[SERVER-44721] Shell KMS AWS support cannot decrypt responses Created: 18/Nov/19  Updated: 29/Oct/23  Resolved: 19/Nov/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.2.0, 4.2.1
Fix Version/s: 4.2.2, 4.3.2

Type: Bug Priority: Blocker - P1
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-13231 SERVER-44721: Change in AWS KMS respo... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.2
Sprint: Security 2019-12-02
Participants:
Linked BF Score: 46

 Description   

On November 13, 2019, AWS added a new field EncryptionResponse to the decrypt message response from KMS. This is not documented here as of the filing of this ticket. 

EncryptionAlgorithm: "SYMMETRIC_DEFAULT",

As a result, 4.2.0, and 4.2.1 shell cannot work with AWS KMS



 Comments   
Comment by Githook User [ 19/Nov/19 ]

Author:

{'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto'}

Message: SERVER-44721 Parse AWS responses as non-strict, ignore unexpected fields

(cherry picked from commit 60c957304e503dbca360838627cf0f8402764929)
Branch: v4.2
https://github.com/mongodb/mongo/commit/73824d8184558686190262e81fc8b55274d4a644

Comment by Githook User [ 19/Nov/19 ]

Author:

{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-44721 Parse AWS responses as non-strict, ignore unexpected fields
Branch: master
https://github.com/mongodb/mongo/commit/60c957304e503dbca360838627cf0f8402764929

Comment by Mark Benvenuto [ 19/Nov/19 ]

Code Review URL: https://mongodbcr.appspot.com/538310023/

Comment by Kenneth White [ 18/Nov/19 ]

This is the error as the user sees it:

Attempting to create field keys...
2019-11-18T17:24:45.184-0500 E QUERY [js] Error: BSON field 'root.EncryptionAlgorithm' is an unknown field. :
createKey@src/mongo/shell/keyvault.js:27:36

Generated at Thu Feb 08 05:06:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.