MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-25 22:55:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

return AWS compliant error if SSE-C key is wrong (#5203)

Browse Source 
This PR changes the behavior of DecryptRequest.
Instead of returning `object-tampered` if the client provided
key is wrong DecryptRequest will return `access-denied`.

This is AWS S3 behavior.

Fixes #5202
This commit is contained in:
Andreas Auernhammer 2017-11-20 23:04:10 +01:00 committed by Dee Koder
parent fce556b8a0
commit e95c0bb913
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/encryption-v1.go
View File

@ -253,7 +253,9 @@ func DecryptRequest(client io.Writer, r *http.Request, metadata map[string]strin
Key: keyEncryptionKey, Key: keyEncryptionKey,
}) })
if n != 32 || err != nil { if n != 32 || err != nil {
return nil, errObjectTampered // Either the provided key does not match or the object was tampered.
// To provide strict AWS S3 compatibility we return: access denied.
return nil, errSSEKeyMismatch
} }
writer, err := sio.DecryptWriter(client, sio.Config{Key: objectEncryptionKey.Bytes()}) writer, err := sio.DecryptWriter(client, sio.Config{Key: objectEncryptionKey.Bytes()})