From 7a0a17c5eb252eb9518197bac21529e84778b287 Mon Sep 17 00:00:00 2001 From: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:51:26 +0530 Subject: [PATCH] Adding missing encryption context in decrypt call in KMS crypto plugin Signed-off-by: vikasvb90 --- .github/dependabot.yml | 5 +++++ .../java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1f4d309e44a4c..00dc16d3c36a3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -434,6 +434,11 @@ updates: package-ecosystem: gradle schedule: interval: weekly + - directory: /modules/crypto/ + open-pull-requests-limit: 1 + package-ecosystem: gradle + schedule: + interval: weekly - directory: /plugins/ open-pull-requests-limit: 1 package-ecosystem: gradle diff --git a/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java b/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java index 9003e8bebd5ff..19e000628a9c8 100644 --- a/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java +++ b/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java @@ -59,7 +59,10 @@ public DataKeyPair generateDataPair() { @Override public byte[] decryptKey(byte[] encryptedKey) { try (AmazonKmsClientReference clientReference = clientReferenceSupplier.get()) { - DecryptRequest decryptRequest = DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(encryptedKey)).build(); + DecryptRequest decryptRequest = DecryptRequest.builder() + .ciphertextBlob(SdkBytes.fromByteArray(encryptedKey)) + .encryptionContext(encryptionContext) + .build(); DecryptResponse decryptResponse = SocketAccess.doPrivileged(() -> clientReference.get().decrypt(decryptRequest)); return decryptResponse.plaintext().asByteArray(); }