Details
-
Bug
-
Resolution: Fixed
-
Critical - P2
-
None
-
None
-
None
-
None
Description
Per https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05, the ENC_KEY is bytes [32..63] of the key. libmongocrypt is using the last 32 bytes of the key. This is incorrect.
Bug is here:
https://github.com/mongodb/libmongocrypt/blob/3596d57cfb0a8837b1338af15cfd7e7f9dcc838f/src/mongocrypt-crypto.c#L373