[MONGOCRYPT-457] Use CRLF instead of LF newlines Created: 08/Jul/22  Updated: 28/Oct/23  Resolved: 01/Aug/22

Status: Closed
Project: Libmongocrypt
Component/s: kms_message
Affects Version/s: None
Fix Version/s: 1.6.0, 1.6.0-alpha0

Type: Improvement Priority: Major - P3
Reporter: Anna Henningsen Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by MONGOCRYPT-454 Include carriage return in HTTP requests Closed
Problem/Incident
causes PYTHON-3384 CSFLE test failure on Windows: Error ... Closed
Binding Changes: Not Needed

 Description   

libmongocrypt should follow the HTTP/1.1 spec and use CRLF newlines instead of LF:

Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.

While currently the servers it communicates with may not make use of the fact that this is merely a "MAY" requirement that they can disregard, libmongocrypt should be future-proof and anticipate that servers could reject LF as a single line terminator in the future.

Node.js just started doing so, with the effect of breaking the mongosh test suite for libmongocrypt requests, citing CVE-2022-32213 (details not yet available at time of writing) as the reason.



 Comments   
Comment by Githook User [ 06/Aug/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: GODRIVER-2501 support for GCP attached service accounts when using GCP KMS (#1029)

  • opt in to NeedKmsCredentials state
  • add explicit mongocrypt.State values
  • store KmsProviders on MongoCrypt struct
  • handle NeedKmsCredentials in crypt.go for GCP
  • add ProvideKmsProviders and GetKmsProviders to *_not_enabled files
  • add integration test
Comment by Githook User [ 01/Aug/22 ]

Author:

{'name': 'Shane Harvey', 'email': 'shnhrv@gmail.com', 'username': 'ShaneHarvey'}

Message: MONGOCRYPT-457 Add back Python 2 support for CSFLE test setup (#222)
Branch: master
https://github.com/mongodb-labs/drivers-evergreen-tools/commit/70085dd5678b7c409f5c9b50a289c342ea51b5a7

Comment by Githook User [ 01/Aug/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-457 do not print newline in set-temp-creds.sh (#220)

CSFLE_AWS_TEMP_SESSION_TOKEN will have a trailing "\r" when run on Windows hosts.
Branch: master
https://github.com/mongodb-labs/drivers-evergreen-tools/commit/0d22d272c936a3552e60714621bb993fa90909f0

Comment by Githook User [ 27/Jul/22 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: MONGOCRYPT-457 Use CRLF instead of LF newlines (#426)
Branch: master
https://github.com/mongodb/libmongocrypt/commit/65d670c17f564d9c3f7d34d2649be5b465a53a5e

Generated at Thu Feb 08 09:08:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.