[SERVER-44721] Shell KMS AWS support cannot decrypt responses Created: 18/Nov/19 Updated: 29/Oct/23 Resolved: 19/Nov/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.2.0, 4.2.1 |
| Fix Version/s: | 4.2.2, 4.3.2 |
| Type: | Bug | Priority: | Blocker - P1 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v4.2
|
||||||||||||||||
| Sprint: | Security 2019-12-02 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 46 | ||||||||||||||||
| Description |
|
On November 13, 2019, AWS added a new field EncryptionResponse to the decrypt message response from KMS. This is not documented here as of the filing of this ticket.
As a result, 4.2.0, and 4.2.1 shell cannot work with AWS KMS |
| Comments |
| Comment by Githook User [ 19/Nov/19 ] | |||
|
Author: {'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto'}Message: (cherry picked from commit 60c957304e503dbca360838627cf0f8402764929) | |||
| Comment by Githook User [ 19/Nov/19 ] | |||
|
Author: {'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: | |||
| Comment by Mark Benvenuto [ 19/Nov/19 ] | |||
|
Code Review URL: https://mongodbcr.appspot.com/538310023/ | |||
| Comment by Kenneth White [ 18/Nov/19 ] | |||
|
This is the error as the user sees it:
|