libmongocrypt-helper 1.13.2.0.1001 → 1.14.0.0.1001
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +8 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +5 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +4 -1
- data/ext/libmongocrypt/libmongocrypt/Earthfile +18 -17
- data/ext/libmongocrypt/libmongocrypt/README.md +8 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +7 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md +34 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +18 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +9 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +14 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh} +9 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py} +16 -9
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh +8 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update-version.sh +27 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update_binding.py +78 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +15 -0
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +25 -18
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +39 -13
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.c +5 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_azure_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +1 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_opt.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -8
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.h +9 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.c +7 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +8 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +5 -4
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_request.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response.c +3 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response_parser.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +39 -39
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +235 -65
- data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +1 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +9 -11
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +1 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +10 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +167 -176
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +6 -17
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +6 -17
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +25 -26
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload-private.h +122 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload.c +477 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +1 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +28 -43
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +6 -17
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +6 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +7 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +4 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils-private.h +27 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils.c +48 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +15 -20
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +4 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +9 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +4 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +5 -9
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +14 -19
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +2 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +109 -119
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +0 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +4 -14
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +8 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +78 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +34 -16
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +66 -74
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +12 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +2 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +65 -58
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +4 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +29 -25
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +6 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +48 -58
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +12 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +5 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +19 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +9 -9
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +3 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +285 -89
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +4 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +47 -31
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +2 -0
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +6 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +11 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +9 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +18 -29
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +2 -18
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-text-payload.c +320 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +2 -17
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +8 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +6 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +29 -33
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +12 -20
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +5 -20
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +147 -18
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +35 -14
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +10 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +3 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +36 -24
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +13 -13
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +49 -55
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +64 -67
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +18 -18
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +4 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +13 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +31 -13
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +35 -52
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +28 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +50 -91
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +3 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +527 -225
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +45 -56
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +12 -3
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +6 -2
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/util/util.h +7 -6
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +17 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EqualityIndexedValueV2.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2RangeIndexedValueV2.json +0 -8
- /data/ext/libmongocrypt/libmongocrypt/bindings/python/{build-manylinux-wheel.sh → scripts/build-manylinux-wheel.sh} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/{FLE2InsertUpdatePayload-with-edges.json → FLE2InsertUpdatePayload-RangeV1.json} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/{FLE2InsertUpdatePayload-with-edges-V2.json → FLE2InsertUpdatePayloadV2-RangeV1.json} +0 -0
@@ -15,6 +15,7 @@
|
|
15
15
|
*/
|
16
16
|
|
17
17
|
#include "mc-efc-private.h"
|
18
|
+
#include "mc-fle-blob-subtype-private.h"
|
18
19
|
#include "mc-fle2-rfds-private.h"
|
19
20
|
#include "mc-tokens-private.h"
|
20
21
|
#include "mongocrypt-ciphertext-private.h"
|
@@ -280,13 +281,13 @@ static bool _collect_key_from_marking(void *ctx, _mongocrypt_buffer_t *in, mongo
|
|
280
281
|
}
|
281
282
|
|
282
283
|
if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ID) {
|
283
|
-
res = _mongocrypt_key_broker_request_id(kb, &marking.key_id);
|
284
|
+
res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle1.key_id);
|
284
285
|
} else if (marking.type == MONGOCRYPT_MARKING_FLE1_BY_ALTNAME) {
|
285
|
-
res = _mongocrypt_key_broker_request_name(kb, &marking.key_alt_name);
|
286
|
+
res = _mongocrypt_key_broker_request_name(kb, &marking.u.fle1.key_alt_name);
|
286
287
|
} else {
|
287
288
|
BSON_ASSERT(marking.type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
288
|
-
res = _mongocrypt_key_broker_request_id(kb, &marking.fle2.index_key_id)
|
289
|
-
&& _mongocrypt_key_broker_request_id(kb, &marking.fle2.user_key_id);
|
289
|
+
res = _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.index_key_id)
|
290
|
+
&& _mongocrypt_key_broker_request_id(kb, &marking.u.fle2.user_key_id);
|
290
291
|
}
|
291
292
|
|
292
293
|
if (!res) {
|
@@ -574,7 +575,8 @@ fail_create_cmd:
|
|
574
575
|
static bool _mongocrypt_fle2_insert_update_find(mc_fle_blob_subtype_t subtype) {
|
575
576
|
return (subtype == MC_SUBTYPE_FLE2InsertUpdatePayload) || (subtype == MC_SUBTYPE_FLE2InsertUpdatePayloadV2)
|
576
577
|
|| (subtype == MC_SUBTYPE_FLE2FindEqualityPayload) || (subtype == MC_SUBTYPE_FLE2FindEqualityPayloadV2)
|
577
|
-
|| (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2)
|
578
|
+
|| (subtype == MC_SUBTYPE_FLE2FindRangePayload) || (subtype == MC_SUBTYPE_FLE2FindRangePayloadV2)
|
579
|
+
|| (subtype == MC_SUBTYPE_FLE2FindTextPayload);
|
578
580
|
}
|
579
581
|
|
580
582
|
static bool
|
@@ -608,7 +610,7 @@ _marking_to_bson_value(void *ctx, _mongocrypt_marking_t *marking, bson_value_t *
|
|
608
610
|
} else if (!_mongocrypt_serialize_ciphertext(&ciphertext, &serialized_ciphertext)) {
|
609
611
|
CLIENT_ERR("malformed ciphertext");
|
610
612
|
goto fail;
|
611
|
-
}
|
613
|
+
}
|
612
614
|
|
613
615
|
/* ownership of serialized_ciphertext is transferred to caller. */
|
614
616
|
out->value_type = BSON_TYPE_BINARY;
|
@@ -671,7 +673,6 @@ typedef struct {
|
|
671
673
|
// must omit the "encryptionInformation" field when sent to mongod / mongos.
|
672
674
|
static moe_result must_omit_encryptionInformation(const char *command_name,
|
673
675
|
const bson_t *command,
|
674
|
-
bool use_range_v2,
|
675
676
|
const mc_EncryptedFieldConfig_t *efc,
|
676
677
|
mongocrypt_status_t *status) {
|
677
678
|
// eligible_commands may omit encryptionInformation if the command does not
|
@@ -696,12 +697,10 @@ static moe_result must_omit_encryptionInformation(const char *command_name,
|
|
696
697
|
// - Server 8.0 requires `encryptionInformation` if "range" fields are referenced. Otherwise ignores.
|
697
698
|
// Only send `encryptionInformation` if "range" fields are present to support both server versions.
|
698
699
|
bool uses_range_fields = false;
|
699
|
-
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
break;
|
704
|
-
}
|
700
|
+
for (const mc_EncryptedField_t *ef = efc->fields; ef != NULL; ef = ef->next) {
|
701
|
+
if (ef->supported_queries & SUPPORTS_RANGE_QUERIES) {
|
702
|
+
uses_range_fields = true;
|
703
|
+
break;
|
705
704
|
}
|
706
705
|
}
|
707
706
|
return (moe_result){.ok = true, .must_omit = !uses_range_fields};
|
@@ -818,7 +817,7 @@ static bool _fle2_append_compactionTokens(mongocrypt_t *crypt,
|
|
818
817
|
|
819
818
|
const _mongocrypt_buffer_t *ecoct_buf = mc_ECOCToken_get(ecoct);
|
820
819
|
|
821
|
-
if (
|
820
|
+
if ((ptr->supported_queries & SUPPORTS_RANGE_QUERIES)) {
|
822
821
|
// Append the document {ecoc: <ECOCToken>, anchorPaddingToken: <AnchorPaddingTokenRoot>}
|
823
822
|
esct = mc_ESCToken_new(crypto, cl1t, status);
|
824
823
|
if (!esct) {
|
@@ -1061,7 +1060,7 @@ static bool _fle2_fixup_encryptedFields_strEncodeVersion(const char *cmd_name,
|
|
1061
1060
|
} else {
|
1062
1061
|
// Check strEncodeVersion for match against EFC
|
1063
1062
|
if (!BSON_ITER_HOLDS_INT32(&sev_iter)) {
|
1064
|
-
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", bson_iter_type(&sev_iter));
|
1063
|
+
CLIENT_ERR("expected 'strEncodeVersion' to be type int32, got: %d", (int)bson_iter_type(&sev_iter));
|
1065
1064
|
return false;
|
1066
1065
|
}
|
1067
1066
|
int32_t version = bson_iter_int32(&sev_iter);
|
@@ -1139,11 +1138,7 @@ static bool _fle2_finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
1139
1138
|
const mc_EncryptedFieldConfig_t *target_efc =
|
1140
1139
|
mc_schema_broker_get_encryptedFields(ectx->sb, ectx->target_coll, NULL);
|
1141
1140
|
|
1142
|
-
moe_result result = must_omit_encryptionInformation(command_name,
|
1143
|
-
&converted,
|
1144
|
-
ctx->crypt->opts.use_range_v2,
|
1145
|
-
target_efc,
|
1146
|
-
ctx->status);
|
1141
|
+
moe_result result = must_omit_encryptionInformation(command_name, &converted, target_efc, ctx->status);
|
1147
1142
|
if (!result.ok) {
|
1148
1143
|
bson_destroy(&converted);
|
1149
1144
|
return _mongocrypt_ctx_fail(ctx);
|
@@ -1311,29 +1306,25 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
1311
1306
|
if (ctx->opts.query_type.set) {
|
1312
1307
|
switch (ctx->opts.query_type.value) {
|
1313
1308
|
case MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED:
|
1314
|
-
|
1315
|
-
|
1316
|
-
goto fail;
|
1317
|
-
}
|
1309
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview query type with Range V2");
|
1310
|
+
goto fail;
|
1318
1311
|
// fallthrough
|
1319
1312
|
case MONGOCRYPT_QUERY_TYPE_RANGE:
|
1320
|
-
case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
|
1313
|
+
case MONGOCRYPT_QUERY_TYPE_EQUALITY: marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND; break;
|
1321
1314
|
default: _mongocrypt_ctx_fail_w_msg(ctx, "Invalid value for EncryptOpts.queryType"); goto fail;
|
1322
1315
|
}
|
1323
1316
|
} else {
|
1324
|
-
marking.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
|
1317
|
+
marking.u.fle2.type = MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT;
|
1325
1318
|
}
|
1326
1319
|
|
1327
1320
|
switch (ctx->opts.index_type.value) {
|
1328
|
-
case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
|
1329
|
-
case MONGOCRYPT_INDEX_TYPE_NONE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
|
1321
|
+
case MONGOCRYPT_INDEX_TYPE_EQUALITY: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_EQUALITY; break;
|
1322
|
+
case MONGOCRYPT_INDEX_TYPE_NONE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED; break;
|
1330
1323
|
case MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED:
|
1331
|
-
|
1332
|
-
|
1333
|
-
goto fail;
|
1334
|
-
}
|
1324
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Cannot use rangePreview index type with Range V2");
|
1325
|
+
goto fail;
|
1335
1326
|
// fallthrough
|
1336
|
-
case MONGOCRYPT_INDEX_TYPE_RANGE: marking.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
|
1327
|
+
case MONGOCRYPT_INDEX_TYPE_RANGE: marking.u.fle2.algorithm = MONGOCRYPT_FLE2_ALGORITHM_RANGE; break;
|
1337
1328
|
default:
|
1338
1329
|
// This might be unreachable because of other validation. Better safe than
|
1339
1330
|
// sorry.
|
@@ -1354,21 +1345,17 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
1354
1345
|
|
1355
1346
|
// RangeOpts with query_type is handled above.
|
1356
1347
|
BSON_ASSERT(!ctx->opts.query_type.set);
|
1357
|
-
if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value,
|
1358
|
-
&old_v,
|
1359
|
-
&new_v,
|
1360
|
-
ctx->crypt->opts.use_range_v2,
|
1361
|
-
ctx->status)) {
|
1348
|
+
if (!mc_RangeOpts_to_FLE2RangeInsertSpec(&ctx->opts.rangeopts.value, &old_v, &new_v, ctx->status)) {
|
1362
1349
|
_mongocrypt_ctx_fail(ctx);
|
1363
1350
|
goto fail;
|
1364
1351
|
}
|
1365
1352
|
|
1366
|
-
if (!bson_iter_init_find(&marking.v_iter, &new_v, "v")) {
|
1353
|
+
if (!bson_iter_init_find(&marking.u.fle1.v_iter, &new_v, "v")) {
|
1367
1354
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
|
1368
1355
|
goto fail;
|
1369
1356
|
}
|
1370
1357
|
|
1371
|
-
marking.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
|
1358
|
+
marking.u.fle2.sparsity = ctx->opts.rangeopts.value.sparsity;
|
1372
1359
|
|
1373
1360
|
} else {
|
1374
1361
|
bson_t as_bson;
|
@@ -1379,21 +1366,21 @@ static bool _fle2_finalize_explicit(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *
|
|
1379
1366
|
goto fail;
|
1380
1367
|
}
|
1381
1368
|
|
1382
|
-
if (!bson_iter_init_find(&marking.v_iter, &as_bson, "v")) {
|
1369
|
+
if (!bson_iter_init_find(&marking.u.fle1.v_iter, &as_bson, "v")) {
|
1383
1370
|
_mongocrypt_ctx_fail_w_msg(ctx, "invalid input BSON, must contain 'v'");
|
1384
1371
|
goto fail;
|
1385
1372
|
}
|
1386
1373
|
}
|
1387
1374
|
|
1388
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.user_key_id);
|
1375
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.user_key_id);
|
1389
1376
|
if (!_mongocrypt_buffer_empty(&ctx->opts.index_key_id)) {
|
1390
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.fle2.index_key_id);
|
1377
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.index_key_id, &marking.u.fle2.index_key_id);
|
1391
1378
|
} else {
|
1392
|
-
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.fle2.index_key_id);
|
1379
|
+
_mongocrypt_buffer_copy_to(&ctx->opts.key_id, &marking.u.fle2.index_key_id);
|
1393
1380
|
}
|
1394
1381
|
|
1395
1382
|
if (ctx->opts.contention_factor.set) {
|
1396
|
-
marking.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
|
1383
|
+
marking.u.fle2.maxContentionFactor = ctx->opts.contention_factor.value;
|
1397
1384
|
} else if (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY) {
|
1398
1385
|
_mongocrypt_ctx_fail_w_msg(ctx, "contention factor required for indexed algorithm");
|
1399
1386
|
goto fail;
|
@@ -1494,11 +1481,11 @@ static bool _finalize(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *out) {
|
|
1494
1481
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid msg, must contain 'v'");
|
1495
1482
|
}
|
1496
1483
|
|
1497
|
-
memcpy(&marking.v_iter, &iter, sizeof(bson_iter_t));
|
1498
|
-
marking.algorithm = ctx->opts.algorithm;
|
1499
|
-
_mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.key_id);
|
1484
|
+
memcpy(&marking.u.fle1.v_iter, &iter, sizeof(bson_iter_t));
|
1485
|
+
marking.u.fle1.algorithm = ctx->opts.algorithm;
|
1486
|
+
_mongocrypt_buffer_set_to(&ctx->opts.key_id, &marking.u.fle1.key_id);
|
1500
1487
|
if (ctx->opts.key_alt_names) {
|
1501
|
-
bson_value_copy(&ctx->opts.key_alt_names->value, &marking.key_alt_name);
|
1488
|
+
bson_value_copy(&ctx->opts.key_alt_names->value, &marking.u.fle1.key_alt_name);
|
1502
1489
|
marking.type = MONGOCRYPT_MARKING_FLE1_BY_ALTNAME;
|
1503
1490
|
}
|
1504
1491
|
|
@@ -1901,7 +1888,7 @@ static bool explicit_encrypt_init(mongocrypt_ctx_t *ctx, mongocrypt_binary_t *ms
|
|
1901
1888
|
matches = (ctx->opts.index_type.value == MONGOCRYPT_INDEX_TYPE_EQUALITY);
|
1902
1889
|
break;
|
1903
1890
|
default:
|
1904
|
-
CLIENT_ERR("unsupported value for query_type: %d", ctx->opts.query_type.value);
|
1891
|
+
CLIENT_ERR("unsupported value for query_type: %d", (int)ctx->opts.query_type.value);
|
1905
1892
|
return _mongocrypt_ctx_fail(ctx);
|
1906
1893
|
}
|
1907
1894
|
|
@@ -2238,10 +2225,16 @@ static bool needs_ismaster_check(mongocrypt_ctx_t *ctx) {
|
|
2238
2225
|
|
2239
2226
|
// `find_collections_in_pipeline` finds other collection names in an aggregate pipeline that may need schemas.
|
2240
2227
|
static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
2241
|
-
bson_iter_t
|
2228
|
+
bson_iter_t *pipeline_iter_ptr,
|
2242
2229
|
const char *db,
|
2243
2230
|
mstr_view path,
|
2244
2231
|
mongocrypt_status_t *status) {
|
2232
|
+
BSON_ASSERT_PARAM(sb);
|
2233
|
+
BSON_ASSERT_PARAM(pipeline_iter_ptr);
|
2234
|
+
BSON_ASSERT_PARAM(db);
|
2235
|
+
|
2236
|
+
bson_iter_t pipeline_iter = *pipeline_iter_ptr; // Operate on a copy.
|
2237
|
+
|
2245
2238
|
bson_iter_t array_iter;
|
2246
2239
|
if (!BSON_ITER_HOLDS_ARRAY(&pipeline_iter) || !bson_iter_recurse(&pipeline_iter, &array_iter)) {
|
2247
2240
|
CLIENT_ERR("failed to recurse pipeline at path: %s", path.data);
|
@@ -2287,7 +2280,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
|
2287
2280
|
mstr subpath = mstr_append(path, mstrv_lit("."));
|
2288
2281
|
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2289
2282
|
mstr_inplace_append(&subpath, mstrv_lit(".$lookup.pipeline"));
|
2290
|
-
if (!find_collections_in_pipeline(sb, lookup_iter, db, subpath.view, status)) {
|
2283
|
+
if (!find_collections_in_pipeline(sb, &lookup_iter, db, subpath.view, status)) {
|
2291
2284
|
mstr_free(subpath);
|
2292
2285
|
return false;
|
2293
2286
|
}
|
@@ -2310,7 +2303,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
|
2310
2303
|
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2311
2304
|
mstr_inplace_append(&subpath, mstrv_lit(".$facet."));
|
2312
2305
|
mstr_inplace_append(&subpath, mstrv_view_cstr(field));
|
2313
|
-
if (!find_collections_in_pipeline(sb, facet_iter, db, subpath.view, status)) {
|
2306
|
+
if (!find_collections_in_pipeline(sb, &facet_iter, db, subpath.view, status)) {
|
2314
2307
|
mstr_free(subpath);
|
2315
2308
|
return false;
|
2316
2309
|
}
|
@@ -2346,7 +2339,7 @@ static bool find_collections_in_pipeline(mc_schema_broker_t *sb,
|
|
2346
2339
|
mstr subpath = mstr_append(path, mstrv_lit("."));
|
2347
2340
|
mstr_inplace_append(&subpath, mstrv_view_cstr(stage_key));
|
2348
2341
|
mstr_inplace_append(&subpath, mstrv_lit(".$unionWith.pipeline"));
|
2349
|
-
if (!find_collections_in_pipeline(sb, unionWith_iter, db, subpath.view, status)) {
|
2342
|
+
if (!find_collections_in_pipeline(sb, &unionWith_iter, db, subpath.view, status)) {
|
2350
2343
|
mstr_free(subpath);
|
2351
2344
|
return false;
|
2352
2345
|
}
|
@@ -2373,7 +2366,7 @@ find_collections_in_agg(mongocrypt_binary_t *cmd, mc_schema_broker_t *sb, const
|
|
2373
2366
|
return true;
|
2374
2367
|
}
|
2375
2368
|
|
2376
|
-
return find_collections_in_pipeline(sb, iter, db, mstrv_lit("aggregate.pipeline"), status);
|
2369
|
+
return find_collections_in_pipeline(sb, &iter, db, mstrv_lit("aggregate.pipeline"), status);
|
2377
2370
|
}
|
2378
2371
|
|
2379
2372
|
bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t db_len, mongocrypt_binary_t *cmd) {
|
@@ -2409,9 +2402,6 @@ bool mongocrypt_ctx_encrypt_init(mongocrypt_ctx_t *ctx, const char *db, int32_t
|
|
2409
2402
|
ctx->vtable.cleanup = _cleanup;
|
2410
2403
|
ectx->bypass_query_analysis = ctx->crypt->opts.bypass_query_analysis;
|
2411
2404
|
ectx->sb = mc_schema_broker_new();
|
2412
|
-
if (ctx->crypt->opts.use_range_v2) {
|
2413
|
-
mc_schema_broker_use_rangev2(ectx->sb);
|
2414
|
-
}
|
2415
2405
|
|
2416
2406
|
if (!cmd || !cmd->data) {
|
2417
2407
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid command");
|
@@ -136,6 +136,18 @@ static mongocrypt_kms_ctx_t *_next_kms_ctx_encrypt(mongocrypt_ctx_t *ctx) {
|
|
136
136
|
mongocrypt_ctx_t *dkctx = NULL;
|
137
137
|
|
138
138
|
BSON_ASSERT_PARAM(ctx);
|
139
|
+
/* Check if any need retry */
|
140
|
+
{
|
141
|
+
_mongocrypt_ctx_rmd_datakey_t *it = rmdctx->datakeys;
|
142
|
+
while (it != NULL) {
|
143
|
+
_mongocrypt_ctx_datakey_t *dkctx = (_mongocrypt_ctx_datakey_t *)it->dkctx;
|
144
|
+
if (dkctx->kms.should_retry) {
|
145
|
+
dkctx->kms.should_retry = false; // Reset retry state.
|
146
|
+
return &dkctx->kms;
|
147
|
+
}
|
148
|
+
it = it->next;
|
149
|
+
}
|
150
|
+
}
|
139
151
|
|
140
152
|
/* No more datakey contexts requiring KMS. */
|
141
153
|
if (!rmdctx->datakeys_iter) {
|
@@ -262,12 +262,8 @@ bool mongocrypt_ctx_setopt_algorithm(mongocrypt_ctx_t *ctx, const char *algorith
|
|
262
262
|
ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGE;
|
263
263
|
ctx->opts.index_type.set = true;
|
264
264
|
} else if (mstr_eq_ignore_case(algo_str, mstrv_lit(MONGOCRYPT_ALGORITHM_RANGEPREVIEW_DEPRECATED_STR))) {
|
265
|
-
|
266
|
-
|
267
|
-
return false;
|
268
|
-
}
|
269
|
-
ctx->opts.index_type.value = MONGOCRYPT_INDEX_TYPE_RANGEPREVIEW_DEPRECATED;
|
270
|
-
ctx->opts.index_type.set = true;
|
265
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Algorithm 'rangePreview' is deprecated, please use 'range'");
|
266
|
+
return false;
|
271
267
|
} else {
|
272
268
|
char *error = bson_strdup_printf("unsupported algorithm string \"%.*s\"",
|
273
269
|
algo_str.len <= (size_t)INT_MAX ? (int)algo_str.len : INT_MAX,
|
@@ -1068,12 +1064,8 @@ bool mongocrypt_ctx_setopt_query_type(mongocrypt_ctx_t *ctx, const char *query_t
|
|
1068
1064
|
ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGE;
|
1069
1065
|
ctx->opts.query_type.set = true;
|
1070
1066
|
} else if (mstr_eq_ignore_case(qt_str, mstrv_lit(MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED_STR))) {
|
1071
|
-
|
1072
|
-
|
1073
|
-
return false;
|
1074
|
-
}
|
1075
|
-
ctx->opts.query_type.value = MONGOCRYPT_QUERY_TYPE_RANGEPREVIEW_DEPRECATED;
|
1076
|
-
ctx->opts.query_type.set = true;
|
1067
|
+
_mongocrypt_ctx_fail_w_msg(ctx, "Query type 'rangePreview' is deprecated, please use 'range'");
|
1068
|
+
return false;
|
1077
1069
|
} else {
|
1078
1070
|
/* don't check if qt_str.len fits in int; we want the diagnostic output */
|
1079
1071
|
char *error = bson_strdup_printf("Unsupported query_type \"%.*s\"",
|
@@ -1128,7 +1120,7 @@ bool mongocrypt_ctx_setopt_algorithm_range(mongocrypt_ctx_t *ctx, mongocrypt_bin
|
|
1128
1120
|
return _mongocrypt_ctx_fail_w_msg(ctx, "invalid BSON");
|
1129
1121
|
}
|
1130
1122
|
|
1131
|
-
if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->
|
1123
|
+
if (!mc_RangeOpts_parse(&ctx->opts.rangeopts.value, &as_bson, ctx->status)) {
|
1132
1124
|
return _mongocrypt_ctx_fail(ctx);
|
1133
1125
|
}
|
1134
1126
|
|
@@ -6,9 +6,9 @@
|
|
6
6
|
|
7
7
|
#include <stdlib.h>
|
8
8
|
|
9
|
-
#if _WIN32
|
9
|
+
#if defined(_WIN32)
|
10
10
|
#define MCR_DLL_SUFFIX ".dll"
|
11
|
-
#elif __APPLE__
|
11
|
+
#elif defined(__APPLE__)
|
12
12
|
#define MCR_DLL_SUFFIX ".dylib"
|
13
13
|
#else
|
14
14
|
#define MCR_DLL_SUFFIX ".so"
|
@@ -54,6 +54,23 @@ static inline void mcr_dll_close(mcr_dll dll) {
|
|
54
54
|
mstr_free(dll.error_string);
|
55
55
|
}
|
56
56
|
|
57
|
+
// All currently supported platforms require casting to/from `void*` for dynamically loaded function symbols by
|
58
|
+
// necessity despite being undefined behavior according to the C standard specification.
|
59
|
+
#if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
|
60
|
+
// GCC requires silencing `-Wpedantic` for this cast.
|
61
|
+
#define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE \
|
62
|
+
_Pragma("GCC diagnostic push") _Pragma("GCC diagnostic ignored \"-Wpedantic\"")
|
63
|
+
#define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE _Pragma("GCC diagnostic pop")
|
64
|
+
#elif defined(__clang__)
|
65
|
+
#define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE \
|
66
|
+
_Pragma("clang diagnostic push") _Pragma("clang diagnostic ignored \"-Wunknown-warning-option\"") \
|
67
|
+
_Pragma("clang diagnostic ignored \"-Wcast-function-type-strict\"")
|
68
|
+
#define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE _Pragma("clang diagnostic pop")
|
69
|
+
#else
|
70
|
+
#define MC_BEGIN_CAST_FUNCTION_TYPE_STRICT_IGNORE
|
71
|
+
#define MC_END_CAST_FUNCTION_TYPE_STRICT_IGNORE
|
72
|
+
#endif
|
73
|
+
|
57
74
|
/**
|
58
75
|
* @brief Obtain a pointer to an exported entity from the given dynamic library.
|
59
76
|
*
|
@@ -24,11 +24,11 @@ typedef struct _auth_request_t {
|
|
24
24
|
char *kmsid;
|
25
25
|
} auth_request_t;
|
26
26
|
|
27
|
-
auth_request_t *auth_request_new() {
|
27
|
+
static auth_request_t *auth_request_new(void) {
|
28
28
|
return bson_malloc0(sizeof(auth_request_t));
|
29
29
|
}
|
30
30
|
|
31
|
-
void auth_request_destroy(auth_request_t *ar) {
|
31
|
+
static void auth_request_destroy(auth_request_t *ar) {
|
32
32
|
if (!ar) {
|
33
33
|
return;
|
34
34
|
}
|
@@ -41,13 +41,13 @@ struct _mc_mapof_kmsid_to_authrequest_t {
|
|
41
41
|
mc_array_t entries;
|
42
42
|
};
|
43
43
|
|
44
|
-
mc_mapof_kmsid_to_authrequest_t *mc_mapof_kmsid_to_authrequest_new(void) {
|
44
|
+
static mc_mapof_kmsid_to_authrequest_t *mc_mapof_kmsid_to_authrequest_new(void) {
|
45
45
|
mc_mapof_kmsid_to_authrequest_t *k2a = bson_malloc0(sizeof(mc_mapof_kmsid_to_authrequest_t));
|
46
46
|
_mc_array_init(&k2a->entries, sizeof(auth_request_t *));
|
47
47
|
return k2a;
|
48
48
|
}
|
49
49
|
|
50
|
-
void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a) {
|
50
|
+
static void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a) {
|
51
51
|
if (!k2a) {
|
52
52
|
return;
|
53
53
|
}
|
@@ -59,7 +59,7 @@ void mc_mapof_kmsid_to_authrequest_destroy(mc_mapof_kmsid_to_authrequest_t *k2a)
|
|
59
59
|
bson_free(k2a);
|
60
60
|
}
|
61
61
|
|
62
|
-
bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2a, const char *kmsid) {
|
62
|
+
static bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2a, const char *kmsid) {
|
63
63
|
BSON_ASSERT_PARAM(k2a);
|
64
64
|
BSON_ASSERT_PARAM(kmsid);
|
65
65
|
for (size_t i = 0; i < k2a->entries.len; i++) {
|
@@ -71,25 +71,25 @@ bool mc_mapof_kmsid_to_authrequest_has(const mc_mapof_kmsid_to_authrequest_t *k2
|
|
71
71
|
return false;
|
72
72
|
}
|
73
73
|
|
74
|
-
size_t mc_mapof_kmsid_to_authrequest_len(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
74
|
+
static size_t mc_mapof_kmsid_to_authrequest_len(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
75
75
|
BSON_ASSERT_PARAM(k2a);
|
76
76
|
return k2a->entries.len;
|
77
77
|
}
|
78
78
|
|
79
|
-
bool mc_mapof_kmsid_to_authrequest_empty(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
79
|
+
static bool mc_mapof_kmsid_to_authrequest_empty(const mc_mapof_kmsid_to_authrequest_t *k2a) {
|
80
80
|
BSON_ASSERT_PARAM(k2a);
|
81
81
|
return k2a->entries.len == 0;
|
82
82
|
}
|
83
83
|
|
84
84
|
// `mc_mapof_kmsid_to_authrequest_put` moves `to_put` into the map and takes ownership of `to_put`.
|
85
85
|
// No checking is done to prohibit duplicate entries.
|
86
|
-
void mc_mapof_kmsid_to_authrequest_put(mc_mapof_kmsid_to_authrequest_t *k2a, auth_request_t *to_put) {
|
86
|
+
static void mc_mapof_kmsid_to_authrequest_put(mc_mapof_kmsid_to_authrequest_t *k2a, auth_request_t *to_put) {
|
87
87
|
BSON_ASSERT_PARAM(k2a);
|
88
88
|
|
89
89
|
_mc_array_append_val(&k2a->entries, to_put);
|
90
90
|
}
|
91
91
|
|
92
|
-
auth_request_t *mc_mapof_kmsid_to_authrequest_at(mc_mapof_kmsid_to_authrequest_t *k2a, size_t i) {
|
92
|
+
static auth_request_t *mc_mapof_kmsid_to_authrequest_at(mc_mapof_kmsid_to_authrequest_t *k2a, size_t i) {
|
93
93
|
BSON_ASSERT_PARAM(k2a);
|
94
94
|
|
95
95
|
return _mc_array_index(&k2a->entries, auth_request_t *, i);
|
@@ -39,10 +39,10 @@ typedef struct {
|
|
39
39
|
|
40
40
|
_mongocrypt_buffer_t key_id;
|
41
41
|
bson_value_t key_alt_name;
|
42
|
-
};
|
42
|
+
} fle1;
|
43
43
|
|
44
44
|
mc_FLE2EncryptionPlaceholder_t fle2;
|
45
|
-
};
|
45
|
+
} u;
|
46
46
|
} _mongocrypt_marking_t;
|
47
47
|
|
48
48
|
// `_mongocrypt_marking_t` inherits extended alignment from libbson. To dynamically allocate, use aligned allocation
|
@@ -67,7 +67,6 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
|
|
67
67
|
|
68
68
|
mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *findSpec,
|
69
69
|
size_t sparsity,
|
70
|
-
mongocrypt_status_t *status
|
71
|
-
bool use_range_v2) MONGOCRYPT_WARN_UNUSED_RESULT;
|
70
|
+
mongocrypt_status_t *status) MONGOCRYPT_WARN_UNUSED_RESULT;
|
72
71
|
|
73
72
|
#endif /* MONGOCRYPT_MARKING_PRIVATE_H */
|