Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH-43946: [C++][Parquet] Guard against use of cleared decryptor/encryptor #43947

Merged
merged 2 commits into from
Sep 5, 2024
Merged

GH-43946: [C++][Parquet] Guard against use of cleared decryptor/encryptor #43947

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d2bcc8f
GH-43946: [C++][Parquet] Guard against use of decryptor/encryptor aft…
pitrou Sep 4, 2024
0fb9ee6
Make CheckValid const
pitrou Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions cpp/src/parquet/encryption/encryption_internal.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,12 @@ class AesEncryptor::AesEncryptorImpl {
}

private:
void CheckValid() const {
if (ctx_ == nullptr) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ctx_ == nullptr) {
if (ARROW_PREDICT_FALSE(ctx_ == nullptr)) {

throw ParquetException("AesEncryptor was wiped out");
}
}

EVP_CIPHER_CTX* ctx_;
int32_t aes_mode_;
int32_t key_length_;
Expand Down Expand Up @@ -156,6 +162,8 @@ AesEncryptor::AesEncryptorImpl::AesEncryptorImpl(ParquetCipher::type alg_id,
int32_t AesEncryptor::AesEncryptorImpl::SignedFooterEncrypt(
span<const uint8_t> footer, span<const uint8_t> key, span<const uint8_t> aad,
span<const uint8_t> nonce, span<uint8_t> encrypted_footer) {
CheckValid();

if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
Expand All @@ -180,6 +188,8 @@ int32_t AesEncryptor::AesEncryptorImpl::Encrypt(span<const uint8_t> plaintext,
span<const uint8_t> key,
span<const uint8_t> aad,
span<uint8_t> ciphertext) {
CheckValid();

if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
Expand Down Expand Up @@ -413,6 +423,12 @@ class AesDecryptor::AesDecryptorImpl {
}

private:
void CheckValid() const {
if (ctx_ == nullptr) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ctx_ == nullptr) {
if (ARROW_PREDICT_FALSE(ctx_ == nullptr)) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was under the impression that compilers automatically treated branches that throw an exception to be unlikely, but I can't find a reference. @felipecrv Do you know about that?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, judging from https://www.youtube.com/watch?v=T84swS6DCRo (at 29:00), the gcc compiler already uses such a heuristic.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CheckValid should be const?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point @mapleFU

throw ParquetException("AesDecryptor was wiped out");
}
}

EVP_CIPHER_CTX* ctx_;
int32_t aes_mode_;
int32_t key_length_;
Expand Down Expand Up @@ -714,6 +730,8 @@ int32_t AesDecryptor::AesDecryptorImpl::Decrypt(span<const uint8_t> ciphertext,
span<const uint8_t> key,
span<const uint8_t> aad,
span<uint8_t> plaintext) {
CheckValid();

if (static_cast<size_t>(key_length_) != key.size()) {
std::stringstream ss;
ss << "Wrong key length " << key.size() << ". Should be " << key_length_;
Expand Down Expand Up @@ -806,4 +824,7 @@ void RandBytes(unsigned char* buf, size_t num) {

void EnsureBackendInitialized() { openssl::EnsureInitialized(); }

#undef ENCRYPT_INIT
#undef DECRYPT_INIT

} // namespace parquet::encryption
Loading