MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-03-29 08:43:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

list: Do not decrypt SSE-S3 Etags in a non encrypted format (#20008)

Browse Source
This commit is contained in:
Poorna 2024-06-27 19:44:56 -07:00 committed by GitHub
parent 154fcaeb56
commit 13512170b5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/encryption-v1.go
View File

@ -134,11 +134,16 @@ func DecryptETags(ctx context.Context, k *kms.KMS, objects []ObjectInfo) error {
SSES3SinglePartObjects := make(map[int]bool) SSES3SinglePartObjects := make(map[int]bool)
for i, object := range batch { for i, object := range batch {
if kind, ok := crypto.IsEncrypted(object.UserDefined); ok && kind == crypto.S3 && !crypto.IsMultiPart(object.UserDefined) { if kind, ok := crypto.IsEncrypted(object.UserDefined); ok && kind == crypto.S3 && !crypto.IsMultiPart(object.UserDefined) {
SSES3SinglePartObjects[i] = true ETag, err := etag.Parse(object.ETag)
if err != nil {
metadata = append(metadata, object.UserDefined) continue
buckets = append(buckets, object.Bucket) }
names = append(names, object.Name) if ETag.IsEncrypted() {
SSES3SinglePartObjects[i] = true
metadata = append(metadata, object.UserDefined)
buckets = append(buckets, object.Bucket)
names = append(names, object.Name)
}
} }
} }
@ -190,7 +195,7 @@ func DecryptETags(ctx context.Context, k *kms.KMS, objects []ObjectInfo) error {
if err != nil { if err != nil {
return err return err
} }
if SSES3SinglePartObjects[i] && ETag.IsEncrypted() { if SSES3SinglePartObjects[i] {
ETag, err = etag.Decrypt(keys[0][:], ETag) ETag, err = etag.Decrypt(keys[0][:], ETag)
if err != nil { if err != nil {
return err return err