[CDRIVER-4691] Sync KMS sources with libmongocrypt Created: 17/Jul/23  Updated: 28/Oct/23  Resolved: 17/Aug/23

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.25.0

Type: Task Priority: Unknown
Reporter: Jeremy Mikola Assignee: Roberto Sanchez
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-4694 Do not rely on kms_request_append_pay... Closed
related to MONGOCRYPT-586 Port C driver-specific changes to KMS... Closed
is related to MONGOCRYPT-581 Allow passing negative len to kms_req... Closed

 Description   

Both libmongoc and libmongocrypt contain KMS sources:

The libmongoc sources were originally vendored from libmongocrypt, but have since diverged. This will require some care to pull in changes from libmongocrypt (e.g. code audit work), while preserving any libmongoc-specific changes that were made (which may warrant porting over to libmongocrypt).

Going forward, libmongoc should not modify its KMS sources directly and should maintain a copy of the libmongocrypt version.


This divergence was discovered when testing the PHP driver with MONGODB-AWS and encountering an assertion failure unique to libmongocrypt's KMS sources (see: MONGOCRYPT-581).



 Comments   
Comment by Githook User [ 17/Aug/23 ]

Author:

{'name': 'Roberto C. Sánchez', 'email': 'roberto@connexer.com', 'username': 'rcsanchez97'}

Message: CDRIVER-4691 sync KMS sources with libmongocrypt
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/cff75a217492d52d0e74b420cb4a4c4f448209be

Comment by Roberto Sanchez [ 16/Aug/23 ]

https://github.com/mongodb/mongo-c-driver/pull/1381

Comment by Roberto Sanchez [ 18/Jul/23 ]

kevin.albertson@mongodb.com, I am curious to know if you have any thoughts about how we might implemented some sort of protection against modifications to the KMS source in the C driver. A couple of possibilities come to my mind. The one that I think would be the most useful/straightforward to implement would be a task in the C driver that does something like this:

git clone (libmongocrypt-URL) ../libmongocrypt
if [[ $(diff -uNr ../libmongocrypt/kms-message/ src/kms-message/ | wc -l) -ne 0 ]]; then
    (fail the task)
fi

This will protect us in two ways:

1. if KMS is updated in libmongocrypt and we don't bring the changes over to the C driver, the next build in the C driver will have this task failing
2. if we forget and make a change in the C driver KMS that isn't in the libmongocrypt KMS, then the task will fail

The only thing will be that we'd have to think about is how this will be handled on release branches. The easiest approach to me seems to be that we assume KMS will not change in the C driver once we have branched for a release and so on the release branch the task I am proposing would be updated to clone a specific commit of the libmongocrypt repo.

Generated at Wed Feb 07 21:21:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.