[CXX-2433] Support In-Use Encryption Shared Library Created: 27/Jan/22  Updated: 21/Jun/23  Resolved: 19/Apr/23

Status: Closed
Project: C++ Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 3.8.0

Type: Improvement Priority: Major - P3
Reporter: PM Bot Assignee: Kyle Kloberdanz
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Issue split
split from DRIVERS-1950 FLE 1.0 Shared Library Closed
Server Compat: 5.3
Quarter: FY24Q1
Upstream Changes Summary:

DRIVERS-1950:
Note: the following instructions do not account for the rename of the shared library. Please also see DRIVERS-2338.

The csfle shared library is a new component that replaces the mongocryptd process. csfle is loaded by libmongocrypt at runtime.

Please see the following specifications PRs for a description of the driver changes:

Please see the C driver implementation for reference.

Bindings changes

Upgrade libmongocrypt dependency to 1.5.0. Drivers can use 1.5.0-alpha0 to test. Binaries are available from this upload-all task.

Update the bindings to libmongocrypt to add the new functions:

  • mongocrypt_csfle_version_string
  • mongocrypt_csfle_version
  • mongocrypt_setopt_append_csfle_search_path
  • mongocrypt_setopt_set_csfle_lib_path_override

Driver changes

Pass AutoEncryptionOpts.extraOptions.csflePath to libmongocrypt with {} mongocrypt_setopt_set_crypt_shared_lib_path_override.

If AutoEncryptionOpts.bypassAutoEncryption is unset or false, pass "$SYSTEM" to mongocrypt_setopt_append_csfle_search_path for the mongocrypt_t in a MongoClient configured with AutoEncryptionOpts.

If AutoEncryptionOpts.extraOptions.csfleRequired is true, error if csfle is not loaded. Determine if csfle is loaded by checking if mongocrypt_csfle_version_string is NULL.

Do not attempt to spawn mongocryptd if csfle is loaded.

Test changes

Please see https://github.com/mongodb/specifications/pull/1199 for a description of test changes.

Please see https://github.com/mongodb-labs/drivers-evergreen-tools/pull/196 for a script to download the csfle shared library.


 Description   

This ticket was split from DRIVERS-1950, please see that ticket for a detailed description.



 Comments   
Comment by Githook User [ 19/Apr/23 ]

Author:

{'name': 'Kyle Kloberdanz', 'email': 'kyle.kloberdanz@mongodb.com', 'username': 'kkloberdanz'}

Message: FLE 1.0 Shared Library (#954)

CXX-2433
CXX-2596
CXX-2608

  • Test mongocryptd is not spawned when shared library is loaded
  • Drivers MUST run all tests with mongocryptd on at least one platform
    for all tested server versions (4.2+).
  • Drivers MUST run all tests with crypt_shared_ on at least one platform
    for all tested server versions (4.2+). For server versions < 6.0,
    drivers MUST test with the latest major release of crypt_shared_
    (currently 6.0). Using the latest major release of crypt_shared_ is
    supported with older server versions.

Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com>
Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com>
Branch: master
https://github.com/mongodb/mongo-cxx-driver/commit/3670e0b518023817f532f4393fe26368aa131a1e

Comment by PM Bot [ 27/Jan/22 ]

If you are not logged in, you can view the tickets in this epic by following this link.

Generated at Wed Feb 07 22:05:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.