fix: Handle errors when decrypting multiple EDKs with raw RSA MKPs (#672)

Author: lucasmcdonald3

src/aws_encryption_sdk/internal/crypto/wrapping_keys.py

@@ -98,9 +98,12 @@ def decrypt(self, encrypted_wrapped_data_key, encryption_context):
         if self.wrapping_key_type is EncryptionKeyType.PUBLIC:
             raise IncorrectMasterKeyError("Public key cannot decrypt")
         if self.wrapping_key_type is EncryptionKeyType.PRIVATE:
-            return self._wrapping_key.decrypt(
-                ciphertext=encrypted_wrapped_data_key.ciphertext, padding=self.wrapping_algorithm.padding
-            )
+            try:
+                return self._wrapping_key.decrypt(
+                    ciphertext=encrypted_wrapped_data_key.ciphertext, padding=self.wrapping_algorithm.padding
+                )
+            except ValueError:
+                raise IncorrectMasterKeyError("_wrapping_key cannot decrypt provided ciphertext")
         serialized_encryption_context = serialize_encryption_context(encryption_context=encryption_context)
         return decrypt(
             algorithm=self.wrapping_algorithm.algorithm,