lriggs opened a new issue, #45693:
URL: https://github.com/apache/arrow/issues/45693

   ### Describe the bug, including details regarding any error messages, 
version, and platform.
   
    The aes encrypt and decrypt function only uses the first 15 characters of 
the cipher.
   
   ```
   select base64(aes_encrypt('Dremio', 'mypassword1234567890'));
   select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 
'mypassword1234567890') -> Dremio
   
   select base64(aes_encrypt('Dremio', 'mypassword1234567890'));
   select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 
'mypassword12345678') -> Dremio
   
   select base64(aes_encrypt('Dremio', 'mypassword1234567890'));
   select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 
'mypassword1234562222222') -> Dremio
   ```
   So for cipher was used only mypassword123456
   But
   ```
   select base64(aes_encrypt('Dremio', 'mypassword1234567890'));
   select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword123459') 
-> SigSev exception
   
   ```
   or 
   
   ```
   select base64(aes_encrypt('Dremio', 'mypassword1234567890'));
   select aes_decrypt(unbase64('UvicDn/xiUDmfSE+KYjjyw=='), 'mypassword12345') 
-> SigSev exception
   ```
   
   So after investigation gandiva code I can confirm that for encryption used 
EVP_aes_128_ecb method. It use 128 bits key length (128 bits == 16 bytes ~ 16 
chars) - that is why we have this behaviour.
   
   I checked specification for openssl and how hive iml works:
   aes_ecrypt/decrypt support 128, 192, 254 bit key and this strict requirement 
- key should be 16 or 24 or 32 chars. If not - hive for example, will return 
null.
   
   ### Component(s)
   
   C++


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@arrow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to