catch crypto.* errors and add SSE-S3 invalid algorithm err (#6229)

This commit adds the crypto.* errors to the `toAPIErrorCode` switch. Further this commit adds an S3 API error code returned whenever the client specifes a SSE-S3 request with an invalid algorithm parameter.
2025-10-29 15:55:00 -04:00 · 2018-08-04 01:55:45 +02:00 · 2018-08-04 01:55:45 +02:00 · a078703214
commit a078703214
parent bd2b22572f
1 changed files with 18 additions and 5 deletions
--- a/cmd/api-errors.go
+++ b/cmd/api-errors.go
@ -22,6 +22,7 @@ import (
 	"fmt"
 	"net/http"

+	"github.com/minio/minio/cmd/crypto"
 	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/dns"
 	"github.com/minio/minio/pkg/event"
@ -129,6 +130,9 @@ const (
 	ErrInvalidPrefixMarker
 	// Add new error codes here.

+	// SSE-S3 related API errors
+	ErrInvalidEncryptionMethod
+
 	// Server-Side-Encryption (with Customer provided key) related API errors.
 	ErrInsecureSSECustomerRequest
 	ErrSSEMultipartEncrypted
@ -629,6 +633,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{
 		Description:    "Your metadata headers exceed the maximum allowed metadata size.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrInvalidEncryptionMethod: {
+		Code:           "InvalidRequest",
+		Description:    "The encryption method specified is not supported",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrInsecureSSECustomerRequest: {
 		Code:           "InvalidRequest",
 		Description:    "Requests specifying Server Side Encryption with Customer provided keys must be made over a secure connection.",
@ -866,17 +875,19 @@ func toAPIErrorCode(err error) (apiErr APIErrorCode) {
 	case auth.ErrInvalidSecretKeyLength:
 		apiErr = ErrAdminInvalidSecretKey
 	// SSE errors
+	case crypto.ErrInvalidEncryptionMethod:
+		apiErr = ErrInvalidEncryptionMethod
 	case errInsecureSSERequest:
 		apiErr = ErrInsecureSSECustomerRequest
-	case errInvalidSSEAlgorithm:
+	case errInvalidSSEAlgorithm, crypto.ErrInvalidCustomerAlgorithm:
 		apiErr = ErrInvalidSSECustomerAlgorithm
-	case errInvalidSSEKey:
+	case errInvalidSSEKey, crypto.ErrInvalidCustomerKey:
 		apiErr = ErrInvalidSSECustomerKey
-	case errMissingSSEKey:
+	case errMissingSSEKey, crypto.ErrMissingCustomerKey:
 		apiErr = ErrMissingSSECustomerKey
-	case errMissingSSEKeyMD5:
+	case errMissingSSEKeyMD5, crypto.ErrMissingCustomerKeyMD5:
 		apiErr = ErrMissingSSECustomerKeyMD5
-	case errSSEKeyMD5Mismatch:
+	case errSSEKeyMD5Mismatch, crypto.ErrCustomerKeyMD5Mismatch:
 		apiErr = ErrSSECustomerKeyMD5Mismatch
 	case errObjectTampered:
 		apiErr = ErrObjectTampered
@ -990,6 +1001,8 @@ func toAPIErrorCode(err error) (apiErr APIErrorCode) {
 		apiErr = ErrUnsupportedNotification
 	case BackendDown:
 		apiErr = ErrBackendDown
+	case crypto.Error:
+		apiErr = ErrObjectTampered
 	default:
 		apiErr = ErrInternalError
 	}