mirror of
https://github.com/apache/impala.git
synced 2025-12-30 03:01:44 -05:00
514dfaf9fd
CFB mode is a stream cipher and is secure when used with a different nonce/IV for every message. However it can be a performance bottleneck. CTR mode is also stream cipher and is secure, 4~6x faster than CFB mode in OpenSSL. AES-CTR+SHA256 is about 40~70% faster than AES-CFB+SHA256. CTR mode is used if OpenSSL version>=1.0.1 at runtime, otherwise fall back to using CFB mode. Testing: run runtime tmp-file-mgr-test, openssl-util-test, buffer-pool-test and buffered-tuple-stream-test The ut case openssl-util-test.EncryptInPlace tests encryption in both modes. Change-Id: I9debc240615dd8cdbf00ec8730cff62ffef52aff Reviewed-on: http://gerrit.cloudera.org:8080/8861 Reviewed-by: Tim Armstrong <tarmstrong@cloudera.com> Tested-by: Impala Public Jenkins