Details
-
Improvement
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
Description
Currently, libmongocrypt will return an error with the message "KMS response fed too much data" if mongocrypt_kms_ctx_feed is fed more bytes than indicated in mongocrypt_kms_ctx_bytes_needed. This is currently documented in the API for mongocrypt_kms_ctx_feed:
/**
|
* Feed bytes from the HTTP response.
|
*
|
* Feeding more bytes than what has been returned in @ref
|
* mongocrypt_kms_ctx_bytes_needed is an error.
|
*
|
* @param[in] kms The @ref mongocrypt_kms_ctx_t.
|
* @param[in] bytes The bytes to feed. The viewed data is copied. It is valid to
|
* destroy @p bytes with @ref mongocrypt_binary_destroy immediately after.
|
* @returns A boolean indicating success. If false, an error status is set.
|
* Retrieve it with @ref mongocrypt_kms_ctx_status
|
*/
|
MONGOCRYPT_EXPORT
|
bool
|
mongocrypt_kms_ctx_feed (mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes);
|
This is meant as a safeguard to prevent API misuse of passing more bytes than expected. But it creates an unnecessarily complicated API. We may be able to remove this limitation.
Attachments
Issue Links
- is related to
-
MONGOCRYPT-249 KMS instructions in integration guide unclear
-
- Backlog
-