mirror of
https://github.com/mongodb/mongo.git
synced 2024-12-01 09:32:32 +01:00
SERVER-42955 Call explicit_bzero where available
This commit is contained in:
Mark Benvenuto
Evergreen Agent
parent
ce27e3b631
commit
d51e93a173
@ -2626,6 +2626,7 @@ def doConfigure(myenv):
|
||||
|
||||
conf.Finish()
|
||||
|
||||
# C11 memset_s - a secure memset
|
||||
def CheckMemset_s(context):
|
||||
test_body = """
|
||||
#define __STDC_WANT_LIB_EXT1__ 1
|
||||
@ -2650,6 +2651,10 @@ def doConfigure(myenv):
|
||||
if conf.CheckFunc('strnlen'):
|
||||
conf.env.SetConfigHeaderDefine("MONGO_CONFIG_HAVE_STRNLEN")
|
||||
|
||||
# Gblic 2.25+, OpenBSD 5.5+ and FreeBSD 11.0+ offer explicit_bzero, a secure way to zero memory
|
||||
if conf.CheckFunc('explicit_bzero'):
|
||||
conf.env.SetConfigHeaderDefine("MONGO_CONFIG_HAVE_EXPLICIT_BZERO")
|
||||
|
||||
conf.Finish()
|
||||
|
||||
# If we are using libstdc++, check to see if we are using a
|
||||
|
||||
@ -290,21 +290,22 @@ if env.TargetOSIs('windows'):
|
||||
config_header_substs = (
|
||||
('@mongo_config_altivec_vec_vbpermq_output_index@', 'MONGO_CONFIG_ALTIVEC_VEC_VBPERMQ_OUTPUT_INDEX'),
|
||||
('@mongo_config_debug_build@', 'MONGO_CONFIG_DEBUG_BUILD'),
|
||||
('@mongo_config_have_ssl_set_ecdh_auto@', 'MONGO_CONFIG_HAVE_SSL_SET_ECDH_AUTO'),
|
||||
('@mongo_config_have_ssl_ec_key_new@', 'MONGO_CONFIG_HAVE_SSL_EC_KEY_NEW'),
|
||||
('@mongo_config_have_execinfo_backtrace@', 'MONGO_CONFIG_HAVE_EXECINFO_BACKTRACE'),
|
||||
('@mongo_config_have_explicit_bzero@', 'MONGO_CONFIG_HAVE_EXPLICIT_BZERO'),
|
||||
('@mongo_config_have_fips_mode_set@', 'MONGO_CONFIG_HAVE_FIPS_MODE_SET'),
|
||||
('@mongo_config_have_header_unistd_h@', 'MONGO_CONFIG_HAVE_HEADER_UNISTD_H'),
|
||||
('@mongo_config_have_memset_s@', 'MONGO_CONFIG_HAVE_MEMSET_S'),
|
||||
('@mongo_config_have_posix_monotonic_clock@', 'MONGO_CONFIG_HAVE_POSIX_MONOTONIC_CLOCK'),
|
||||
('@mongo_config_have_pthread_setname_np@', 'MONGO_CONFIG_HAVE_PTHREAD_SETNAME_NP'),
|
||||
('@mongo_config_have_ssl_ec_key_new@', 'MONGO_CONFIG_HAVE_SSL_EC_KEY_NEW'),
|
||||
('@mongo_config_have_ssl_set_ecdh_auto@', 'MONGO_CONFIG_HAVE_SSL_SET_ECDH_AUTO'),
|
||||
('@mongo_config_have_std_enable_if_t@', 'MONGO_CONFIG_HAVE_STD_ENABLE_IF_T'),
|
||||
('@mongo_config_have_strnlen@', 'MONGO_CONFIG_HAVE_STRNLEN'),
|
||||
('@mongo_config_max_extended_alignment@', 'MONGO_CONFIG_MAX_EXTENDED_ALIGNMENT'),
|
||||
('@mongo_config_optimized_build@', 'MONGO_CONFIG_OPTIMIZED_BUILD'),
|
||||
('@mongo_config_ssl@', 'MONGO_CONFIG_SSL'),
|
||||
('@mongo_config_ssl_has_asn1_any_definitions@', 'MONGO_CONFIG_HAVE_ASN1_ANY_DEFINITIONS'),
|
||||
('@mongo_config_ssl_provider@', 'MONGO_CONFIG_SSL_PROVIDER'),
|
||||
('@mongo_config_ssl@', 'MONGO_CONFIG_SSL'),
|
||||
('@mongo_config_usdt_enabled@', 'MONGO_CONFIG_USDT_ENABLED'),
|
||||
('@mongo_config_usdt_provider@', 'MONGO_CONFIG_USDT_PROVIDER'),
|
||||
('@mongo_config_use_libunwind@', 'MONGO_CONFIG_USE_LIBUNWIND'),
|
||||
|
||||
@ -41,15 +41,12 @@
|
||||
// Define if building a debug build
|
||||
@mongo_config_debug_build@
|
||||
|
||||
// Defined if OpenSSL has `SSL_CTX_set_ecdh_auto` and `SSL_set_ecdh_auto`
|
||||
@mongo_config_have_ssl_set_ecdh_auto@
|
||||
|
||||
// Defined if OpenSSL has `EC_KEY_new_by_curve_name` and the `NID_X9_62_prime256v1` curve defined
|
||||
@mongo_config_have_ssl_ec_key_new@
|
||||
|
||||
// Defined if execinfo.h and backtrace are available
|
||||
@mongo_config_have_execinfo_backtrace@
|
||||
|
||||
// Defined if explicit_bzero is available
|
||||
@mongo_config_have_explicit_bzero@
|
||||
|
||||
// Defined if OpenSSL has the FIPS_mode_set function
|
||||
@mongo_config_have_fips_mode_set@
|
||||
|
||||
@ -65,6 +62,12 @@
|
||||
// Defined if pthread.h and pthread_setname_np are available
|
||||
@mongo_config_have_pthread_setname_np@
|
||||
|
||||
// Defined if OpenSSL has `EC_KEY_new_by_curve_name` and the `NID_X9_62_prime256v1` curve defined
|
||||
@mongo_config_have_ssl_ec_key_new@
|
||||
|
||||
// Defined if OpenSSL has `SSL_CTX_set_ecdh_auto` and `SSL_set_ecdh_auto`
|
||||
@mongo_config_have_ssl_set_ecdh_auto@
|
||||
|
||||
// Defined if strnlen is available
|
||||
@mongo_config_have_strnlen@
|
||||
|
||||
@ -74,15 +77,15 @@
|
||||
// Defined if building an optimized build
|
||||
@mongo_config_optimized_build@
|
||||
|
||||
// Defined if SSL support is enabled
|
||||
@mongo_config_ssl@
|
||||
|
||||
// Defined if OpenSSL has SEQUENCE_ANY
|
||||
@mongo_config_ssl_has_asn1_any_definitions@
|
||||
|
||||
// Defined if SSL support is enabled with chosen ssl provider
|
||||
@mongo_config_ssl_provider@
|
||||
|
||||
// Defined if SSL support is enabled
|
||||
@mongo_config_ssl@
|
||||
|
||||
// Defined if USDT probes are enabled
|
||||
@mongo_config_usdt_enabled@
|
||||
|
||||
|
||||
@ -50,6 +50,9 @@ void secureZeroMemory(void* mem, size_t size) {
|
||||
#if defined(_WIN32)
|
||||
// Windows provides a simple function for zeroing memory
|
||||
SecureZeroMemory(mem, size);
|
||||
#elif defined(MONGO_CONFIG_HAVE_EXPLICIT_BZERO)
|
||||
// Gblic 2.25+, OpenBSD 5.5+ and FreeBSD 11.0+ offer explicit_bzero
|
||||
explicit_bzero(mem, size);
|
||||
#elif defined(MONGO_CONFIG_HAVE_MEMSET_S)
|
||||
// Some C11 libraries provide a variant of memset which is guaranteed to not be optimized away
|
||||
fassert(28752, memset_s(mem, size, 0, size) == 0);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user