-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: C library
-
None
Currently, libmongocrypt will return an error with the message "KMS response fed too much data" if mongocrypt_kms_ctx_feed is fed more bytes than indicated in mongocrypt_kms_ctx_bytes_needed. This is currently documented in the API for mongocrypt_kms_ctx_feed:
/** * Feed bytes from the HTTP response. * * Feeding more bytes than what has been returned in @ref * mongocrypt_kms_ctx_bytes_needed is an error. * * @param[in] kms The @ref mongocrypt_kms_ctx_t. * @param[in] bytes The bytes to feed. The viewed data is copied. It is valid to * destroy @p bytes with @ref mongocrypt_binary_destroy immediately after. * @returns A boolean indicating success. If false, an error status is set. * Retrieve it with @ref mongocrypt_kms_ctx_status */ MONGOCRYPT_EXPORT bool mongocrypt_kms_ctx_feed (mongocrypt_kms_ctx_t *kms, mongocrypt_binary_t *bytes);
This is meant as a safeguard to prevent API misuse of passing more bytes than expected. But it creates an unnecessarily complicated API. We may be able to remove this limitation.
- is related to
-
MONGOCRYPT-249 KMS instructions in integration guide unclear
- Backlog