[SERVER-39202] Improve deterministic calculation of key container names Created: 25/Jan/19  Updated: 29/Oct/23  Resolved: 30/Jan/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 4.0.5, 4.1.7
Fix Version/s: 4.0.7, 4.1.8

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.0
Sprint: Security 2019-02-11
Participants:

 Description   

When Windows mongo servers use a log file, they use that log file to calculate the private key container name. Unfortunately, if two private keys are loaded in the same key container, then SChannel will use the wrong private key for signing in the server key exchange.

To fix this, we need to use a unique deterministic calculation for all key containers. The simplest solution is to append an incrementing integer to uniquify the key containers. This ensures the key container names are unique without leaking an unbounded number on each restart.



 Comments   
Comment by Githook User [ 08/Feb/19 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-39202 Improve deterministic calculation of key container names

(cherry picked from commit 6658305fbf6942f1f1294d0bffeaec9adb1bf03a)
Branch: v4.0
https://github.com/mongodb/mongo/commit/fa94a1dd0e4ea165677358c6c3fdaa66ed068a18

Comment by Githook User [ 31/Jan/19 ]

Author:

{'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto'}

Message: SERVER-39202 Improve deterministic calculation of key container names
Branch: master
https://github.com/mongodb/mongo/commit/6658305fbf6942f1f1294d0bffeaec9adb1bf03a

Generated at Thu Feb 08 04:51:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.