:30:02 UTC

[GitHub] [incubator-doris] yangzhg opened a new pull request #8277: [fix] fix a bug of encryption function with iv may return wrong result

yangzhg opened a new pull request #8277:
URL: https://github.com/apache/incubator-doris/pull/8277


   # Proposed changes
   
   Issue Number: close #8276
   
   ## Problem Summary:
   
   this bug is caused by the iv should be the same length of blockļ¼Œ so if iv is less than block we should pad some char to the length
   
   ## Checklist(Required)
   
   1. Does it affect the original behavior: (No)
   2. Has unit tests been added: (yes)
   3. Has document been added or modified: (No Need)
   4. Does it need to update dependencies: (No)
   5. Are there any changes that cannot be rolled back: (No)
   
   ## Further comments
   
   If this is a relatively large or complex change, kick off the discussion at [dev@doris.apache.org](mailto:dev@doris.apache.org) by explaining why you chose the solution you did and what alternatives you considered, etc...
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [incubator-doris] github-actions[bot] commented on pull request #8277: [fix] fix a bug of encryption function with iv may return wrong result

Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #8277:
URL: https://github.com/apache/incubator-doris/pull/8277#issuecomment-1055460157






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [incubator-doris] jackwener commented on a change in pull request #8277: [fix] fix a bug of encryption function with iv may return wrong result

Posted by GitBox <gi...@apache.org>.
jackwener commented on a change in pull request #8277:
URL: https://github.com/apache/incubator-doris/pull/8277#discussion_r816606898



##########
File path: be/src/util/encryption_util.cpp
##########
@@ -219,21 +230,30 @@ static int do_decrypt(EVP_CIPHER_CTX* cipher_ctx, const EVP_CIPHER* cipher,
 
 int EncryptionUtil::decrypt(EncryptionMode mode, const unsigned char* encrypt,
                             uint32_t encrypt_length, const unsigned char* key, uint32_t key_length,
-                            const unsigned char* iv, bool padding, unsigned char* decrypt_content) {
+                            const char* iv_str, bool padding, unsigned char* decrypt_content) {
     const EVP_CIPHER* cipher = get_evp_type(mode);
 
     /* The encrypt key to be used for decryption */
     unsigned char encrypt_key[ENCRYPTION_MAX_KEY_LENGTH / 8];
     create_key(key, key_length, encrypt_key, mode);
 
-    if (cipher == nullptr || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) {
+    int iv_length = EVP_CIPHER_iv_length(cipher);
+    if (cipher == nullptr || (iv_length > 0 && !iv_str)) {
         return AES_BAD_DATA;
     }
+    char* init_vec = nullptr;
+    std::string iv_default("DORISDORISDORIS_");
+
+    if (iv_str) {
+        init_vec = &iv_default[0];
+        memcpy(init_vec, iv_str, strnlen(iv_str, EVP_MAX_IV_LENGTH));
+        init_vec[iv_length] = '\0';
+    }
     EVP_CIPHER_CTX* cipher_ctx = EVP_CIPHER_CTX_new();
     EVP_CIPHER_CTX_reset(cipher_ctx);
     int length = 0;
-    int ret = do_decrypt(cipher_ctx, cipher, encrypt, encrypt_length, encrypt_key, iv, padding,
-                         decrypt_content, &length);
+    int ret = do_decrypt(cipher_ctx, cipher, encrypt, encrypt_length, encrypt_key,
+                         (unsigned char*)init_vec, padding, decrypt_content, &length);

Review comment:
       reinterpret_cast may be better?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [incubator-doris] yangzhg merged pull request #8277: [fix] fix a bug of encryption function with iv may return wrong result

Posted by GitBox <gi...@apache.org>.
yangzhg merged pull request #8277:
URL: https://github.com/apache/incubator-doris/pull/8277


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org

[GitHub] [incubator-doris] morningman commented on pull request #8277: [fix] fix a bug of encryption function with iv may return wrong result

Posted by GitBox <gi...@apache.org>.
morningman commented on pull request #8277:
URL: https://github.com/apache/incubator-doris/pull/8277#issuecomment-1055461806


   And do we need to change vectorized method too?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org