Adding missing encryption context in decrypt call in KMS crypto plugin (

#11341) Signed-off-by: vikasvb90 <vikasvb@amazon.com>
opensearch-project · Nov 27, 2023 · f74cd36 · f74cd36
1 parent aec76e6
commit f74cd36
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -434,6 +434,11 @@ updates:
     package-ecosystem: gradle
     schedule:
       interval: weekly
+  - directory: /modules/crypto/
+    open-pull-requests-limit: 1
+    package-ecosystem: gradle
+    schedule:
+      interval: weekly
   - directory: /plugins/
     open-pull-requests-limit: 1
     package-ecosystem: gradle

diff --git a/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java b/plugins/crypto-kms/src/main/java/org/opensearch/crypto/kms/KmsMasterKeyProvider.java
@@ -59,7 +59,10 @@ public DataKeyPair generateDataPair() {
     @Override
     public byte[] decryptKey(byte[] encryptedKey) {
         try (AmazonKmsClientReference clientReference = clientReferenceSupplier.get()) {
-            DecryptRequest decryptRequest = DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(encryptedKey)).build();
+            DecryptRequest decryptRequest = DecryptRequest.builder()
+                .ciphertextBlob(SdkBytes.fromByteArray(encryptedKey))
+                .encryptionContext(encryptionContext)
+                .build();
             DecryptResponse decryptResponse = SocketAccess.doPrivileged(() -> clientReference.get().decrypt(decryptRequest));
             return decryptResponse.plaintext().asByteArray();
         }