libmongocrypt-helper 1.13.2.0.1001 → 1.14.0.0.1001

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c

@@ -25,80 +25,19 @@ static void _test_compact_success(_mongocrypt_tester_t *tester) {
     strcpy(datapath, basepath);
     size_t nullb = strlen(basepath);
     for (int use_anchor_pad = 0; use_anchor_pad <= 1; use_anchor_pad++) {
-        for (int use_range_v2 = 0; use_range_v2 <= 1; use_range_v2++) {
-            datapath[nullb] = 0;
-            strcat(datapath, use_anchor_pad ? "anchor-pad/" : "success/");
-            strcpy(cmdfile, datapath);
-            strcat(cmdfile, "cmd.json");
-            strcpy(collfile, datapath);
-            strcat(collfile, "collinfo.json");
-            strcpy(payloadfile, datapath);
-            strcat(payloadfile, use_range_v2 ? "encrypted-payload-range-v2.json" : "encrypted-payload.json");
-
-            mongocrypt_t *crypt;
-            mongocrypt_ctx_t *ctx;
-
-            crypt = _mongocrypt_tester_mongocrypt(use_range_v2 ? TESTER_MONGOCRYPT_WITH_RANGE_V2
-                                                               : TESTER_MONGOCRYPT_DEFAULT);
-            ctx = mongocrypt_ctx_new(crypt);
-
-            ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE(cmdfile)), ctx);
-
-            ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_COLLINFO);
-            {
-                ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE(collfile)), ctx);
-                ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
-            }
-
-            ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_KEYS);
-            {
-                ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
-                                                    TEST_FILE("./test/data/keys/"
-                                                              "12345678123498761234123456789012-local-document.json")),
-                          ctx);
-                ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
-                                                    TEST_FILE("./test/data/keys/"
-                                                              "ABCDEFAB123498761234123456789012-local-document.json")),
-                          ctx);
-                ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
-                                                    TEST_FILE("./test/data/keys/"
-                                                              "12345678123498761234123456789013-local-document.json")),
-                          ctx);
-                ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
-            }
-
-            ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
-            {
-                mongocrypt_binary_t *out = mongocrypt_binary_new();
-                ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
-                ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE(payloadfile), out);
-                mongocrypt_binary_destroy(out);
-            }
-
-            ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_DONE);
-
-            mongocrypt_ctx_destroy(ctx);
-            mongocrypt_destroy(crypt);
-        }
-    }
-
-    // Test `compactStructuredEncryptionData` without range fields omits encryptionInformation.
-    // This is a regression test for MONGOCRYPT-699.
-    for (int use_range_v2 = 0; use_range_v2 <= 1; use_range_v2++) {
         datapath[nullb] = 0;
-        strcat(datapath, "no-range/");
+        strcat(datapath, use_anchor_pad ? "anchor-pad/" : "success/");
         strcpy(cmdfile, datapath);
         strcat(cmdfile, "cmd.json");
         strcpy(collfile, datapath);
         strcat(collfile, "collinfo.json");
         strcpy(payloadfile, datapath);
-        strcat(payloadfile, "encrypted-payload.json"); // Expect same result regardless of range v2.
+        strcat(payloadfile, "encrypted-payload-range-v2.json");
 
         mongocrypt_t *crypt;
         mongocrypt_ctx_t *ctx;
 
-        crypt =
-            _mongocrypt_tester_mongocrypt(use_range_v2 ? TESTER_MONGOCRYPT_WITH_RANGE_V2 : TESTER_MONGOCRYPT_DEFAULT);
+        crypt = _mongocrypt_tester_mongocrypt(TESTER_MONGOCRYPT_DEFAULT);
         ctx = mongocrypt_ctx_new(crypt);
 
         ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE(cmdfile)), ctx);
@@ -139,6 +78,61 @@ static void _test_compact_success(_mongocrypt_tester_t *tester) {
         mongocrypt_ctx_destroy(ctx);
         mongocrypt_destroy(crypt);
     }
+
+    // Test `compactStructuredEncryptionData` without range fields omits encryptionInformation.
+    // This is a regression test for MONGOCRYPT-699.
+    datapath[nullb] = 0;
+    strcat(datapath, "no-range/");
+    strcpy(cmdfile, datapath);
+    strcat(cmdfile, "cmd.json");
+    strcpy(collfile, datapath);
+    strcat(collfile, "collinfo.json");
+    strcpy(payloadfile, datapath);
+    strcat(payloadfile, "encrypted-payload.json");
+
+    mongocrypt_t *crypt;
+    mongocrypt_ctx_t *ctx;
+
+    crypt = _mongocrypt_tester_mongocrypt(TESTER_MONGOCRYPT_DEFAULT);
+    ctx = mongocrypt_ctx_new(crypt);
+
+    ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, TEST_FILE(cmdfile)), ctx);
+
+    ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_COLLINFO);
+    {
+        ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx, TEST_FILE(collfile)), ctx);
+        ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
+    }
+
+    ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_NEED_MONGO_KEYS);
+    {
+        ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
+                                            TEST_FILE("./test/data/keys/"
+                                                      "12345678123498761234123456789012-local-document.json")),
+                  ctx);
+        ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
+                                            TEST_FILE("./test/data/keys/"
+                                                      "ABCDEFAB123498761234123456789012-local-document.json")),
+                  ctx);
+        ASSERT_OK(mongocrypt_ctx_mongo_feed(ctx,
+                                            TEST_FILE("./test/data/keys/"
+                                                      "12345678123498761234123456789013-local-document.json")),
+                  ctx);
+        ASSERT_OK(mongocrypt_ctx_mongo_done(ctx), ctx);
+    }
+
+    ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_READY);
+    {
+        mongocrypt_binary_t *out = mongocrypt_binary_new();
+        ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
+        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE(payloadfile), out);
+        mongocrypt_binary_destroy(out);
+    }
+
+    ASSERT_STATE_EQUAL(mongocrypt_ctx_state(ctx), MONGOCRYPT_CTX_DONE);
+
+    mongocrypt_ctx_destroy(ctx);
+    mongocrypt_destroy(crypt);
 }
 
 static void _test_compact_nonlocal_kms(_mongocrypt_tester_t *tester) {
@@ -204,7 +198,8 @@ static void _test_compact_nonlocal_kms(_mongocrypt_tester_t *tester) {
     {
         mongocrypt_binary_t *out = mongocrypt_binary_new();
         ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
-        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload.json"), out);
+        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload-range-v2.json"),
+                                            out);
         mongocrypt_binary_destroy(out);
     }
 
@@ -338,7 +333,8 @@ static void _test_compact_need_kms_credentials(_mongocrypt_tester_t *tester) {
     {
         mongocrypt_binary_t *out = mongocrypt_binary_new();
         ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
-        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload.json"), out);
+        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload-range-v2.json"),
+                                            out);
         mongocrypt_binary_destroy(out);
     }
 
@@ -422,7 +418,8 @@ static void _test_compact_from_encrypted_field_config_map(_mongocrypt_tester_t *
     {
         mongocrypt_binary_t *out = mongocrypt_binary_new();
         ASSERT_OK(mongocrypt_ctx_finalize(ctx, out), ctx);
-        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload.json"), out);
+        ASSERT_MONGOCRYPT_BINARY_EQUAL_BSON(TEST_FILE("./test/data/compact/success/encrypted-payload-range-v2.json"),
+                                            out);
         mongocrypt_binary_destroy(out);
     }
 

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c

@@ -117,11 +117,11 @@ static bool _mock_aes_256_xxx_decrypt(void *ctx,
     return true;
 }
 
-bool _hmac_sha_512(void *ctx,
-                   mongocrypt_binary_t *key,
-                   mongocrypt_binary_t *in,
-                   mongocrypt_binary_t *out,
-                   mongocrypt_status_t *status) {
+static bool _hmac_sha_512(void *ctx,
+                          mongocrypt_binary_t *key,
+                          mongocrypt_binary_t *in,
+                          mongocrypt_binary_t *out,
+                          mongocrypt_status_t *status) {
     _mongocrypt_buffer_t tmp;
 
     BSON_ASSERT(0 == strncmp("error_on:", (char *)ctx, strlen("error_on:")));
@@ -141,11 +141,11 @@ bool _hmac_sha_512(void *ctx,
     return true;
 }
 
-bool _hmac_sha_256(void *ctx,
-                   mongocrypt_binary_t *key,
-                   mongocrypt_binary_t *in,
-                   mongocrypt_binary_t *out,
-                   mongocrypt_status_t *status) {
+static bool _hmac_sha_256(void *ctx,
+                          mongocrypt_binary_t *key,
+                          mongocrypt_binary_t *in,
+                          mongocrypt_binary_t *out,
+                          mongocrypt_status_t *status) {
     _mongocrypt_buffer_t tmp;
 
     BSON_ASSERT(0 == strncmp("error_on:", (char *)ctx, strlen("error_on:")));
@@ -165,7 +165,7 @@ bool _hmac_sha_256(void *ctx,
     return true;
 }
 
-bool _sha_256(void *ctx, mongocrypt_binary_t *in, mongocrypt_binary_t *out, mongocrypt_status_t *status) {
+static bool _sha_256(void *ctx, mongocrypt_binary_t *in, mongocrypt_binary_t *out, mongocrypt_status_t *status) {
     _mongocrypt_buffer_t tmp;
 
     BSON_ASSERT(0 == strncmp("error_on:", (char *)ctx, strlen("error_on:")));
@@ -184,7 +184,7 @@ bool _sha_256(void *ctx, mongocrypt_binary_t *in, mongocrypt_binary_t *out, mong
     return true;
 }
 
-bool _random(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status) {
+static bool _random(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_status_t *status) {
     /* only have 32 bytes of random test data. */
     BSON_ASSERT(count <= 96);
 
@@ -204,11 +204,11 @@ bool _random(void *ctx, mongocrypt_binary_t *out, uint32_t count, mongocrypt_sta
     return true;
 }
 
-bool _sign_rsaes_pkcs1_v1_5(void *ctx,
-                            mongocrypt_binary_t *key,
-                            mongocrypt_binary_t *in,
-                            mongocrypt_binary_t *out,
-                            mongocrypt_status_t *status) {
+static bool _sign_rsaes_pkcs1_v1_5(void *ctx,
+                                   mongocrypt_binary_t *key,
+                                   mongocrypt_binary_t *in,
+                                   mongocrypt_binary_t *out,
+                                   mongocrypt_status_t *status) {
     _mongocrypt_buffer_t tmp;
 
     BSON_ASSERT(0 == strncmp("error_on:", (char *)ctx, strlen("error_on:")));
@@ -696,7 +696,7 @@ static bool _aes_256_ecb_encrypt(void *ctx,
     return _native_crypto_aes_256_ecb_encrypt(args);
 }
 
-void _test_fle2_crypto_via_ecb_hook(_mongocrypt_tester_t *tester) {
+static void _test_fle2_crypto_via_ecb_hook(_mongocrypt_tester_t *tester) {
     const _mongocrypt_value_encryption_algorithm_t *fle2alg = _mcFLE2Algorithm();
     bool ret;
     _mongocrypt_buffer_t key;

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c

@@ -14,6 +14,10 @@
  * limitations under the License.
  */
 
+#include "test-mongocrypt-crypto-std-hooks.h"
+
+//
+
 #include <mongocrypt-buffer-private.h>
 
 #include "test-mongocrypt.h"

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c

@@ -44,9 +44,10 @@ static bool _test_uses_ctr(const _test_mc_crypto_roundtrip_t *test) {
         /* we just get garbage data. */                                                                                \
         ASSERT(out.len == test->plaintext.len);                                                                        \
         ASSERT(memcmp(out.data, test->plaintext.data, out.len) != 0);                                                  \
-    } else {                                                                                                           \
+    } else if (1) {                                                                                                    \
         ASSERT_FAILS_STATUS(ret, status, "HMAC validation failure");                                                   \
-    }
+    } else                                                                                                             \
+        ((void)0)
 
 static void _test_roundtrip_single(const _test_mc_crypto_roundtrip_t *test) {
     if (!_aes_ctr_is_supported_by_os && _test_uses_ctr(test)) {
@@ -283,7 +284,7 @@ typedef struct {
     const char *expect;
 } hmac_sha_256_test_t;
 
-void _test_native_crypto_hmac_sha_256(_mongocrypt_tester_t *tester) {
+static void _test_native_crypto_hmac_sha_256(_mongocrypt_tester_t *tester) {
     /* Test data generated with OpenSSL CLI:
     $ echo -n "test" | openssl dgst -mac hmac -macopt \
     hexkey:6bb2664e8d444377d3cd9566c005593b7ed8a35ab8eac9eb5ffa6e426854e5cc \

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c

@@ -96,7 +96,7 @@ static void _test_csfle_load_twice_fail(_mongocrypt_tester_t *tester) {
     mongocrypt_t *const crypt2 = get_test_mongocrypt(tester);
     mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt2, "$ORIGIN/stubbed-crypt_shared-2.dll");
     // Loading a second different library is an error:
-    ASSERT_FAILS(_mongocrypt_init_for_test(crypt2), crypt2, "attempted to load a second CSFLE library");
+    ASSERT_FAILS(_mongocrypt_init_for_test(crypt2), crypt2, "attempted to load a second crypt_shared library");
 
     mstr_view version = mstrv_view_cstr(mongocrypt_crypt_shared_lib_version_string(crypt1, NULL));
     if (TEST_MONGOCRYPT_HAVE_REAL_CRYPT_SHARED_LIB) {
@@ -143,7 +143,7 @@ static void _test_csfle_path_override_fail(_mongocrypt_tester_t *tester) {
 static void _test_cur_exe_path(_mongocrypt_tester_t *tester) {
     current_module_result self = current_module_path();
     BSON_ASSERT(self.error == 0);
-    BSON_ASSERT(self.path.len != 0);
+    BSON_ASSERT(self.path.raw.len != 0);
     mstr_free(self.path);
 }
 
@@ -180,7 +180,7 @@ static void _test_lookup_version_check(_mongocrypt_tester_t *tester) {
     mongocrypt_t *crypt = _mongocrypt_tester_mongocrypt(TESTER_MONGOCRYPT_WITH_CRYPT_SHARED_LIB);
     uint64_t version = crypt->csfle.get_version();
     mongocrypt_ctx_t *ctx = mongocrypt_ctx_new(crypt);
-    mongocrypt_binary_t *cmd = TEST_FILE("./test/data/lookup/csfle/01-cmd.json");
+    mongocrypt_binary_t *cmd = TEST_FILE("./test/data/lookup/csfle/cmd.json");
     if (version >= CRYPT_SHARED_8_1) {
         ASSERT_OK(mongocrypt_ctx_encrypt_init(ctx, "db", -1, cmd), ctx);
     } else {
@@ -190,6 +190,15 @@ static void _test_lookup_version_check(_mongocrypt_tester_t *tester) {
     mongocrypt_destroy(crypt);
 }
 
+static void _test_loading_libmongocrypt_fails(_mongocrypt_tester_t *tester) {
+    mongocrypt_t *const crypt = get_test_mongocrypt(tester);
+    const char *path_to_libmongocrypt = TEST_MONGOCRYPT_MONGOCRYPT_SHARED_PATH;
+    mongocrypt_setopt_set_crypt_shared_lib_path_override(crypt, path_to_libmongocrypt);
+    bool ok = mongocrypt_init(crypt);
+    ASSERT_FAILS(ok, crypt, "detected libmongocrypt");
+    mongocrypt_destroy(crypt);
+}
+
 void _mongocrypt_tester_install_csfle_lib(_mongocrypt_tester_t *tester) {
     INSTALL_TEST(_test_csfle_no_paths);
     INSTALL_TEST(_test_csfle_not_found);
@@ -202,4 +211,5 @@ void _mongocrypt_tester_install_csfle_lib(_mongocrypt_tester_t *tester) {
     INSTALL_TEST(_test_csfle_not_loaded_with_bypassqueryanalysis);
     INSTALL_TEST(_test_override_error_includes_reason);
     INSTALL_TEST(_test_lookup_version_check);
+    INSTALL_TEST(_test_loading_libmongocrypt_fails);
 }

data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c

@@ -123,7 +123,7 @@ static void _test_decrypt_ready(_mongocrypt_tester_t *tester) {
 }
 
 /* Test with empty AWS credentials. */
-void _test_decrypt_empty_aws(_mongocrypt_tester_t *tester) {
+static void _test_decrypt_empty_aws(_mongocrypt_tester_t *tester) {
     mongocrypt_t *crypt;
     mongocrypt_ctx_t *ctx;
 
@@ -888,7 +888,8 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
     }
 
     // FLE2InsertUpdatePayload can be decrypted.
-    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is currently still supported.
+    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is still supported.
+    // libmongocrypt no longer produces QE-V1 payloads. Payload is copied from libmongocrypt 1.8.0.
     {
         ed_testcase tc = {
             .desc = "FLE2InsertUpdatePayload",
@@ -899,12 +900,13 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
         ed_testcase_run(&tc);
     }
 
-    // FLE2InsertUpdatePayload with edges can be decrypted.
-    // Edges are sent on payloads for range algorithm.
+    // FLE2InsertUpdatePayload for RangeV1 can be decrypted. Range payloads include additional fields.
+    // Payload is only used in the Range-V1 protocol removed in MongoDB 8.0. Decrypting is still supported.
+    // libmongocrypt no longer produces Range-V1 payloads. Payload is copied from libmongocrypt 1.11.0.
     {
         ed_testcase tc = {
-            .desc = "FLE2InsertUpdatePayload with edges",
-            .msg = TEST_FILE("./test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges.json"),
+            .desc = "FLE2InsertUpdatePayload for RangeV1",
+            .msg = TEST_FILE("./test/data/explicit-decrypt/FLE2InsertUpdatePayload-RangeV1.json"),
             .keys_to_feed = {keyABC},
             .expect = TEST_BSON(BSON_STR({"v" : 123456})),
         };
@@ -912,7 +914,8 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
     }
 
     // FLE2UnindexedEncryptedValue can be decrypted.
-    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is currently still supported.
+    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is still supported.
+    // libmongocrypt no longer produces QE-V1 payloads. Payload is copied from libmongocrypt 1.8.0.
     {
         ed_testcase tc = {
             .desc = "FLE2UnindexedEncryptedValue",
@@ -924,7 +927,8 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
     }
 
     // FLE2IndexedEqualityEncryptedValue can be decrypted.
-    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is currently still supported.
+    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is still supported.
+    // libmongocrypt no longer produces QE-V1 payloads. Payload is copied from libmongocrypt 1.8.0.
     {
         ed_testcase tc = {
             .desc = "FLE2IndexedEqualityEncryptedValue",
@@ -936,7 +940,8 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
     }
 
     // FLE2IndexedRangeEncryptedValue can be decrypted.
-    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is currently still supported.
+    // Payload is only used in the QE-V1 protocol removed in MongoDB 7.0. Decrypting is still supported.
+    // libmongocrypt no longer produces QE-V1 payloads. Payload is copied from libmongocrypt 1.8.0.
     {
         ed_testcase tc = {
             .desc = "FLE2IndexedRangeEncryptedValue",
@@ -967,12 +972,24 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
         ed_testcase_run(&tc);
     }
 
-    // FLE2InsertUpdatePayloadV2 with edges can be decrypted.
-    // Edges are sent on payloads for range algorithm.
+    // FLE2InsertUpdatePayloadV2 for RangeV1 can be decrypted. Range payloads include additional fields.
+    // Payload is only used in the Range-V1 protocol removed in MongoDB 8.0. Decrypting is still supported.
+    // libmongocrypt no longer produces Range-V1 payloads. Payload is copied from libmongocrypt 1.11.0.
     {
         ed_testcase tc = {
-            .desc = "FLE2InsertUpdatePayloadV2 with edges",
-            .msg = TEST_FILE("./test/data/explicit-decrypt/FLE2InsertUpdatePayload-with-edges-V2.json"),
+            .desc = "FLE2InsertUpdatePayloadV2 for RangeV1",
+            .msg = TEST_FILE("./test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV1.json"),
+            .keys_to_feed = {keyABC},
+            .expect = TEST_BSON(BSON_STR({"v" : 123456})),
+        };
+        ed_testcase_run(&tc);
+    }
+
+    // FLE2InsertUpdatePayloadV2 for RangeV2 can be decrypted. Range payloads include additional fields.
+    {
+        ed_testcase tc = {
+            .desc = "FLE2InsertUpdatePayloadV2 for RangeV2",
+            .msg = TEST_FILE("./test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json"),
             .keys_to_feed = {keyABC},
             .expect = TEST_BSON(BSON_STR({"v" : 123456})),
         };
@@ -1002,6 +1019,7 @@ static void _test_explicit_decrypt(_mongocrypt_tester_t *tester) {
     }
 
     // FLE2IndexedRangeEncryptedValueV2 can be decrypted.
+    // Payload did not change between RangeV1 and RangeV2.
     {
         ed_testcase tc = {
             .desc = "FLE2IndexedRangeEncryptedValueV2",