Skip to content

Avoid throwing exception on decrypt failure #2129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 1 commit into
base: thperapp/fipsFix
Choose a base branch
from
Draft

Avoid throwing exception on decrypt failure #2129

Copilot wants to merge 1 commit into from

Conversation

Copy link

Copilot AI commented Nov 13, 2025
edited
Loading

The decryption logic was throwing OSError exceptions when openssl cms or openssl smime commands failed, causing the handler to crash instead of gracefully handling decryption failures.

Changes

  • Wrapped waagent.RunSendStdin() calls in try-except blocks to catch OSError exceptions
  • Added fallback logic: attempts openssl cms first (FIPS 140-3 compliant), then falls back to openssl smime if the first fails
  • Added logging to track which decryption method succeeded or failed
for decrypt_cmd in [cms_cmd, smime_cmd]:
    try:
        output = waagent.RunSendStdin(decrypt_cmd, unencodedSettings)
        if output[0] == 0 and output[1]:
            protected_settings_str = output[1]
            break
        else:
            self.log('Attempt to decrypt protectedSettings with "{0}" failed (rc={1}).'.format(decrypt_cmd, output[0]))
    except OSError:
        pass

The handler now continues execution even if both decryption methods fail, allowing the extension to handle missing protected settings appropriately rather than crashing.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Nov 13, 2025
Merged
Copilot AI changed the title [WIP] Fix issue to avoid throwing exception on decrypt failure Avoid throwing exception on decrypt failure Nov 13, 2025
Copilot AI requested a review from simathih November 13, 2025 16:20
Copilot finished work on behalf of simathih November 13, 2025 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simathih simathih Awaiting requested review from simathih

Assignees

@simathih simathih

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simathih