mongodb · durran · Oct 1, 2025 · Oct 1, 2025 · Oct 1, 2025 · baileympearson
@@ -9,7 +9,7 @@ if [ -z ${PROJECT_DIRECTORY+omitted} ]; then echo "PROJECT_DIRECTORY is unset" &
 source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh
 
 rm -rf mongodb-client-encryption
-git clone https://github.com/baileympearson/mongodb-client-encryption.git -b NODE-7043
+git clone https://github.com/mongodb-js/mongodb-client-encryption.git -b NODE-6297
 pushd mongodb-client-encryption
 
 node --version

@@ -10,7 +10,6 @@ import { MongoClient, type MongoClientOptions } from '../mongo_client';
 import { type Abortable } from '../mongo_types';
 import { MongoDBCollectionNamespace } from '../utils';
 import { autoSelectSocketOptions } from './client_encryption';
-import * as cryptoCallbacks from './crypto_callbacks';
 import { defaultErrorWrapper, MongoCryptInvalidArgumentError } from './errors';
 import { MongocryptdManager } from './mongocryptd_manager';
 import {
@@ -254,7 +253,6 @@ export class AutoEncrypter {
     }
 
     const mongoCryptOptions: MongoCryptOptions = {
-      cryptoCallbacks,
       errorWrapper: defaultErrorWrapper
     };
     if (options.schemaMap) {

@@ -25,7 +25,6 @@ import { type CreateCollectionOptions } from '../operations/create_collection';
 import { type DeleteResult } from '../operations/delete';
 import { type CSOTTimeoutContext, TimeoutContext } from '../timeout';
 import { MongoDBCollectionNamespace, resolveTimeoutOptions } from '../utils';
-import * as cryptoCallbacks from './crypto_callbacks';
 import {
   defaultErrorWrapper,
   MongoCryptCreateDataKeyError,
@@ -144,7 +143,6 @@ export class ClientEncryption {
 
     const mongoCryptOptions: MongoCryptOptions = {
       ...options,
-      cryptoCallbacks,
       kmsProviders: !Buffer.isBuffer(this._kmsProviders)
         ? (serialize(this._kmsProviders) as Buffer)
         : this._kmsProviders,

@@ -104,7 +104,6 @@ export * from '../src/bulk/unordered';
 export * from '../src/change_stream';
 export * from '../src/client-side-encryption/auto_encrypter';
 export * from '../src/client-side-encryption/client_encryption';
-export * from '../src/client-side-encryption/crypto_callbacks';
 export * from '../src/client-side-encryption/errors';
 export * from '../src/client-side-encryption/mongocryptd_manager';
 export * from '../src/client-side-encryption/providers/aws';

@@ -5,7 +5,6 @@ import { resolve } from 'path';
 import * as sinon from 'sinon';
 
 import { ClientEncryption } from '../../../src/client-side-encryption/client_encryption';
-import * as cryptoCallbacks from '../../../src/client-side-encryption/crypto_callbacks';
 import {
   MongoCryptCreateDataKeyError,
   MongoCryptCreateEncryptedCollectionError
@@ -35,66 +34,6 @@ class MockClient {
 describe('ClientEncryption', function () {
   this.timeout(12000);
 
-  context('with stubbed key material and fixed random source', function () {
-    const sandbox = sinon.createSandbox();
-
-    afterEach(() => {
-      sandbox.restore();
-    });
-    beforeEach(() => {
-      const rndData = Buffer.from(
-        '\x4d\x06\x95\x64\xf5\xa0\x5e\x9e\x35\x23\xb9\x8f\x57\x5a\xcb\x15',
-        'latin1'
-      );
-      let rndPos = 0;
-      sandbox.stub(cryptoCallbacks, 'randomHook').callsFake((buffer, count) => {
-        if (rndPos + count > rndData.length) {
-          return new Error('Out of fake random data');
-        }
-        buffer.set(rndData.subarray(rndPos, rndPos + count));
-        rndPos += count;
-        return count;
-      });
-
-      // stubbed out for AWS unit testing below
-      sandbox.stub(StateMachine.prototype, 'fetchKeys').callsFake((client, ns, filter) => {
-        filter = deserialize(filter);
-        const keyIds = filter.$or[0]._id.$in.map(key => key.toString('hex'));
-        const fileNames = keyIds.map(keyId =>
-          resolve(`${__dirname}/data/keys/${keyId.toUpperCase()}-local-document.json`)
-        );
-        const contents = fileNames.map(filename =>
-          EJSON.parse(fs.readFileSync(filename, { encoding: 'utf-8' }))
-        );
-        return Promise.resolve(contents);
-      });
-    });
-
-    // This exactly matches _test_encrypt_fle2_explicit from the C tests
-    it('should explicitly encrypt and decrypt with the "local" KMS provider (FLE2, exact result)', function () {
-      const encryption = new ClientEncryption(new MockClient(), {
-        keyVaultNamespace: 'client.encryption',
-        kmsProviders: { local: { key: Buffer.alloc(96) } }
-      });
-
-      const encryptOptions = {
-        keyId: new Binary(Buffer.from('ABCDEFAB123498761234123456789012', 'hex'), 4),
-        algorithm: 'Unindexed'
-      };
-
-      return encryption
-        .encrypt('value123', encryptOptions)
-        .then(encrypted => {
-          expect(encrypted._bsontype).to.equal('Binary');
-          expect(encrypted.sub_type).to.equal(6);
-          return encryption.decrypt(encrypted);
-        })
-        .then(decrypted => {
-          expect(decrypted).to.equal('value123');
-        });
-    });
-  });
-
   it('should provide the libmongocrypt version', function () {
     expect(ClientEncryption.libmongocryptVersion).to.be.a('string');
   });