mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
return AWS compliant error if SSE-C key is wrong (#5203)
This PR changes the behavior of DecryptRequest. Instead of returning `object-tampered` if the client provided key is wrong DecryptRequest will return `access-denied`. This is AWS S3 behavior. Fixes #5202
This commit is contained in:
parent
fce556b8a0
commit
e95c0bb913
@ -253,7 +253,9 @@ func DecryptRequest(client io.Writer, r *http.Request, metadata map[string]strin
|
||||
Key: keyEncryptionKey,
|
||||
})
|
||||
if n != 32 || err != nil {
|
||||
return nil, errObjectTampered
|
||||
// Either the provided key does not match or the object was tampered.
|
||||
// To provide strict AWS S3 compatibility we return: access denied.
|
||||
return nil, errSSEKeyMismatch
|
||||
}
|
||||
|
||||
writer, err := sio.DecryptWriter(client, sio.Config{Key: objectEncryptionKey.Bytes()})
|
||||
|
Loading…
Reference in New Issue
Block a user