Skip to content

v1: client_encryption (CXX-3237, CXX-3238)#1577

Merged
eramongodb merged 6 commits intomongodb:masterfrom
eramongodb:cxx-abi-v1-client_encryption
Feb 10, 2026
Merged

v1: client_encryption (CXX-3237, CXX-3238)#1577
eramongodb merged 6 commits intomongodb:masterfrom
eramongodb:cxx-abi-v1-client_encryption

Conversation

@eramongodb
Copy link
Copy Markdown
Contributor

@eramongodb eramongodb commented Feb 6, 2026
edited
Loading

Resolves CXX-3237 and CXX-3238 for the v1::client_encryption component.

Similar to v_noabi::options::auto_encryption (#1551), v_noabi::options::client_encryption does not support direct v_noabi <-> v1 conversion due to the key vault client pointer field. However, similar to v_noabi::client (#1559), construction of v_noabi::client_encryption is still able to reuse the v1 implementation due to the pointer not being exposed post-construction. Therefore, v_noabi <-> v1 conversion is supported for the client_encryption class (but not its options class).

Due to the comparative lack of option classes (whose v_noabi -> v1 conversions would constitute unconditional deep-copy performance overhead), many v_noabi functions were able to be implemented in terms of v1. This also helped to better highlight discrepancies in v1 and v_noabi behavior concerning optional return values, where v1 unconditionally returns BSON documents even when empty, whereas v_noabi returns a null optional instead:

// v_noabi
auto key_opt = ce.get_key();
if (key_opt) { use(*key_opt); }

// v1
auto key = ce.get_key();
if (!key.empty()) { use(key); }

Following this PR, all former references to the scoped_bson_value helper have been replaced with bsoncxx::v1::types::value::internal::get_bson_value(). This helper can therefore be removed. The CSFLE-specific workaround for not-null BSON type strings is now implemented by the ensure_not_null_string() helper function.

@eramongodb eramongodb requested a review from kevinAlbs February 6, 2026 19:01
@eramongodb eramongodb self-assigned this Feb 6, 2026
@eramongodb eramongodb requested a review from a team as a code owner February 6, 2026 19:01
kevinAlbs
kevinAlbs approved these changes Feb 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kevinAlbs kevinAlbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

src/mongocxx/lib/mongocxx/v1/client_encryption.cpp
Comment on lines +97 to +103
case encrypt_options::encryption_algorithm::k_deterministic:
libmongoc::client_encryption_encrypt_opts_set_algorithm(
ptr, "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic");
break;
case encrypt_options::encryption_algorithm::k_random:
libmongoc::client_encryption_encrypt_opts_set_algorithm(ptr, "AEAD_AES_256_CBC_HMAC_SHA_512-Random");
break;
Copy link
Copy Markdown
Collaborator

@kevinAlbs kevinAlbs Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: can use the MONGOC_AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC and MONGOC_AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM macros. Similar comment applies to v_noabi.

@eramongodb eramongodb merged commit 27c9d6b into mongodb:master Feb 10, 2026
3 of 4 checks passed
@eramongodb eramongodb deleted the cxx-abi-v1-client_encryption branch February 10, 2026 15:55
@eramongodb eramongodb mentioned this pull request Feb 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinAlbs kevinAlbs kevinAlbs approved these changes

Assignees

@eramongodb eramongodb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eramongodb @kevinAlbs