[CDRIVER-4272] FLE 1.0 Shared Library Created: 27/Jan/22  Updated: 28/Oct/23  Resolved: 03/May/22

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.22.0, 1.22.0-beta0

Type: Epic Priority: Major - P3
Reporter: PM Bot Assignee: Colby Pike
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-2045 FLE 1.0 Shared Library Closed
Issue split
split from DRIVERS-1950 FLE 1.0 Shared Library Closed
Related
Server Compat: 5.3
Quarter: FY23Q2
Upstream Changes Summary:

DRIVERS-1950:
Note: the following instructions do not account for the rename of the shared library. Please also see DRIVERS-2338.

The csfle shared library is a new component that replaces the mongocryptd process. csfle is loaded by libmongocrypt at runtime.

Please see the following specifications PRs for a description of the driver changes:

Please see the C driver implementation for reference.

Bindings changes

Upgrade libmongocrypt dependency to 1.5.0. Drivers can use 1.5.0-alpha0 to test. Binaries are available from this upload-all task.

Update the bindings to libmongocrypt to add the new functions:

  • mongocrypt_csfle_version_string
  • mongocrypt_csfle_version
  • mongocrypt_setopt_append_csfle_search_path
  • mongocrypt_setopt_set_csfle_lib_path_override

Driver changes

Pass AutoEncryptionOpts.extraOptions.csflePath to libmongocrypt with {} mongocrypt_setopt_set_crypt_shared_lib_path_override.

If AutoEncryptionOpts.bypassAutoEncryption is unset or false, pass "$SYSTEM" to mongocrypt_setopt_append_csfle_search_path for the mongocrypt_t in a MongoClient configured with AutoEncryptionOpts.

If AutoEncryptionOpts.extraOptions.csfleRequired is true, error if csfle is not loaded. Determine if csfle is loaded by checking if mongocrypt_csfle_version_string is NULL.

Do not attempt to spawn mongocryptd if csfle is loaded.

Test changes

Please see https://github.com/mongodb/specifications/pull/1199 for a description of test changes.

Please see https://github.com/mongodb-labs/drivers-evergreen-tools/pull/196 for a script to download the csfle shared library.

Start date:
End date:
Calendar Time: 3 weeks
Scope Cost Estimate: 3
Cost to Date: 2
Final Cost Estimate: 3
Detailed Project Statuses:

2022-04-18: Setting target date to 4/22/2022

Status update:

  • In draft review. Working on tests.

Rationale for delays:

  • No delays.

Risks:

  • Delays risk FLE 2.0 support in drivers.


 Description   

This ticket was split from DRIVERS-1950, please see that ticket for a detailed description.



 Comments   
Comment by Githook User [ 27/Apr/22 ]

Author:

{'name': 'vector-of-bool', 'email': 'vectorofbool@gmail.com', 'username': 'vector-of-bool'}

Message: CDRIVER-4272: Add options and code to load the csfle dynamic library (#968)

  • Incorporate changes for csfle in libmongocrypt
  • Document new extraOptions for auto-encryption
  • Add mongodl, download a csfle library for testing. Use csfle in test processes if possible
  • Fix: forked child processes must not used exit() nor allocating functions.

This is discovered because the mongocryptd spawner will cause the
atexit() code to run from the csfle library loaded in the
process.

  • Do not append csfle search paths if we are explicit or bypassing auto-encryption

Refer: DRIVERS-2287

  • Fix mongodl for rhel versions and ASCII stdout
  • Remove BSON_MEMCHECK. We're getting ODR trouble.
Comment by PM Bot [ 27/Jan/22 ]

If you are not logged in, you can view the tickets in this epic by following this link.

Generated at Wed Feb 07 21:20:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.