Security issue notifications
If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
Problem:
KMSMasterKey swallows root causes:
|
except (ClientError, KeyError): |
try:
response = self.config.client.generate_data_key(**kms_params)
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.10
# //# The response's "Plaintext" MUST be the plaintext in the output.
plaintext = response["Plaintext"]
# //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.10
# //# The response's cipher text blob MUST be used as the returned as the
# //# ciphertext for the encrypted data key in the output.
ciphertext = response["CiphertextBlob"]
key_id = response["KeyId"]
except (ClientError, KeyError):
error_message = "Master Key {key_id} unable to generate data key".format(key_id=self._key_id)
_LOGGER.exception(error_message)
raise GenerateKeyError(error_message)
Solution:
Log actual error. I am debugging in the dark here.
Security issue notifications
If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public GitHub issue.
Problem:
KMSMasterKey swallows root causes:
aws-encryption-sdk-python/src/aws_encryption_sdk/key_providers/kms.py
Line 202 in d316a18
Solution:
Log actual error. I am debugging in the dark here.