libmongocrypt-helper 1.13.2.0.1001 → 1.14.0.0.1001

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. checksums.yaml +4 -4
  2. data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +8 -0
  3. data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +5 -1
  4. data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +4 -1
  5. data/ext/libmongocrypt/libmongocrypt/Earthfile +18 -17
  6. data/ext/libmongocrypt/libmongocrypt/README.md +8 -8
  7. data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +7 -0
  8. data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md +34 -0
  9. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +6 -2
  10. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +18 -2
  11. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +9 -1
  12. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +14 -0
  13. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +6 -2
  14. data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
  15. data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
  16. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt +1 -0
  17. data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh} +9 -3
  18. data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py} +16 -9
  19. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh +8 -0
  20. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update-version.sh +27 -0
  21. data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update_binding.py +78 -0
  22. data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +15 -0
  23. data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +25 -18
  24. data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +39 -13
  25. data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +1 -1
  26. data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +2 -2
  27. data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +1 -1
  28. data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.c +5 -0
  29. data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.h +1 -1
  30. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_azure_request.c +1 -1
  31. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
  32. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +4 -2
  33. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +1 -2
  34. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +5 -1
  35. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +1 -1
  36. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_opt.c +1 -1
  37. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -8
  38. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.h +9 -0
  39. data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +0 -1
  40. data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.c +7 -3
  41. data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.h +2 -0
  42. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +8 -1
  43. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +5 -4
  44. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +1 -1
  45. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +1 -1
  46. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_request.c +4 -0
  47. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response.c +3 -0
  48. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response_parser.c +4 -0
  49. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.c +1 -1
  50. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.h +1 -1
  51. data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +39 -39
  52. data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +235 -65
  53. data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +1 -1
  54. data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +4 -2
  55. data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +2 -2
  56. data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +2 -2
  57. data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +1 -4
  58. data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +9 -11
  59. data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +1 -0
  60. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +10 -8
  61. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +167 -176
  62. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +6 -17
  63. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +6 -17
  64. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +1 -1
  65. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +25 -26
  66. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +2 -1
  67. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload-private.h +122 -0
  68. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload.c +477 -0
  69. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +1 -3
  70. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +28 -43
  71. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +6 -17
  72. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +6 -5
  73. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +13 -10
  74. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +3 -2
  75. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +7 -6
  76. data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +4 -3
  77. data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +1 -1
  78. data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils-private.h +27 -0
  79. data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils.c +48 -0
  80. data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +5 -5
  81. data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +15 -20
  82. data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +4 -6
  83. data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +9 -18
  84. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +4 -5
  85. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +5 -9
  86. data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +14 -19
  87. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +2 -4
  88. data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +109 -119
  89. data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +2 -2
  90. data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +4 -2
  91. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +0 -3
  92. data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +4 -14
  93. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +1 -1
  94. data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +3 -3
  95. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +8 -1
  96. data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +78 -2
  97. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +34 -16
  98. data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +66 -74
  99. data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +1 -1
  100. data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +4 -2
  101. data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +1 -1
  102. data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +12 -1
  103. data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
  104. data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +5 -5
  105. data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +2 -5
  106. data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +65 -58
  107. data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +3 -3
  108. data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +1 -1
  109. data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +1 -1
  110. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -1
  111. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +4 -0
  112. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +1 -1
  113. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +4 -4
  114. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +29 -25
  115. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +3 -2
  116. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +6 -3
  117. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +48 -58
  118. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +12 -0
  119. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +5 -13
  120. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +19 -2
  121. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +9 -9
  122. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +3 -4
  123. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +285 -89
  124. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -2
  125. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +0 -1
  126. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +1 -1
  127. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +4 -1
  128. data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -31
  129. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +2 -0
  130. data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +1 -1
  131. data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +3 -1
  132. data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +1 -1
  133. data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1 -1
  134. data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +1 -1
  135. data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +1 -1
  136. data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +0 -14
  137. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +6 -1
  138. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json +8 -0
  139. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +1 -1
  140. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +6 -4
  141. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +1 -1
  142. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
  143. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +6 -4
  144. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +2 -2
  145. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +1 -1
  146. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +6 -4
  147. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +1 -1
  148. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +14 -6
  149. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +1 -1
  150. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +6 -4
  151. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +1 -1
  152. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +1 -1
  153. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +6 -4
  154. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +1 -1
  155. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +1 -1
  156. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +6 -4
  157. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +1 -1
  158. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +1 -1
  159. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
  160. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +1 -1
  161. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +1 -1
  162. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +1 -1
  163. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +6 -4
  164. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +1 -1
  165. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
  166. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +6 -4
  167. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +1 -1
  168. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +1 -1
  169. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +6 -4
  170. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +1 -1
  171. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +14 -6
  172. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +1 -1
  173. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +6 -4
  174. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +1 -1
  175. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +1 -1
  176. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +3 -3
  177. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +1 -1
  178. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +1 -1
  179. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +6 -4
  180. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +1 -1
  181. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +1 -1
  182. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
  183. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +1 -1
  184. data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +1 -1
  185. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +8 -0
  186. data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +8 -0
  187. data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +5 -5
  188. data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +11 -5
  189. data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +2 -2
  190. data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +9 -11
  191. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +18 -29
  192. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +1 -1
  193. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +2 -18
  194. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-text-payload.c +320 -0
  195. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +2 -17
  196. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +1 -1
  197. data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +8 -5
  198. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -10
  199. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +29 -33
  200. data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +12 -20
  201. data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +5 -20
  202. data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +5 -5
  203. data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +147 -18
  204. data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +35 -14
  205. data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +10 -10
  206. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +3 -7
  207. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +36 -24
  208. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +4 -4
  209. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +2 -2
  210. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +13 -13
  211. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +49 -55
  212. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +64 -67
  213. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +18 -18
  214. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +4 -0
  215. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +4 -3
  216. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +13 -3
  217. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +31 -13
  218. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +35 -52
  219. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +28 -1
  220. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +50 -91
  221. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +1 -1
  222. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +7 -4
  223. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +1 -1
  224. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +1 -1
  225. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +3 -5
  226. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +2 -2
  227. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +1 -1
  228. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +2 -2
  229. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +527 -225
  230. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +1 -1
  231. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +45 -56
  232. data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +12 -3
  233. data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +11 -11
  234. data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +6 -2
  235. data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +1 -1
  236. data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +1 -1
  237. data/ext/libmongocrypt/libmongocrypt/test/util/util.c +5 -5
  238. data/ext/libmongocrypt/libmongocrypt/test/util/util.h +7 -6
  239. data/lib/libmongocrypt_helper/version.rb +2 -2
  240. metadata +17 -13
  241. data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +0 -1
  242. data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +0 -50
  243. data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +0 -14
  244. data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +0 -29
  245. data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +0 -29
  246. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +0 -8
  247. data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +0 -8
  248. /data/ext/libmongocrypt/libmongocrypt/bindings/python/{build-manylinux-wheel.sh → scripts/build-manylinux-wheel.sh} +0 -0
  249. /data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/{FLE2InsertUpdatePayload-with-edges.json → FLE2InsertUpdatePayload-RangeV1.json} +0 -0
  250. /data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/{FLE2InsertUpdatePayload-with-edges-V2.json → FLE2InsertUpdatePayloadV2-RangeV1.json} +0 -0
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c CHANGED
@@ -15,6 +15,7 @@
15
15
  */
16
16
 
17
17
  #include "mc-efc-private.h"
18
+ #include "mc-fle-blob-subtype-private.h"
18
19
  #include "mc-fle2-rfds-private.h"
19
20
  #include "mc-tokens-private.h"
20
21
  #include "mongocrypt-ciphertext-private.h"
@@ -280,13 +281,13 @@ static bool _collect_key_from_marking(void *ctx, _mongocrypt_buffer_t *in, mongo
280
281
  }
281
282
 
282
283
  if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ID) {
283
- res = _mongocrypt_key_broker_request_id(kb, &marking.key_id);
284
+ res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle1.key_id);
284
285
  } else if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ALTNAME) {
285
- res = _mongocrypt_key_broker_request_name(kb, &marking.key_alt_name);
286
+ res = _mongocrypt_key_broker_request_name(kb, &marking.u.fle1.key_alt_name);
286
287
  } else {
287
288
  BSON_ASSERT(marking.type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
288
- res = _mongocrypt_key_broker_request_id(kb, &marking.fle2.index_key_id)
289
- && _mongocrypt_key_broker_request_id(kb, &marking.fle2.user_key_id);
289
+ res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.index_key_id)
290
+ && _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.user_key_id);
290
291
  }
291
292
 
292
293
  if (!res) {
@@ -574,7 +575,8 @@ fail_create_cmd:
574
575
  static bool _mongocrypt_fle2_insert_update_find(mc_fle_blob_subtype_t subtype) {
575
576
  return (subtype == MC_SUBTYPE_FLE2InsertUpdatePayload) || (subtype == MC_SUBTYPE_FLE2InsertUpdatePayloadV2)
576
577
  || (subtype == MC_SUBTYPE_FLE2FindEqualityPayload) || (subtype == MC_SUBTYPE_FLE2FindEqualityPayloadV2)
577
- || (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2);
578
+ || (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2)
579
+ || (subtype == MC_SUBTYPE_FLE2FindTextPayload);
578
580
  }
579
581
 
580
582
  static bool
@@ -608,7 +610,7 @@ _marking_to_bson_value(void *ctx, _mongocrypt_marking_t *marking, bson_value_t *
608
610
  } else if (!_mongocrypt_serialize_ciphertext(&ciphertext, &serialized_ciphertext)) {
609
611
  CLIENT_ERR("malformed ciphertext");
610
612
  goto fail;
611
- };
613
+ }
612
614
 
613
615
  /* ownership of serialized_ciphertext is transferred to caller. */
614
616
  out->value_type = BSON_TYPE_BINARY;
@@ -671,7 +673,6 @@ typedef struct {
671
673
  // must omit the "encryptionInformation" field when sent to mongod / mongos.
672
674
  static moe_result must_omit_encryptionInformation(const char *command_name,
673
675
  const bson_t *command,
674
- bool use_range_v2,
675
676
  const mc_EncryptedFieldConfig_t *efc,
676
677
  mongocrypt_status_t *status) {
677
678
  // eligible_commands may omit encryptionInformation if the command does not
@@ -696,12 +697,10 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
696
697
  // - Server 8.0 requires `encryptionInformation` if "range" fields are referenced. Otherwise ignores.
697
698
  // Only send `encryptionInformation` if "range" fields are present to support both server versions.
698
699
  bool uses_range_fields = false;
699
- if (use_range_v2) {
700
- for (const mc_EncryptedField_t *ef = efc->fields; ef != NULL; ef = ef->next) {
701
- if (ef->supported_queries & SUPPORTS_RANGE_QUERIES) {
702
- uses_range_fields = true;
703
- break;
704
- }
700
+ for (const mc_EncryptedField_t *ef = efc->fields; ef != NULL; ef = ef->next) {
701
+ if (ef->supported_queries & SUPPORTS_RANGE_QUERIES) {
702
+ uses_range_fields = true;
703
+ break;
705
704
  }
706
705
  }
707
706
  return (moe_result){.ok = true, .must_omit = !uses_range_fields};
@@ -818,7 +817,7 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
818
817
 
819
818
  const _mongocrypt_buffer_t *ecoct_buf = mc_ECOCToken_get(ecoct);
820
819
 
821
- if (crypt->opts.use_range_v2 && (ptr->supported_queries & SUPPORTS_RANGE_QUERIES)) {
820
+ if ((ptr->supported_queries & SUPPORTS_RANGE_QUERIES)) {
822
821
  // Append the document {ecoc: <ECOCToken>, anchorPaddingToken: <AnchorPaddingTokenRoot>}
823
822
  esct = mc_ESCToken_new(crypto, cl1t, status);
824
823
  if (!esct) {
@@ -1061,7 +1060,7 @@ static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name,
1061
1060
  } else {
1062
1061
  // Check strEncodeVersion for match against EFC
1063
1062
  if (!BSON_ITER_HOLDS_INT32(&sev_iter)) {
1064
- CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter));
1063
+ CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", (int)bson_iter_type(&sev_iter));
1065
1064
  return false;
1066
1065
  }
1067
1066
  int32_t version = bson_iter_int32(&sev_iter);
@@ -1139,11 +1138,7 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
1139
1138
  const mc_EncryptedFieldConfig_t *target_efc =
1140
1139
  mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, NULL);
1141
1140
 
1142
- moe_result result = must_omit_encryptionInformation(command_name,
1143
- &converted,
1144
- ctx->crypt->opts.use_range_v2,
1145
- target_efc,
1146
- ctx->status);
1141
+ moe_result result = must_omit_encryptionInformation(command_name, &converted, target_efc, ctx->status);
1147
1142
  if (!result.ok) {
1148
1143
  bson_destroy(&converted);
1149
1144
  return _mongocrypt_ctx_fail(ctx);
@@ -1311,29 +1306,25 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
1311
1306
  if (ctx->opts.query_type.set) {
1312
1307
  switch (ctx->opts.query_type.value) {
1313
1308
  case MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED:
1314
- if (ctx->crypt->opts.use_range_v2) {
1315
- _mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview query type with Range V2");
1316
- goto fail;
1317
- }
1309
+ _mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview query type with Range V2");
1310
+ goto fail;
1318
1311
  // fallthrough
1319
1312
  case MONGOCRYPT_QUERY_TYPE_RANGE:
1320
- case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
1313
+ case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
1321
1314
  default: _mongocrypt_ctx_fail_w_msg(ctx, "Invalid value for EncryptOpts.queryType"); goto fail;
1322
1315
  }
1323
1316
  } else {
1324
- marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
1317
+ marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
1325
1318
  }
1326
1319
 
1327
1320
  switch (ctx->opts.index_type.value) {
1328
- case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
1329
- case MONGOCRYPT_INDEX_TYPE_NONE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
1321
+ case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
1322
+ case MONGOCRYPT_INDEX_TYPE_NONE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
1330
1323
  case MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED:
1331
- if (ctx->crypt->opts.use_range_v2) {
1332
- _mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview index type with Range V2");
1333
- goto fail;
1334
- }
1324
+ _mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview index type with Range V2");
1325
+ goto fail;
1335
1326
  // fallthrough
1336
- case MONGOCRYPT_INDEX_TYPE_RANGE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
1327
+ case MONGOCRYPT_INDEX_TYPE_RANGE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
1337
1328
  default:
1338
1329
  // This might be unreachable because of other validation. Better safe than
1339
1330
  // sorry.
@@ -1354,21 +1345,17 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
1354
1345
 
1355
1346
  // RangeOpts with query_type is handled above.
1356
1347
  BSON_ASSERT(!ctx->opts.query_type.set);
1357
- if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value,
1358
- &old_v,
1359
- &new_v,
1360
- ctx->crypt->opts.use_range_v2,
1361
- ctx->status)) {
1348
+ if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value, &old_v, &new_v, ctx->status)) {
1362
1349
  _mongocrypt_ctx_fail(ctx);
1363
1350
  goto fail;
1364
1351
  }
1365
1352
 
1366
- if (!bson_iter_init_find(&marking.v_iter, &new_v, "v")) {
1353
+ if (!bson_iter_init_find(&marking.u.fle1.v_iter, &new_v, "v")) {
1367
1354
  _mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
1368
1355
  goto fail;
1369
1356
  }
1370
1357
 
1371
- marking.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
1358
+ marking.u.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
1372
1359
 
1373
1360
  } else {
1374
1361
  bson_t as_bson;
@@ -1379,21 +1366,21 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
1379
1366
  goto fail;
1380
1367
  }
1381
1368
 
1382
- if (!bson_iter_init_find(&marking.v_iter, &as_bson, "v")) {
1369
+ if (!bson_iter_init_find(&marking.u.fle1.v_iter, &as_bson, "v")) {
1383
1370
  _mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
1384
1371
  goto fail;
1385
1372
  }
1386
1373
  }
1387
1374
 
1388
- _mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.user_key_id);
1375
+ _mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.user_key_id);
1389
1376
  if (!_mongocrypt_buffer_empty(&ctx->opts.index_key_id)) {
1390
- _mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.fle2.index_key_id);
1377
+ _mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.u.fle2.index_key_id);
1391
1378
  } else {
1392
- _mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.index_key_id);
1379
+ _mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.index_key_id);
1393
1380
  }
1394
1381
 
1395
1382
  if (ctx->opts.contention_factor.set) {
1396
- marking.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
1383
+ marking.u.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
1397
1384
  } else if (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY) {
1398
1385
  _mongocrypt_ctx_fail_w_msg(ctx, "contention factor required for indexed algorithm");
1399
1386
  goto fail;
@@ -1494,11 +1481,11 @@ static bool _finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
1494
1481
  return _mongocrypt_ctx_fail_w_msg(ctx, "invalid msg, must contain 'v'");
1495
1482
  }
1496
1483
 
1497
- memcpy(&marking.v_iter, &iter, sizeof(bson_iter_t));
1498
- marking.algorithm = ctx->opts.algorithm;
1499
- _mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.key_id);
1484
+ memcpy(&marking.u.fle1.v_iter, &iter, sizeof(bson_iter_t));
1485
+ marking.u.fle1.algorithm = ctx->opts.algorithm;
1486
+ _mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.u.fle1.key_id);
1500
1487
  if (ctx->opts.key_alt_names) {
1501
- bson_value_copy(&ctx->opts.key_alt_names->value, &marking.key_alt_name);
1488
+ bson_value_copy(&ctx->opts.key_alt_names->value, &marking.u.fle1.key_alt_name);
1502
1489
  marking.type = MONGOCRYPT_MARKING_FLE1_BY_ALTNAME;
1503
1490
  }
1504
1491
 
@@ -1901,7 +1888,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
1901
1888
  matches = (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY);
1902
1889
  break;
1903
1890
  default:
1904
- CLIENT_ERR("unsupported value for query_type: %d", ctx->opts.query_type.value);
1891
+ CLIENT_ERR("unsupported value for query_type: %d", (int)ctx->opts.query_type.value);
1905
1892
  return _mongocrypt_ctx_fail(ctx);
1906
1893
  }
1907
1894
 
@@ -2238,10 +2225,16 @@ static bool needs_ismaster_check(mongocrypt_ctx_t *ctx) {
2238
2225
 
2239
2226
  // `find_collections_in_pipeline` finds other collection names in an aggregate pipeline that may need schemas.
2240
2227
  static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
2241
- bson_iter_t pipeline_iter,
2228
+ bson_iter_t *pipeline_iter_ptr,
2242
2229
  const char *db,
2243
2230
  mstr_view path,
2244
2231
  mongocrypt_status_t *status) {
2232
+ BSON_ASSERT_PARAM(sb);
2233
+ BSON_ASSERT_PARAM(pipeline_iter_ptr);
2234
+ BSON_ASSERT_PARAM(db);
2235
+
2236
+ bson_iter_t pipeline_iter = *pipeline_iter_ptr; // Operate on a copy.
2237
+
2245
2238
  bson_iter_t array_iter;
2246
2239
  if (!BSON_ITER_HOLDS_ARRAY(&pipeline_iter) || !bson_iter_recurse(&pipeline_iter, &array_iter)) {
2247
2240
  CLIENT_ERR("failed to recurse pipeline at path: %s", path.data);
@@ -2287,7 +2280,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
2287
2280
  mstr subpath = mstr_append(path, mstrv_lit("."));
2288
2281
  mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
2289
2282
  mstr_inplace_append(&subpath, mstrv_lit(".$lookup.pipeline"));
2290
- if (!find_collections_in_pipeline(sb, lookup_iter, db, subpath.view, status)) {
2283
+ if (!find_collections_in_pipeline(sb, &lookup_iter, db, subpath.view, status)) {
2291
2284
  mstr_free(subpath);
2292
2285
  return false;
2293
2286
  }
@@ -2310,7 +2303,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
2310
2303
  mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
2311
2304
  mstr_inplace_append(&subpath, mstrv_lit(".$facet."));
2312
2305
  mstr_inplace_append(&subpath, mstrv_view_cstr(field));
2313
- if (!find_collections_in_pipeline(sb, facet_iter, db, subpath.view, status)) {
2306
+ if (!find_collections_in_pipeline(sb, &facet_iter, db, subpath.view, status)) {
2314
2307
  mstr_free(subpath);
2315
2308
  return false;
2316
2309
  }
@@ -2346,7 +2339,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
2346
2339
  mstr subpath = mstr_append(path, mstrv_lit("."));
2347
2340
  mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
2348
2341
  mstr_inplace_append(&subpath, mstrv_lit(".$unionWith.pipeline"));
2349
- if (!find_collections_in_pipeline(sb, unionWith_iter, db, subpath.view, status)) {
2342
+ if (!find_collections_in_pipeline(sb, &unionWith_iter, db, subpath.view, status)) {
2350
2343
  mstr_free(subpath);
2351
2344
  return false;
2352
2345
  }
@@ -2373,7 +2366,7 @@ find_collections_in_agg(mongocrypt_binary_t *cmd, mc_schema_broker_t *sb, const
2373
2366
  return true;
2374
2367
  }
2375
2368
 
2376
- return find_collections_in_pipeline(sb, iter, db, mstrv_lit("aggregate.pipeline"), status);
2369
+ return find_collections_in_pipeline(sb, &iter, db, mstrv_lit("aggregate.pipeline"), status);
2377
2370
  }
2378
2371
 
2379
2372
  bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t db_len, mongocrypt_binary_t *cmd) {
@@ -2409,9 +2402,6 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
2409
2402
  ctx->vtable.cleanup = _cleanup;
2410
2403
  ectx->bypass_query_analysis = ctx->crypt->opts.bypass_query_analysis;
2411
2404
  ectx->sb = mc_schema_broker_new();
2412
- if (ctx->crypt->opts.use_range_v2) {
2413
- mc_schema_broker_use_rangev2(ectx->sb);
2414
- }
2415
2405
 
2416
2406
  if (!cmd || !cmd->data) {
2417
2407
  return _mongocrypt_ctx_fail_w_msg(ctx, "invalid command");
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c CHANGED
@@ -136,6 +136,18 @@ static mongocrypt_kms_ctx_t *_next_kms_ctx_encrypt(mongocrypt_ctx_t *ctx) {
136
136
  mongocrypt_ctx_t *dkctx = NULL;
137
137
 
138
138
  BSON_ASSERT_PARAM(ctx);
139
+ /* Check if any need retry */
140
+ {
141
+ _mongocrypt_ctx_rmd_datakey_t *it = rmdctx->datakeys;
142
+ while (it != NULL) {
143
+ _mongocrypt_ctx_datakey_t *dkctx = (_mongocrypt_ctx_datakey_t *)it->dkctx;
144
+ if (dkctx->kms.should_retry) {
145
+ dkctx->kms.should_retry = false; // Reset retry state.
146
+ return &dkctx->kms;
147
+ }
148
+ it = it->next;
149
+ }
150
+ }
139
151
 
140
152
  /* No more datakey contexts requiring KMS. */
141
153
  if (!rmdctx->datakeys_iter) {
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c CHANGED
@@ -262,12 +262,8 @@ bool mongocrypt_ctx_setopt_algorithm(mongocrypt_ctx_t *ctx, const char *algorith
262
262
  ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGE;
263
263
  ctx->opts.index_type.set = true;
264
264
  } else if (mstr_eq_ignore_case(algo_str, mstrv_lit(MONGOCRYPT_ALGORITHM_RANGEPREVIEW_DEPRECATED_STR))) {
265
- if (ctx->crypt->opts.use_range_v2) {
266
- _mongocrypt_ctx_fail_w_msg(ctx, "Algorithm 'rangePreview' is deprecated, please use 'range'");
267
- return false;
268
- }
269
- ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED;
270
- ctx->opts.index_type.set = true;
265
+ _mongocrypt_ctx_fail_w_msg(ctx, "Algorithm 'rangePreview' is deprecated, please use 'range'");
266
+ return false;
271
267
  } else {
272
268
  char *error = bson_strdup_printf("unsupported algorithm string \"%.*s\"",
273
269
  algo_str.len <= (size_t)INT_MAX ? (int)algo_str.len : INT_MAX,
@@ -1068,12 +1064,8 @@ bool mongocrypt_ctx_setopt_query_type(mongocrypt_ctx_t *ctx, const char *query_t
1068
1064
  ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGE;
1069
1065
  ctx->opts.query_type.set = true;
1070
1066
  } else if (mstr_eq_ignore_case(qt_str, mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR))) {
1071
- if (ctx->crypt->opts.use_range_v2) {
1072
- _mongocrypt_ctx_fail_w_msg(ctx, "Query type 'rangePreview' is deprecated, please use 'range'");
1073
- return false;
1074
- }
1075
- ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED;
1076
- ctx->opts.query_type.set = true;
1067
+ _mongocrypt_ctx_fail_w_msg(ctx, "Query type 'rangePreview' is deprecated, please use 'range'");
1068
+ return false;
1077
1069
  } else {
1078
1070
  /* don't check if qt_str.len fits in int; we want the diagnostic output */
1079
1071
  char *error = bson_strdup_printf("Unsupported query_type \"%.*s\"",
@@ -1128,7 +1120,7 @@ bool mongocrypt_ctx_setopt_algorithm_range(mongocrypt_ctx_t *ctx, mongocrypt_bin
1128
1120
  return _mongocrypt_ctx_fail_w_msg(ctx, "invalid BSON");
1129
1121
  }
1130
1122
 
1131
- if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->crypt->opts.use_range_v2, ctx->status)) {
1123
+ if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->status)) {
1132
1124
  return _mongocrypt_ctx_fail(ctx);
1133
1125
  }
1134
1126
 
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h CHANGED
@@ -6,9 +6,9 @@
6
6
 
7
7
  #include <stdlib.h>
8
8
 
9
- #if _WIN32
9
+ #if defined(_WIN32)
10
10
  #define MCR_DLL_SUFFIX ".dll"
11
- #elif __APPLE__
11
+ #elif defined(__APPLE__)
12
12
  #define MCR_DLL_SUFFIX ".dylib"
13
13
  #else
14
14
  #define MCR_DLL_SUFFIX ".so"
@@ -54,6 +54,23 @@ static inline void mcr_dll_close(mcr_dll dll) {
54
54
  mstr_free(dll.error_string);
55
55
  }
56
56
 
57
+ // All currently supported platforms require casting to/from `void*` for dynamically loaded function symbols by
58
+ // necessity despite being undefined behavior according to the C standard specification.
59
+ #if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
60
+ // GCC requires silencing `-Wpedantic` for this cast.
61
+ #define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE \
62
+ _Pragma("GCC diagnostic push") _Pragma("GCC diagnostic ignored \"-Wpedantic\"")
63
+ #define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE _Pragma("GCC diagnostic pop")
64
+ #elif defined(__clang__)
65
+ #define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE \
66
+ _Pragma("clang diagnostic push") _Pragma("clang diagnostic ignored \"-Wunknown-warning-option\"") \
67
+ _Pragma("clang diagnostic ignored \"-Wcast-function-type-strict\"")
68
+ #define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE _Pragma("clang diagnostic pop")
69
+ #else
70
+ #define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE
71
+ #define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE
72
+ #endif
73
+
57
74
  /**
58
75
  * @brief Obtain a pointer to an exported entity from the given dynamic library.
59
76
  *
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c CHANGED
@@ -24,11 +24,11 @@ typedef struct _auth_request_t {
24
24
  char *kmsid;
25
25
  } auth_request_t;
26
26
 
27
- auth_request_t *auth_request_new() {
27
+ static auth_request_t *auth_request_new(void) {
28
28
  return bson_malloc0(sizeof(auth_request_t));
29
29
  }
30
30
 
31
- void auth_request_destroy(auth_request_t *ar) {
31
+ static void auth_request_destroy(auth_request_t *ar) {
32
32
  if (!ar) {
33
33
  return;
34
34
  }
@@ -41,13 +41,13 @@ struct _mc_mapof_kmsid_to_authrequest_t {
41
41
  mc_array_t entries;
42
42
  };
43
43
 
44
- mc_mapof_kmsid_to_authrequest_t *mc_mapof_kmsid_to_authrequest_new(void) {
44
+ static mc_mapof_kmsid_to_authrequest_t *mc_mapof_kmsid_to_authrequest_new(void) {
45
45
  mc_mapof_kmsid_to_authrequest_t *k2a = bson_malloc0(sizeof(mc_mapof_kmsid_to_authrequest_t));
46
46
  _mc_array_init(&k2a->entries, sizeof(auth_request_t *));
47
47
  return k2a;
48
48
  }
49
49
 
50
- void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a) {
50
+ static void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a) {
51
51
  if (!k2a) {
52
52
  return;
53
53
  }
@@ -59,7 +59,7 @@ void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a)
59
59
  bson_free(k2a);
60
60
  }
61
61
 
62
- bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2a, const char *kmsid) {
62
+ static bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2a, const char *kmsid) {
63
63
  BSON_ASSERT_PARAM(k2a);
64
64
  BSON_ASSERT_PARAM(kmsid);
65
65
  for (size_t i = 0; i < k2a->entries.len; i++) {
@@ -71,25 +71,25 @@ bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2
71
71
  return false;
72
72
  }
73
73
 
74
- size_t mc_mapof_kmsid_to_authrequest_len(const mc_mapof_kmsid_to_authrequest_t *k2a) {
74
+ static size_t mc_mapof_kmsid_to_authrequest_len(const mc_mapof_kmsid_to_authrequest_t *k2a) {
75
75
  BSON_ASSERT_PARAM(k2a);
76
76
  return k2a->entries.len;
77
77
  }
78
78
 
79
- bool mc_mapof_kmsid_to_authrequest_empty(const mc_mapof_kmsid_to_authrequest_t *k2a) {
79
+ static bool mc_mapof_kmsid_to_authrequest_empty(const mc_mapof_kmsid_to_authrequest_t *k2a) {
80
80
  BSON_ASSERT_PARAM(k2a);
81
81
  return k2a->entries.len == 0;
82
82
  }
83
83
 
84
84
  // `mc_mapof_kmsid_to_authrequest_put` moves `to_put` into the map and takes ownership of `to_put`.
85
85
  // No checking is done to prohibit duplicate entries.
86
- void mc_mapof_kmsid_to_authrequest_put(mc_mapof_kmsid_to_authrequest_t *k2a, auth_request_t *to_put) {
86
+ static void mc_mapof_kmsid_to_authrequest_put(mc_mapof_kmsid_to_authrequest_t *k2a, auth_request_t *to_put) {
87
87
  BSON_ASSERT_PARAM(k2a);
88
88
 
89
89
  _mc_array_append_val(&k2a->entries, to_put);
90
90
  }
91
91
 
92
- auth_request_t *mc_mapof_kmsid_to_authrequest_at(mc_mapof_kmsid_to_authrequest_t *k2a, size_t i) {
92
+ static auth_request_t *mc_mapof_kmsid_to_authrequest_at(mc_mapof_kmsid_to_authrequest_t *k2a, size_t i) {
93
93
  BSON_ASSERT_PARAM(k2a);
94
94
 
95
95
  return _mc_array_index(&k2a->entries, auth_request_t *, i);
data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h CHANGED
@@ -39,10 +39,10 @@ typedef struct {
39
39
 
40
40
  _mongocrypt_buffer_t key_id;
41
41
  bson_value_t key_alt_name;
42
- };
42
+ } fle1;
43
43
 
44
44
  mc_FLE2EncryptionPlaceholder_t fle2;
45
- };
45
+ } u;
46
46
  } _mongocrypt_marking_t;
47
47
 
48
48
  // `_mongocrypt_marking_t` inherits extended alignment from libbson. To dynamically allocate, use aligned allocation
@@ -67,7 +67,6 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
67
67
 
68
68
  mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *findSpec,
69
69
  size_t sparsity,
70
- mongocrypt_status_t *status,
71
- bool use_range_v2) MONGOCRYPT_WARN_UNUSED_RESULT;
70
+ mongocrypt_status_t *status) MONGOCRYPT_WARN_UNUSED_RESULT;
72
71
 
73
72
  #endif /* MONGOCRYPT_MARKING_PRIVATE_H */