From 846128d08bd3fcd72f23b3123b332d0692782e41 Mon Sep 17 00:00:00 2001
From: Stuart Stock <stuart@int08h.com>
Date: Sun, 28 Oct 2018 20:27:02 -0500
Subject: Release 1.1.1 to correct missing aux data in AWS KMS decrypt path

Auxilliary data was not provided in encryption context provided
to AWS KMS decrypt() call, causing unwrapping to fail.
---
 src/kms/awskms.rs | 4 ++++
 src/lib.rs        | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/kms/awskms.rs b/src/kms/awskms.rs
index 4a244db..7ff131a 100644
--- a/src/kms/awskms.rs
+++ b/src/kms/awskms.rs
@@ -99,6 +99,10 @@ pub mod inner {
             let mut decrypt_req: DecryptRequest = Default::default();
             decrypt_req.ciphertext_blob = encrypted_dek.clone();
 
+            let mut dec_context = HashMap::new();
+            dec_context.insert("AD".to_string(), AD.to_string());
+            decrypt_req.encryption_context = Some(dec_context);
+
             match self.kms_client.decrypt(decrypt_req).sync() {
                 Ok(result) => {
                     if let Some(plaintext_dek) = result.plaintext {
diff --git a/src/lib.rs b/src/lib.rs
index b87f800..4c478f1 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -84,7 +84,7 @@ pub use message::RtMessage;
 pub use tag::Tag;
 
 /// Version of Roughenough
-pub const VERSION: &str = "1.1.0";
+pub const VERSION: &str = "1.1.1";
 
 /// Roughenough version string enriched with any compile-time optional features
 pub fn roughenough_version() -> String {
-- 
cgit v1.2.3