mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
return AWS compliant error if SSE-C key is wrong (#5203)
This PR changes the behavior of DecryptRequest. Instead of returning `object-tampered` if the client provided key is wrong DecryptRequest will return `access-denied`. This is AWS S3 behavior. Fixes #5202
This commit is contained in:
parent
fce556b8a0
commit
e95c0bb913
@ -253,7 +253,9 @@ func DecryptRequest(client io.Writer, r *http.Request, metadata map[string]strin
|
|||||||
Key: keyEncryptionKey,
|
Key: keyEncryptionKey,
|
||||||
})
|
})
|
||||||
if n != 32 || err != nil {
|
if n != 32 || err != nil {
|
||||||
return nil, errObjectTampered
|
// Either the provided key does not match or the object was tampered.
|
||||||
|
// To provide strict AWS S3 compatibility we return: access denied.
|
||||||
|
return nil, errSSEKeyMismatch
|
||||||
}
|
}
|
||||||
|
|
||||||
writer, err := sio.DecryptWriter(client, sio.Config{Key: objectEncryptionKey.Bytes()})
|
writer, err := sio.DecryptWriter(client, sio.Config{Key: objectEncryptionKey.Bytes()})
|
||||||
|
Loading…
Reference in New Issue
Block a user