[MONGOCRYPT-249] KMS instructions in integration guide unclear Created: 07/Feb/20  Updated: 30/Mar/22

Status: Backlog
Project: Libmongocrypt
Component/s: Documentation
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Oleg Pudeyev (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to MONGOCRYPT-286 Remove size limitation for mongocrypt... Backlog

 Description   

The kms instructions (https://github.com/mongodb/libmongocrypt/blob/master/integrating.md#state-mongocrypt_ctx_need_kms) state that the driver is to iterate context and for each context:

1. create a tls socket
2. Write the message from mongocrypt_kms_ctx_message to the > socket.
3. Feed the reply back with mongocrypt_kms_ctx_feed. Repeat > until mongocrypt_kms_ctx_bytes_needed returns 0.

The last bullet point is unclear as to what it requires:

1. What is "the reply" and how was it obtained?
2. When should the driver call mongocrypt_kms_ctx_bytes_needed and how is this return value used?

Looking at the Python driver, what it does appears to be:

1. create a tls socket
2. write the message
3. call mongocrypt_kms_ctx_bytes_needed to get the maximum number of bytes that LMC would like to receive
4. if the number of bytes needed is zero, stop
5. read up to that many bytes from the socket
6. pass the read bytes (generally fewer than the value returned by mongocrypt_kms_ctx_bytes_needed) to LMC
7. go to step 3

If these are the required steps, I suggest incorporating them into the integration guide as a replacement for the current procedure.


Generated at Thu Feb 08 09:08:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.