[CDRIVER-4694] Do not rely on kms_request_append_payload() to calculate payload length Created: 18/Jul/23  Updated: 28/Oct/23  Resolved: 25/Jul/23

Status: Closed
Project: C Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 1.24.3

Type: Bug Priority: Unknown
Reporter: Jeremy Mikola Assignee: Jeremy Mikola
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-1895 Add native support for AWS IAM Roles ... Closed
Related
is related to CDRIVER-4691 Sync KMS sources with libmongocrypt Closed
is related to MONGOCRYPT-581 Allow passing negative len to kms_req... Closed

 Description   

Summary

libmongoc and libmongocrypt have divergent KMS libraries (CDRIVER-4691). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (MONGOCRYPT-581). This breaks MONGODB-AWS authentication.

Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.

Environment

Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.



 Comments   
Comment by Githook User [ 18/Jul/23 ]

Author:

{'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}

Message: CDRIVER-4694 calculate payload length for kms_request_append_payload() (#1346)

This fixes an assert failure during MONGODB-AWS auth when an application is bundled with both libmongoc and libmongocrypt, and libmongocrypt's KMS library is used.
Branch: r1.24
https://github.com/mongodb/mongo-c-driver/commit/6553040b32df8bc827f9cf57ac485e793e93980a

Comment by Githook User [ 18/Jul/23 ]

Author:

{'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}

Message: CDRIVER-4694 calculate payload length for kms_request_append_payload() (#1346)

This fixes an assert failure during MONGODB-AWS auth when an application is bundled with both libmongoc and libmongocrypt, and libmongocrypt's KMS library is used.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/797b371ce9c23a4a557cbd4ac5ac20ddd762c280

Comment by Jeremy Mikola [ 18/Jul/23 ]

https://github.com/mongodb/mongo-c-driver/pull/1346

Generated at Wed Feb 07 21:21:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.