Skip to content

Commit

Permalink
Adding missing encryption context in decrypt call in KMS crypto plugin
Browse files Browse the repository at this point in the history
Signed-off-by: vikasvb90 <vikasvb@amazon.com>
  • Loading branch information
vikasvb90 committed Nov 27, 2023
1 parent f1df1cd commit 7a0a17c
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,11 @@ updates:
package-ecosystem: gradle
schedule:
interval: weekly
- directory: /modules/crypto/
open-pull-requests-limit: 1
package-ecosystem: gradle
schedule:
interval: weekly
- directory: /plugins/
open-pull-requests-limit: 1
package-ecosystem: gradle
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ public DataKeyPair generateDataPair() {
@Override
public byte[] decryptKey(byte[] encryptedKey) {
try (AmazonKmsClientReference clientReference = clientReferenceSupplier.get()) {
DecryptRequest decryptRequest = DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(encryptedKey)).build();
DecryptRequest decryptRequest = DecryptRequest.builder()
.ciphertextBlob(SdkBytes.fromByteArray(encryptedKey))
.encryptionContext(encryptionContext)
.build();
DecryptResponse decryptResponse = SocketAccess.doPrivileged(() -> clientReference.get().decrypt(decryptRequest));
return decryptResponse.plaintext().asByteArray();
}
Expand Down

0 comments on commit 7a0a17c

Please sign in to comment.