<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:08:58 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[MONGOCRYPT-563] &quot;Cryptographic Usage Mask&quot; not included in KMIP Register request</title>
                <link>https://jira.mongodb.org/browse/MONGOCRYPT-563</link>
                <project id="17481" key="MONGOCRYPT">Libmongocrypt</project>
                    <description>&lt;h1&gt;&lt;a name=&quot;Scope&quot;&gt;&lt;/a&gt;Scope&lt;/h1&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Include &quot;Cryptographic Usage Mask&quot; in the KMIP Register request&lt;/li&gt;
&lt;/ul&gt;


&lt;h1&gt;&lt;a name=&quot;Background%26Motivation&quot;&gt;&lt;/a&gt;Background &amp;amp; Motivation&lt;/h1&gt;

&lt;p&gt;&lt;a href=&quot;http://docs.oasis-open.org/kmip/spec/v1.0/os/kmip-spec-1.0-os.html#_Toc262581211&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;4.3 Register&lt;/a&gt; lists the &quot;Cryptographic Usage Mask&quot; attribute as REQUIRED.&lt;/p&gt;

&lt;p&gt;The &quot;Cryptographic Usage Mask&quot; attribute included is not included in the &lt;a href=&quot;https://github.com/mongodb/libmongocrypt/blob/0caa1d3249d85050d0e3422d602e630aca574e0b/kms-message/src/kms_kmip_request.c#L41-L70&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Register request for the SecretData object created by libmongocrypt&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;It was &lt;a href=&quot;https://mongodb.slack.com/archives/CDM9QEGUT/p1679061262507339&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;reported on slack&lt;/a&gt; that versions 1.12 and 1.13 of HashiCorp Vault KMIP return an error on the KMIP Register request:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Error message: Caused by: com.mongodb.crypt.capi.MongoCryptException: Error getting UniqueIdentifer from KMIP Register response: KMIP response error. Result Status (1): Operation Failed. Result Reason (4): Invalid Message. Result Message: result reason: ResultReasonInvalidMessage; additional message: attribute Cryptographic Usage Mask is missing&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;The SecretData is not used for crypto operations within KMIP. It is fetched, then used within libmongocrypt. I expect the &quot;Cryptographic Usage Mask&quot; can be set to 0.&lt;/p&gt;


&lt;p&gt;&lt;a href=&quot;http://docs.oasis-open.org/kmip/spec/v1.0/os/kmip-spec-1.0-os.html#_Toc262581188&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;3.14 Cryptographic Usage Mask&lt;/a&gt; lists &quot;Cryptographic Usage Mask&quot; in &quot;When implicitly set&quot; for the &quot;Register&quot; operation. &lt;a href=&quot;http://docs.oasis-open.org/kmip/spec/v1.0/os/kmip-spec-1.0-os.html#_Toc262581172&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;3 Attributes&lt;/a&gt; defines &quot;When implicitly set&quot; as &quot;Which operations MAY cause this attribute to be set even if the attribute is not specified in the operation request itself?&quot;. HashiCorp Vault may have been implicitly setting this attribute before. And now requires the client to specify it.&lt;/p&gt;

&lt;p&gt;An enterprise license to HashiCorp Vault is needed to test KMIP with HashiCorp Vault.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2291049">MONGOCRYPT-563</key>
            <summary>&quot;Cryptographic Usage Mask&quot; not included in KMIP Register request</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Fri, 17 Mar 2023 14:37:08 +0000</created>
                <updated>Sat, 28 Oct 2023 10:25:59 +0000</updated>
                            <resolved>Wed, 22 Mar 2023 16:57:13 +0000</resolved>
                                                    <fixVersion>1.7.3</fixVersion>
                                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="5323349" author="kevin.albertson" created="Tue, 4 Apr 2023 14:41:59 +0000"  >&lt;p&gt;This bug is now fixed and released in libmongocrypt 1.7.3. I also verified that Hashicorp Vault 1.13.1 is no longer impacted by this bug. The fix in libmongocrypt 1.7.3 and may benefit users of Hashicorp Vault 1.12 to 1.13.0. But users impacted by this bug also have the option of upgrading to Hashicorp Vault 1.13.1.&lt;/p&gt;</comment>
                            <comment id="5292704" author="xgen-internal-githook" created="Wed, 22 Mar 2023 16:56:56 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-563&quot; title=&quot;&amp;quot;Cryptographic Usage Mask&amp;quot; not included in KMIP Register request&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-563&quot;&gt;&lt;del&gt;MONGOCRYPT-563&lt;/del&gt;&lt;/a&gt; add CryptographicUsageMask to Register request (#603)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;format kms_kmip_request.c&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;fix error checks of `kms_kmip_request.*new`&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;On error, the calls return a `kms_request_t*` with an error attached.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;add `Cryptographic Usage Mask` attribute to KMIP `Register` request&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;change `Key Format Type` from `Raw` to `Opaque`.&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;update comments and test data&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;fix comment. SecretDataType used is Seed, not Password&lt;br/&gt;
Branch: r1.7&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/commit/231c8bd04b1b4adfb508a8407d5b40d614a1d85a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/commit/231c8bd04b1b4adfb508a8407d5b40d614a1d85a&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="5292700" author="xgen-internal-githook" created="Wed, 22 Mar 2023 16:56:08 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-563&quot; title=&quot;&amp;quot;Cryptographic Usage Mask&amp;quot; not included in KMIP Register request&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-563&quot;&gt;&lt;del&gt;MONGOCRYPT-563&lt;/del&gt;&lt;/a&gt; add CryptographicUsageMask to Register request (#603)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;format kms_kmip_request.c&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;fix error checks of `kms_kmip_request.*new`&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;On error, the calls return a `kms_request_t*` with an error attached.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;add `Cryptographic Usage Mask` attribute to KMIP `Register` request&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;change `Key Format Type` from `Raw` to `Opaque`.&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;update comments and test data&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;fix comment. SecretDataType used is Seed, not Password&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/commit/d8472efe28e0a619aeb138d3a618eaf2863e7fba&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/commit/d8472efe28e0a619aeb138d3a618eaf2863e7fba&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2307324">DRIVERS-2598</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                <customfield id="customfield_21957" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Binding Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="22966"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001s77djQAA]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1j100:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>