From 5e7f93d5ec162480665c9a46d30634abf4a1da6c Mon Sep 17 00:00:00 2001
From: Ezra Chung <ezra.chung@mongodb.com>
Date: Mon, 6 Jan 2025 09:18:37 -0600
Subject: [PATCH 1/3] Fix unintentional exclusion of 0xff in random bytes

---
 .../mongocxx/automatic_client_side_field_level_encryption.cpp   | 2 +-
 examples/mongocxx/explicit_encryption.cpp                       | 2 +-
 examples/mongocxx/explicit_encryption_auto_decryption.cpp       | 2 +-
 .../mongocxx/server_side_field_level_encryption_enforcement.cpp | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/mongocxx/automatic_client_side_field_level_encryption.cpp b/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
index 241a95b67f..d3b51540bc 100644
--- a/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
+++ b/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
@@ -103,7 +103,7 @@ int EXAMPLES_CDECL main() {
     // This must be the same master key that was used to create
     // the encryption key; here, we use a random key as a placeholder.
     std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand() % UINT8_MAX); });
+    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/explicit_encryption.cpp b/examples/mongocxx/explicit_encryption.cpp
index 0ddeb887e6..21e38e7b25 100644
--- a/examples/mongocxx/explicit_encryption.cpp
+++ b/examples/mongocxx/explicit_encryption.cpp
@@ -54,7 +54,7 @@ int EXAMPLES_CDECL main() {
     // This must be the same master key that was used to create
     // the encryption key; here, we use a random key as a placeholder.
     std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand() % UINT8_MAX); });
+    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/explicit_encryption_auto_decryption.cpp b/examples/mongocxx/explicit_encryption_auto_decryption.cpp
index b65fb1cc0a..27a09023d6 100644
--- a/examples/mongocxx/explicit_encryption_auto_decryption.cpp
+++ b/examples/mongocxx/explicit_encryption_auto_decryption.cpp
@@ -54,7 +54,7 @@ int EXAMPLES_CDECL main() {
     // This must be the same master key that was used to create
     // the encryption key; here, we use a random key as a placeholder.
     std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand() % UINT8_MAX); });
+    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp b/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
index 26b88ebf17..47226133d0 100644
--- a/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
+++ b/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
@@ -56,7 +56,7 @@ int EXAMPLES_CDECL main() {
     // This must be the same master key that was used to create
     // the encryption key; here, we use a random key as a placeholder.
     std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand() % UINT8_MAX); });
+    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document

From d4e3f412496533bc172122b0bf90510cb5f6a5d3 Mon Sep 17 00:00:00 2001
From: Ezra Chung <ezra.chung@mongodb.com>
Date: Mon, 6 Jan 2025 09:39:15 -0600
Subject: [PATCH 2/3] Remove unnecessary strlen+min on call to bson_strncpy

---
 .../mongocxx/v_noabi/mongocxx/exception/private/mongoc_error.hh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mongocxx/lib/mongocxx/v_noabi/mongocxx/exception/private/mongoc_error.hh b/src/mongocxx/lib/mongocxx/v_noabi/mongocxx/exception/private/mongoc_error.hh
index 8979a4097d..86d3263204 100644
--- a/src/mongocxx/lib/mongocxx/v_noabi/mongocxx/exception/private/mongoc_error.hh
+++ b/src/mongocxx/lib/mongocxx/v_noabi/mongocxx/exception/private/mongoc_error.hh
@@ -35,7 +35,7 @@ inline std::error_code make_error_code(::bson_error_t const& error) {
 }
 
 inline void set_bson_error_message(bson_error_t* error, char const* msg) {
-    bson_strncpy(error->message, msg, std::min(strlen(msg) + 1, static_cast<size_t>(BSON_ERROR_BUFFER_SIZE)));
+    bson_strncpy(error->message, msg, BSON_ERROR_BUFFER_SIZE);
 }
 
 inline void make_bson_error(bson_error_t* error, operation_exception const& e) {

From 0012d62ce67d8a023941050723cb800fad053425 Mon Sep 17 00:00:00 2001
From: Ezra Chung <ezra.chung@mongodb.com>
Date: Mon, 6 Jan 2025 13:21:14 -0600
Subject: [PATCH 3/3] Use pre-generated key material for examples

---
 ...tomatic_client_side_field_level_encryption.cpp | 15 ++++++++++-----
 examples/mongocxx/explicit_encryption.cpp         | 15 ++++++++++-----
 .../explicit_encryption_auto_decryption.cpp       | 15 ++++++++++-----
 ...er_side_field_level_encryption_enforcement.cpp | 15 ++++++++++-----
 4 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/examples/mongocxx/automatic_client_side_field_level_encryption.cpp b/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
index d3b51540bc..ca35934a68 100644
--- a/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
+++ b/examples/mongocxx/automatic_client_side_field_level_encryption.cpp
@@ -16,7 +16,6 @@
 #include <cstdint>
 #include <fstream>
 #include <iostream>
-#include <random>
 
 #include <bsoncxx/builder/basic/document.hpp>
 #include <bsoncxx/builder/basic/kvp.hpp>
@@ -100,10 +99,16 @@ bsoncxx::document::value doc_from_file(std::string path) {
 int EXAMPLES_CDECL main() {
     instance inst{};
 
-    // This must be the same master key that was used to create
-    // the encryption key; here, we use a random key as a placeholder.
-    std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
+    // This must be the same master key that was used to create the encryption key.
+    // An arbitrary key is used as a placeholder for this example.
+    std::uint8_t const key_storage[kKeyLength]{
+        0x45, 0xA3, 0x5B, 0xC8, 0x91, 0x76, 0x2E, 0x0F, 0x34, 0x6A, 0xD1, 0xB8, 0x55, 0x9C, 0xEA, 0x1F,
+        0x88, 0x12, 0x6D, 0x3B, 0x75, 0x2A, 0xF0, 0x97, 0x41, 0xE3, 0x5C, 0xB9, 0x66, 0x0D, 0xAF, 0x52,
+        0x23, 0xC4, 0x8E, 0x19, 0x74, 0xAB, 0x2F, 0xD0, 0x39, 0x6B, 0x84, 0xFC, 0x14, 0x7E, 0x93, 0x27,
+        0x5D, 0x86, 0x1C, 0xA8, 0x72, 0x30, 0xB7, 0x4F, 0x09, 0xE1, 0xCA, 0x53, 0x2D, 0x94, 0xBA, 0x68,
+        0x0E, 0xF5, 0x48, 0x16, 0x7F, 0xAE, 0x21, 0x6C, 0x9D, 0x82, 0x0B, 0xF2, 0x5A, 0x37, 0xCC, 0x18,
+        0x4A, 0x6E, 0x95, 0xBD, 0x33, 0x57, 0xA1, 0x08, 0xDF, 0x20, 0x69, 0xE7, 0x12, 0x8B, 0xF4, 0x3D,
+    };
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/explicit_encryption.cpp b/examples/mongocxx/explicit_encryption.cpp
index 21e38e7b25..696301c7be 100644
--- a/examples/mongocxx/explicit_encryption.cpp
+++ b/examples/mongocxx/explicit_encryption.cpp
@@ -15,7 +15,6 @@
 #include <algorithm>
 #include <cstdint>
 #include <iostream>
-#include <random>
 
 #include <bsoncxx/builder/basic/document.hpp>
 #include <bsoncxx/builder/basic/kvp.hpp>
@@ -51,10 +50,16 @@ int const kKeyLength = 96;
 int EXAMPLES_CDECL main() {
     instance inst{};
 
-    // This must be the same master key that was used to create
-    // the encryption key; here, we use a random key as a placeholder.
-    std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
+    // This must be the same master key that was used to create the encryption key.
+    // An arbitrary key is used as a placeholder for this example.
+    std::uint8_t const key_storage[kKeyLength]{
+        0x45, 0xA3, 0x5B, 0xC8, 0x91, 0x76, 0x2E, 0x0F, 0x34, 0x6A, 0xD1, 0xB8, 0x55, 0x9C, 0xEA, 0x1F,
+        0x88, 0x12, 0x6D, 0x3B, 0x75, 0x2A, 0xF0, 0x97, 0x41, 0xE3, 0x5C, 0xB9, 0x66, 0x0D, 0xAF, 0x52,
+        0x23, 0xC4, 0x8E, 0x19, 0x74, 0xAB, 0x2F, 0xD0, 0x39, 0x6B, 0x84, 0xFC, 0x14, 0x7E, 0x93, 0x27,
+        0x5D, 0x86, 0x1C, 0xA8, 0x72, 0x30, 0xB7, 0x4F, 0x09, 0xE1, 0xCA, 0x53, 0x2D, 0x94, 0xBA, 0x68,
+        0x0E, 0xF5, 0x48, 0x16, 0x7F, 0xAE, 0x21, 0x6C, 0x9D, 0x82, 0x0B, 0xF2, 0x5A, 0x37, 0xCC, 0x18,
+        0x4A, 0x6E, 0x95, 0xBD, 0x33, 0x57, 0xA1, 0x08, 0xDF, 0x20, 0x69, 0xE7, 0x12, 0x8B, 0xF4, 0x3D,
+    };
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/explicit_encryption_auto_decryption.cpp b/examples/mongocxx/explicit_encryption_auto_decryption.cpp
index 27a09023d6..25ce59c403 100644
--- a/examples/mongocxx/explicit_encryption_auto_decryption.cpp
+++ b/examples/mongocxx/explicit_encryption_auto_decryption.cpp
@@ -15,7 +15,6 @@
 #include <algorithm>
 #include <cstdint>
 #include <iostream>
-#include <random>
 
 #include <bsoncxx/builder/basic/document.hpp>
 #include <bsoncxx/builder/basic/kvp.hpp>
@@ -51,10 +50,16 @@ int const kKeyLength = 96;
 int EXAMPLES_CDECL main() {
     instance inst{};
 
-    // This must be the same master key that was used to create
-    // the encryption key; here, we use a random key as a placeholder.
-    std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
+    // This must be the same master key that was used to create the encryption key.
+    // An arbitrary key is used as a placeholder for this example.
+    std::uint8_t const key_storage[kKeyLength]{
+        0x45, 0xA3, 0x5B, 0xC8, 0x91, 0x76, 0x2E, 0x0F, 0x34, 0x6A, 0xD1, 0xB8, 0x55, 0x9C, 0xEA, 0x1F,
+        0x88, 0x12, 0x6D, 0x3B, 0x75, 0x2A, 0xF0, 0x97, 0x41, 0xE3, 0x5C, 0xB9, 0x66, 0x0D, 0xAF, 0x52,
+        0x23, 0xC4, 0x8E, 0x19, 0x74, 0xAB, 0x2F, 0xD0, 0x39, 0x6B, 0x84, 0xFC, 0x14, 0x7E, 0x93, 0x27,
+        0x5D, 0x86, 0x1C, 0xA8, 0x72, 0x30, 0xB7, 0x4F, 0x09, 0xE1, 0xCA, 0x53, 0x2D, 0x94, 0xBA, 0x68,
+        0x0E, 0xF5, 0x48, 0x16, 0x7F, 0xAE, 0x21, 0x6C, 0x9D, 0x82, 0x0B, 0xF2, 0x5A, 0x37, 0xCC, 0x18,
+        0x4A, 0x6E, 0x95, 0xBD, 0x33, 0x57, 0xA1, 0x08, 0xDF, 0x20, 0x69, 0xE7, 0x12, 0x8B, 0xF4, 0x3D,
+    };
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document
diff --git a/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp b/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
index 47226133d0..e1f22939c2 100644
--- a/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
+++ b/examples/mongocxx/server_side_field_level_encryption_enforcement.cpp
@@ -15,7 +15,6 @@
 #include <algorithm>
 #include <cstdint>
 #include <iostream>
-#include <random>
 
 #include <bsoncxx/builder/basic/document.hpp>
 #include <bsoncxx/builder/basic/kvp.hpp>
@@ -53,10 +52,16 @@ int const kKeyLength = 96;
 int EXAMPLES_CDECL main() {
     instance inst{};
 
-    // This must be the same master key that was used to create
-    // the encryption key; here, we use a random key as a placeholder.
-    std::uint8_t key_storage[kKeyLength];
-    std::generate_n(key_storage, kKeyLength, []() { return static_cast<std::uint8_t>(std::rand()); });
+    // This must be the same master key that was used to create the encryption key.
+    // An arbitrary key is used as a placeholder for this example.
+    std::uint8_t const key_storage[kKeyLength]{
+        0x45, 0xA3, 0x5B, 0xC8, 0x91, 0x76, 0x2E, 0x0F, 0x34, 0x6A, 0xD1, 0xB8, 0x55, 0x9C, 0xEA, 0x1F,
+        0x88, 0x12, 0x6D, 0x3B, 0x75, 0x2A, 0xF0, 0x97, 0x41, 0xE3, 0x5C, 0xB9, 0x66, 0x0D, 0xAF, 0x52,
+        0x23, 0xC4, 0x8E, 0x19, 0x74, 0xAB, 0x2F, 0xD0, 0x39, 0x6B, 0x84, 0xFC, 0x14, 0x7E, 0x93, 0x27,
+        0x5D, 0x86, 0x1C, 0xA8, 0x72, 0x30, 0xB7, 0x4F, 0x09, 0xE1, 0xCA, 0x53, 0x2D, 0x94, 0xBA, 0x68,
+        0x0E, 0xF5, 0x48, 0x16, 0x7F, 0xAE, 0x21, 0x6C, 0x9D, 0x82, 0x0B, 0xF2, 0x5A, 0x37, 0xCC, 0x18,
+        0x4A, 0x6E, 0x95, 0xBD, 0x33, 0x57, 0xA1, 0x08, 0xDF, 0x20, 0x69, 0xE7, 0x12, 0x8B, 0xF4, 0x3D,
+    };
     bsoncxx::types::b_binary local_master_key{bsoncxx::binary_sub_type::k_binary, kKeyLength, key_storage};
 
     auto kms_providers = document{} << "local" << open_document << "key" << local_master_key << close_document