Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Address review: make SSE-S3 metadata serialization failures fatal errors 

- In executeEncryptCopy: return error instead of just logging if
  SerializeSSES3Metadata fails
- In createChunkFromData: return error if chunk SSE-S3 metadata
  serialization fails

This ensures objects/chunks are never created without proper encryption
metadata, preventing unreadable/corrupted data.
pull/7598/head
chrislu 3 days ago
parent
43fc623e3e
commit
5ffe8466b6
2 changed files with 18 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      weed/s3api/s3api_object_handlers_copy_unified.go
  2. 20
      weed/s3api/s3api_streaming_copy.go

14
weed/s3api/s3api_object_handlers_copy_unified.go
View File

@ -148,13 +148,13 @@ func (s3a *S3ApiServer) executeEncryptCopy(entry *filer_pb.Entry, r *http.Reques
if len(encSpec.DestinationIV) > 0 { if len(encSpec.DestinationIV) > 0 {
sseKey.IV = encSpec.DestinationIV sseKey.IV = encSpec.DestinationIV
} }
if keyData, serErr := SerializeSSES3Metadata(sseKey); serErr == nil {
dstMetadata[s3_constants.SeaweedFSSSES3Key] = keyData
dstMetadata[s3_constants.AmzServerSideEncryption] = []byte("AES256")
glog.V(3).Infof("Generated SSE-S3 metadata for streaming encrypt copy: %s", dstPath)
} else {
glog.Errorf("Failed to serialize SSE-S3 metadata: %v", serErr)
}
keyData, serErr := SerializeSSES3Metadata(sseKey)
if serErr != nil {
return nil, nil, fmt.Errorf("failed to serialize SSE-S3 metadata: %w", serErr)
}
dstMetadata[s3_constants.SeaweedFSSSES3Key] = keyData
dstMetadata[s3_constants.AmzServerSideEncryption] = []byte("AES256")
glog.V(3).Infof("Generated SSE-S3 metadata for streaming encrypt copy: %s", dstPath)
} }
} }
return chunks, dstMetadata, nil return chunks, dstMetadata, nil

20
weed/s3api/s3api_streaming_copy.go
View File

@ -518,15 +518,17 @@ func (scm *StreamingCopyManager) createChunkFromData(data []byte, offset int64,
if len(baseIV) > 0 { if len(baseIV) > 0 {
chunkIV, _ := calculateIVWithOffset(baseIV, offset) chunkIV, _ := calculateIVWithOffset(baseIV, offset)
// Create chunk key with the chunk-specific IV // Create chunk key with the chunk-specific IV
chunkSSEKey := &SSES3Key{
Key: sseKey.Key,
KeyID: sseKey.KeyID,
Algorithm: sseKey.Algorithm,
IV: chunkIV,
}
if chunkMetadata, serErr := SerializeSSES3Metadata(chunkSSEKey); serErr == nil {
chunk.SseMetadata = chunkMetadata
}
chunkSSEKey := &SSES3Key{
Key: sseKey.Key,
KeyID: sseKey.KeyID,
Algorithm: sseKey.Algorithm,
IV: chunkIV,
}
chunkMetadata, serErr := SerializeSSES3Metadata(chunkSSEKey)
if serErr != nil {
return nil, fmt.Errorf("failed to serialize chunk SSE-S3 metadata: %w", serErr)
}
chunk.SseMetadata = chunkMetadata
} }
} }
} }

Write Preview
Loading…
Cancel
Save