<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:26:15 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2718] Enable use of native crypto in libmongocrypt bindings</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2718</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Investigate options to enable use of native crypto in libmongocrypt bindings.&lt;/p&gt;

&lt;p&gt;I expect this will require a scope document and prototyping.&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;By default, libmongocrypt implements crypto primitives (including AES, HMAC, SHA) by linking to a native crypto library (OpenSSL on Linux, CommonCrypto on macOS, Cryptography API on Windows).&lt;/p&gt;

&lt;p&gt;Alternatively: libmongocrypt can be configured without crypto using the CMake option &lt;tt&gt;DISABLE_NATIVE_CRYPTO&lt;/tt&gt;. The &quot;no crypto&quot; version of libmongocrypt is used by driver languages that supply crypto callbacks. On &lt;a href=&quot;https://docs.google.com/spreadsheets/d/1NKtmYEr_Zrf_eDATpfCBfWyLH8GC1vj075aSCLqrca0/edit#gid=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;last survey:&lt;/a&gt;&#160;Java, Python, C#, Ruby, Node, and Rust implement the crypto callbacks.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-112&quot; title=&quot;Create pluggable encryption layer&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-112&quot;&gt;&lt;del&gt;MONGOCRYPT-112&lt;/del&gt;&lt;/a&gt; describes original motivation of the crypto callbacks:&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;For certain languages like Java and C# on Linux, we need to ship a binary but this binary cannot depend on the system OpenSSL.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;The &lt;a href=&quot;https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt/1.8.0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb-crypt&lt;/a&gt; JAR and pymongocrypt wheel include generic Linux binaries of libmongocrypt.&lt;/p&gt;

&lt;p&gt;Use of crypto callbacks may result in slower throughput. HELP-27047 identified a problematic workload: decrypting documents with 1500 encrypted values.&lt;/p&gt;

&lt;p&gt;A benchmark of bulk decryption showed the most improvement when using libmongocrypt&#8217;s native system crypto, rather than the callbacks in the Java bindings:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Baseline: +264.5%&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Using Java binding improvements: +173.19%&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Using bulk callbacks and Java binding improvements: +146.0%&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Using native crypto: +82.79%&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;Some bindings provide an option to use a system install of libmongocrypt (example: &lt;tt&gt;PYMONGOCRYPT_LIB&lt;/tt&gt; in &lt;a href=&quot;https://pypi.org/project/pymongocrypt/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;pymongocrypt&lt;/a&gt;). It may be possible to extend this to other drivers.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;

&lt;p&gt;Users of In-Use Encryption.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;Proposed changes may improve throughput of encryption and decryption.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;

&lt;p&gt;Certain. This was reported in HELP-27047.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;

&lt;p&gt;Performance concern.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;AcceptanceCriteria&quot;&gt;&lt;/a&gt;&lt;b&gt;Acceptance Criteria&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Expect improved throughput of encryption and decryption in impacted drivers.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="2437410">DRIVERS-2718</key>
            <summary>Enable use of native crypto in libmongocrypt bindings</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="13453" iconUrl="https://jira.mongodb.org/images/icons/status_generic.gif" description="">Implementing</status>
                    <statusCategory id="4" key="indeterminate" colorName="inprogress"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Fri, 8 Sep 2023 13:00:36 +0000</created>
                <updated>Wed, 31 Jan 2024 16:52:26 +0000</updated>
                                                                <component>Client Side Encryption</component>
                    <component>Performance</component>
                                        <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="2554460">MONGOCRYPT-616</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="2437395">DRIVERS-2717</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2562846">JAVA-5306</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562848">NODE-5875</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562852">RUBY-3386</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562844">CSHARP-4944</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562850">PYTHON-4181</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562842">CDRIVER-4821</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562843">CXX-2817</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562845">GODRIVER-3112</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562849">MOTOR-1242</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562851">PHPLIB-1387</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2562853">RUST-1835</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2297710">DRIVERS-2581</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;b&gt;Summary of necessary driver changes&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Package the crypto-enabled libmongocrypt on platforms where it is safe to do so: Mac and Windows. For Linux, continue to package the crypto-disabled (nocrypto) builds due to the issues with OpenSSL versioning (see &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-112&quot; title=&quot;Create pluggable encryption layer&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-112&quot;&gt;&lt;del&gt;MONGOCRYPT-112&lt;/del&gt;&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;Check if the loaded libmongocrypt supports native crypto by calling &lt;tt&gt;mongocrypt_is_crypto_available&lt;/tt&gt;. Only register crypto callbacks if it returns false.&lt;/p&gt;

&lt;p&gt;Document that on Linux, high-performance use cases should install libmongocrypt on the system. If possible, ensure this install takes precedence over the packaged crypto-disabled libmongocrypt.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Context for other referenced/linked tickets&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;mongocrypt_is_crypto_available&lt;/tt&gt; is added in &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-616&quot; title=&quot;Add API to determine if built with native crypto&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-616&quot;&gt;&lt;del&gt;MONGOCRYPT-616&lt;/del&gt;&lt;/a&gt;. Until it is released, libmongocrypt binaries can be downloaded from the &lt;a href=&quot;https://spruce.mongodb.com/task/libmongocrypt_publish_upload_all_9bd7e00acc3c87d804f7d1b842acb376f0a01fe4_24_01_25_18_57_43&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;upload-all task for the commit&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;I expect this work only applies to drivers that implement the crypto hooks (i.e. calling &lt;tt&gt;mongocrypt_setopt_crypto_hooks&lt;/tt&gt; and friends). From &lt;a href=&quot;https://docs.google.com/spreadsheets/d/1NKtmYEr_Zrf_eDATpfCBfWyLH8GC1vj075aSCLqrca0/edit#gid=0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this survey&lt;/a&gt;, this appears to be: C#, Java, Node.js, Python, Ruby.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4821'>CDRIVER-4821</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2817'>CXX-2817</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4944'>CSHARP-4944</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-3112'>GODRIVER-3112</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-5306'>JAVA-5306</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-5875'>NODE-5875</a>
    </td>
    <td>Needs Triage</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-1242'>MOTOR-1242</a>
    </td>
    <td>Duplicate</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-4181'>PYTHON-4181</a>
    </td>
    <td>Backlog</td>
    <td class=''>4.7</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPLIB-1387'>PHPLIB-1387</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-3386'>RUBY-3386</a>
    </td>
    <td>Needs Triage</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1835'>RUST-1835</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18362" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Engineering Lead</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>kevin.albertson@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_21553" key="com.atlassian.jira.plugin.system.customfieldtypes:labels">
                        <customfieldname>Quarter</customfieldname>
                        <customfieldvalues>
                                        <label>FY25Q1</label>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i27p94:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14261" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>Start date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 31 Jan 2024 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>