unit-test-zstd failed on RHEL 8.0

Host: ec2-3-231-24-193.compute-1.amazonaws.com
Project: WiredTiger (develop)
Commit: diff: WT-7832 Add an encryptor extension that uses the libsodium cryptography library. (#6780)

• Add an encryptor extension that uses the libsodium cryptography library.

It should really be audited by a cryptographer before being used, but
is expected to be usable with at worst minor adjustments.

It uses the aead_xchacha20poly1305_ietf construction from libsodium to
encrypt and checksum blocks.

It does not support retrieving keys from a key manager, there not
being any obvious open-source choices that I'm aware of. This means
that it can, for the time being anyway, only be configured with
secretkey= and not keyid=, which is perhaps unfortunate but better
than nothing.

Besides the encryptor itself, this changeset includes the following
related changes:

• Add the new extension to both the cmake and autotools builds.
• Rework the encryption page in the documentation, adding the new
  encryptor and expanding on some of the other material, and also
  add some bits/make some improvements to the WT_ENCRYPTOR docs.
• In util_main.c, add a wt_explicit_zero function for zeroing
  memory that takes precautions against being removed by the
  compiler, and use it to clear copies of the secret key. Zero and
  free the secret key (and open config string, which contains the
  secret key when there is one) earlier.
• In nop_encryptor.c, since this is supposed to be a template for
  application developers to fill in, add a blank customize method.
  Without a customize method you can't configure keys, so even
  though it's officially optional it seems like the example should
  have one.
• Add support for the new extension to:
  • test_format
  • test_encrypt0[126].py
  • test_import0[69].py
    (Note that test_encrypt05 doesn't exist, test_encrypt0[34] are
    for testing the config plumbing and not any particular extension,
    and test_encrypt07 needs to be able to munge the "encrypted" data
    and doesn't work with real encryption.)
• Add new test_encrypt0[89].py that checks the error paths in the
  new extension's customize method.
• Add an example snippet for how to configure the new extension to
  ex_all.c for use in the docs.
• Add the encryptor directory to Doxyfile so it can be an example.
• Add the new encryptor to the examples page in the documentation.
• Add a bunch of spelling words.
• Add some of the functions to the exception list in s_void (like
  other extensions).

It also includes the following change that is not related but directly
adjacent to a piece of the above:

• In the cmake build of test_format, pass the path to the zstd
  library with -D, like the other extensions.

• Some minor adjustments from a preliminary review.

• Document that WT's checksums can be disabled when using encryption.

Because any viable encryptor applies a cryptographically strong
checksum, there's no need to add a separate weaker checksum as well.
Document this in the encryptors page and in the checksum argument of
WT_SESSION::create.

• Fix compiler warnings, missed by accident.

• Initial changes from review.

Also I missed something: the change in wiredtiger.in about configuring
checksums also needs to be in api_data.py, and incurs another spelling
word.

• Argue with clang-format to get rid of the hanging-indent comments.

• Make a couple more comment adjustments.

• Try again with the comment formatting.

It seems that the header is required to use hanging indent by
function.py, so in order to avoid the rest of the comments after being
reformatted with hanging indent by clang-format, move them inside the
function body.

This is maybe not optimal but it at least isn't visually revolting and
doesn't break the tree :-|

Also, add sodium_encrypt.c to dist/extlist so that all the checks are
run on it.

• Split the cleanup path for secretkey/p in two.

Hopefully avoids false positives from inadequately path-sensitive
static analyzers. | 15 Jul 21 01:30 UTC
Evergreen Subscription: ; Evergreen Event:

Task Logs (unit-test-zstd)