Details
-
Bug
-
Resolution: Fixed
-
Critical - P2
-
None
-
None
-
None
-
None
Description
The key broker acts as intermediary storage of keys for encrypting/decrypting a single operation. When markings are received in libmongocrypt, the key broker tracks all requested key ids and alt names. When key documents are received, some entries are deduplicated (because a key may have been requested by both id and alt name, or multiple alt names). Due to a bug in this logic, it was possible for the key broker to lose key entries, resulting in an encryption/decryption failure due to missing key.