Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-4181

[pymongocrypt] Enable use of native crypto in libmongocrypt bindings

XMLWordPrintableJSON

    • Hide

      DRIVERS-2718:
      Summary of necessary driver changes

      Package the crypto-enabled libmongocrypt on platforms where it is safe to do so: Mac and Windows. For Linux, continue to package the crypto-disabled (nocrypto) builds due to the issues with OpenSSL versioning (see MONGOCRYPT-112).

      Check if the loaded libmongocrypt supports native crypto by calling mongocrypt_is_crypto_available. Only register crypto callbacks if it returns false.

      Document that on Linux, high-performance use cases should install libmongocrypt on the system. If possible, ensure this install takes precedence over the packaged crypto-disabled libmongocrypt.

      Update (2024-04-30): Drivers adding an environment variable to specify a path to libmongocrypt are recommended to use the name LIBMONGOCRYPT_PATH (consistent with Ruby driver).

      Context for other referenced/linked tickets

      mongocrypt_is_crypto_available is added in MONGOCRYPT-616. Until it is released, libmongocrypt binaries can be downloaded from the upload-all task for the commit.

      I expect this work only applies to drivers that implement the crypto hooks (i.e. calling mongocrypt_setopt_crypto_hooks and friends). From this survey, this appears to be: C#, Java, Node.js, Python, Ruby.

      Show
      DRIVERS-2718 : Summary of necessary driver changes Package the crypto-enabled libmongocrypt on platforms where it is safe to do so: Mac and Windows. For Linux, continue to package the crypto-disabled (nocrypto) builds due to the issues with OpenSSL versioning (see MONGOCRYPT-112 ). Check if the loaded libmongocrypt supports native crypto by calling mongocrypt_is_crypto_available . Only register crypto callbacks if it returns false. Document that on Linux, high-performance use cases should install libmongocrypt on the system. If possible, ensure this install takes precedence over the packaged crypto-disabled libmongocrypt. Update (2024-04-30): Drivers adding an environment variable to specify a path to libmongocrypt are recommended to use the name LIBMONGOCRYPT_PATH (consistent with Ruby driver). Context for other referenced/linked tickets mongocrypt_is_crypto_available is added in MONGOCRYPT-616 . Until it is released, libmongocrypt binaries can be downloaded from the upload-all task for the commit . I expect this work only applies to drivers that implement the crypto hooks (i.e. calling mongocrypt_setopt_crypto_hooks and friends). From this survey , this appears to be: C#, Java, Node.js, Python, Ruby.
    • Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      Users should upgrade to pymongocrypt >= 1.9 to see the perf benefit. Linux users need to also manually install the appropriate libmongocrypt build for their platform and set PYMONGOCRYPT_LIB to the crypto enabled SO file (ie use "<dir>/lib/libmongocrypt.so" instead of "<dir>/nocrypto/lib/libmongocrypt.so"). For example for Ubuntu 22.04 x86_64:

      $ # Set PYMONGOCRYPT_LIB for Ubuntu 22.04 x86_64:
$ export PYMONGOCRYPT_LIB=$(pwd)/libmongocrypt-all/ubuntu2204-64/lib/libmongocrypt.so
$ python -c "import pymongocrypt; print(pymongocrypt.libmongocrypt_version())"
1.9.0

      To check if your install is using the native crypto:

      python -c 'from pymongocrypt.binding import lib;assert lib.mongocrypt_is_crypto_available(), "mongocrypt_is_crypto_available() returned False"'
      Show
      1. What would you like to communicate to the user about this feature? Users should upgrade to pymongocrypt >= 1.9 to see the perf benefit. Linux users need to also manually install the appropriate libmongocrypt build for their platform and set PYMONGOCRYPT_LIB to the crypto enabled SO file (ie use "<dir>/lib/libmongocrypt.so" instead of "<dir>/nocrypto/lib/libmongocrypt.so"). For example for Ubuntu 22.04 x86_64: $ # Set PYMONGOCRYPT_LIB for Ubuntu 22.04 x86_64: $ export PYMONGOCRYPT_LIB=$(pwd)/libmongocrypt-all/ubuntu2204-64/lib/libmongocrypt.so $ python -c " import pymongocrypt; print(pymongocrypt.libmongocrypt_version())" 1.9.0 To check if your install is using the native crypto: python -c 'from pymongocrypt.binding import lib; assert lib.mongocrypt_is_crypto_available(), "mongocrypt_is_crypto_available() returned False" '

      This ticket was split from DRIVERS-2718, please see that ticket for a detailed description.

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            dbeng-pm-bot PM Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: