Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix SSE-C IV Mismatch

pull/7481/head
chrislu 1 month ago
parent
79ed8419dd
commit
70d58a75a9
1 changed files with 4 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      weed/s3api/s3api_object_handlers.go

11
weed/s3api/s3api_object_handlers.go
View File

@ -3024,13 +3024,10 @@ func (s3a *S3ApiServer) createMultipartSSECDecryptedReader(r *http.Request, prox
return nil, fmt.Errorf("failed to decode IV for SSE-C chunk %s: %v", chunk.GetFileIdString(), ivErr) return nil, fmt.Errorf("failed to decode IV for SSE-C chunk %s: %v", chunk.GetFileIdString(), ivErr)
} }
// Calculate the correct IV for this chunk using within-part offset
var chunkIV []byte
if ssecMetadata.PartOffset > 0 {
chunkIV = calculateIVWithOffset(iv, ssecMetadata.PartOffset)
} else {
chunkIV = iv
}
// Note: For multipart SSE-C, each part was encrypted with offset=0
// So we use the stored IV directly without offset adjustment
// PartOffset is stored for informational purposes, but encryption uses offset=0
chunkIV := iv
decryptedReader, decErr := CreateSSECDecryptedReader(chunkReader, customerKey, chunkIV) decryptedReader, decErr := CreateSSECDecryptedReader(chunkReader, customerKey, chunkIV)
if decErr != nil { if decErr != nil {

Write Preview
Loading…
Cancel
Save