Add error handling for invalid encryption keys with logging

- Wrapped pbkdf2_hmac in a begin-rescue block to catch encryption key errors.
- Added detailed error logging for failed key derivation.

Author: kathap

lib/cloud_controller/encryptor.rb

@@ -83,7 +83,20 @@ def run_cipher(cipher, input, salt, key, iterations:)
         if deprecated_short_salt?(salt)
           cipher.pkcs5_keyivgen(key, salt)
         else
-          cipher.key = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iterations, 16, OpenSSL::Digest.new('SHA256'))
+          begin
+            cipher.key = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iterations, 16, OpenSSL::Digest.new('SHA256'))
+          rescue StandardError => e
+            if key.nil?
+              logger.error("Failed to derive cipher key due to missing key for encryption_key_label=#{current_encryption_key_label}: #{e.class}: #{e.message}")
+            elsif salt.nil?
+              logger.error("Failed to derive cipher key due to missing salt: #{e.class}: #{e.message}")
+            elsif input.nil?
+              logger.error("Failed to derive cipher key due to missing input: #{e.class}: #{e.message}")
+            elsif !iterations.is_a?(Integer)
+              logger.error("Failed to derive cipher key due to wrong type of iterations (must be integer): #{e.class}: #{e.message}")
+            end
+            raise
+          end
           cipher.iv = salt
         end
         cipher.update(input) << cipher.final