Part of field-level encryption is producing a C library that drivers consume to do encryption and decryption.

The in-progress prototype is on 10gen/libmongocrypt.

• Clean and implement full CMake configuration.
  • Properly statically link against kms_message.
  • Support make install correctly.
• Use a client_pool for the key vault and mongocryptd clients.
• Implement the data key cache.
• Make operations on mongocrypt_t handle must be thread-safe.
• Spawn mockupcryptd/mongocryptd.
• Add Windows support.
• Add Windows and macOS native crypto support.
• [in progress] Add correct OpenSSL support.
• Support full command document in encryption according to the mongocryptd spec.
• Handle bulk operations for encryption.
• Support explicit encryption and decryption.
• Document API and usage.
• Properly test.
  • Write a test runner, possibly from test-libmongoc source.
  • Add unit test with a corpus of documents containing markings.
  • Add integration tests using mockupcryptd/mongocryptd.
  • Test on a variety of platforms on evergreen, including tests with ASAN and Valgrind.
• Improve error reporting. Distinguish server, KMS, and mongocryptd errors. A server error should set a bson reply.

This list will change. The API of libmongocrypt may change during FLE design. But much of this work is necessary regardless of the exact API. Working on this concurrently with the design helps us get more immediate feedback and gives a head start at final implementation after design is approved.