From 404d2ebe3f9eedc90d88ac3b51b660c4eaa8f308 Mon Sep 17 00:00:00 2001 From: Andreas Auernhammer Date: Wed, 7 Apr 2021 23:50:28 +0200 Subject: [PATCH] set SSE headers in put-part response (#12008) This commit fixes a bug in the put-part implementation. The SSE headers should be set as specified by AWS - See: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html Now, the MinIO server should set SSE-C headers, like `x-amz-server-side-encryption-customer-algorithm`. Fixes #11991 --- cmd/object-handlers.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 94ffbed9e..1789ab949 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -2371,8 +2371,20 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http } etag := partInfo.ETag - if isEncrypted { - etag = tryDecryptETag(objectEncryptionKey[:], partInfo.ETag, crypto.SSEC.IsRequested(r.Header)) + switch kind, encrypted := crypto.IsEncrypted(mi.UserDefined); { + case encrypted: + switch kind { + case crypto.S3: + w.Header().Set(xhttp.AmzServerSideEncryption, xhttp.AmzEncryptionAES) + etag = tryDecryptETag(objectEncryptionKey[:], etag, false) + case crypto.SSEC: + w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm)) + w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5)) + + if len(etag) >= 32 && strings.Count(etag, "-") != 1 { + etag = etag[len(etag)-32:] + } + } } // We must not use the http.Header().Set method here because some (broken)