MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-27 06:33:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

do not crash when KMS is not enabled (#14634)

Browse Source 
KMS when not enabled might crash when listing
an object that previously had SSE-S3 enabled,
fail appropriately in such situations.
This commit is contained in:
Harshavardhana 2022-03-27 08:54:01 -07:00 committed by GitHub
parent be5d394e56
commit ecfae074dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/crypto/sse-kms.go
View File

@ -96,6 +96,10 @@ func (ssekms) IsEncrypted(metadata map[string]string) bool {
// from the metadata using KMS and returns the decrypted object // from the metadata using KMS and returns the decrypted object
// key. // key.
func (s3 ssekms) UnsealObjectKey(KMS kms.KMS, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { func (s3 ssekms) UnsealObjectKey(KMS kms.KMS, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {
if KMS == nil {
return key, Errorf("KMS not configured")
}
keyID, kmsKey, sealedKey, ctx, err := s3.ParseMetadata(metadata) keyID, kmsKey, sealedKey, ctx, err := s3.ParseMetadata(metadata)
if err != nil { if err != nil {
return key, err return key, err

7
internal/crypto/sse-s3.go
View File

@ -72,6 +72,9 @@ func (sses3) IsEncrypted(metadata map[string]string) bool {
// from the metadata using KMS and returns the decrypted object // from the metadata using KMS and returns the decrypted object
// key. // key.
func (s3 sses3) UnsealObjectKey(KMS kms.KMS, metadata map[string]string, bucket, object string) (key ObjectKey, err error) { func (s3 sses3) UnsealObjectKey(KMS kms.KMS, metadata map[string]string, bucket, object string) (key ObjectKey, err error) {
if KMS == nil {
return key, Errorf("KMS not configured")
}
keyID, kmsKey, sealedKey, err := s3.ParseMetadata(metadata) keyID, kmsKey, sealedKey, err := s3.ParseMetadata(metadata)
if err != nil { if err != nil {
return key, err return key, err
@ -90,6 +93,10 @@ func (s3 sses3) UnsealObjectKey(KMS kms.KMS, metadata map[string]string, bucket,
// //
// The metadata, buckets and objects slices must have the same length. // The metadata, buckets and objects slices must have the same length.
func (s3 sses3) UnsealObjectKeys(KMS kms.KMS, metadata []map[string]string, buckets, objects []string) ([]ObjectKey, error) { func (s3 sses3) UnsealObjectKeys(KMS kms.KMS, metadata []map[string]string, buckets, objects []string) ([]ObjectKey, error) {
if KMS == nil {
return nil, Errorf("KMS not configured")
}
if len(metadata) != len(buckets) || len(metadata) != len(objects) { if len(metadata) != len(buckets) || len(metadata) != len(objects) {
return nil, Errorf("invalid metadata/object count: %d != %d != %d", len(metadata), len(buckets), len(objects)) return nil, Errorf("invalid metadata/object count: %d != %d != %d", len(metadata), len(buckets), len(objects))
} }