Skip to content

Commit

Permalink
Adding missing encryption context in decrypt call in KMS crypto plugin (
Browse files Browse the repository at this point in the history
#11321)

Signed-off-by: vikasvb90 <vikasvb@amazon.com>
  • Loading branch information
vikasvb90 authored Nov 27, 2023
1 parent cdbbfcc commit 5a8e27a
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -711,6 +711,14 @@ updates:
labels:
- "dependabot"
- "dependencies"
- directory: /modules/crypto/
open-pull-requests-limit: 1
package-ecosystem: gradle
schedule:
interval: weekly
labels:
- "dependabot"
- "dependencies"
- directory: /plugins/
open-pull-requests-limit: 1
package-ecosystem: gradle
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ public DataKeyPair generateDataPair() {
@Override
public byte[] decryptKey(byte[] encryptedKey) {
try (AmazonKmsClientReference clientReference = clientReferenceSupplier.get()) {
DecryptRequest decryptRequest = DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(encryptedKey)).build();
DecryptRequest decryptRequest = DecryptRequest.builder()
.ciphertextBlob(SdkBytes.fromByteArray(encryptedKey))
.encryptionContext(encryptionContext)
.build();
DecryptResponse decryptResponse = SocketAccess.doPrivileged(() -> clientReference.get().decrypt(decryptRequest));
return decryptResponse.plaintext().asByteArray();
}
Expand Down

0 comments on commit 5a8e27a

Please sign in to comment.