Address review: fail explicitly if baseIV is empty for SSE-S3 chunk encryption

If DestinationIV is not set when encrypting SSE-S3 chunks, the chunk would be created without SseMetadata, causing GetObject decryption to fail later. Now fails explicitly with a clear error message. Note: calculateIVWithOffset returns ([]byte, int) not ([]byte, error) - the int is a skip amount for intra-block alignment, not an error code.
2 days ago · fb1529ccfe
1 changed files with 15 additions and 14 deletions
--- a/weed/s3api/s3api_streaming_copy.go
+++ b/weed/s3api/s3api_streaming_copy.go
@ -509,7 +509,9 @@ func (scm *StreamingCopyManager) createChunkFromData(data []byte, offset int64,
 			if sseKey, ok := encSpec.DestinationKey.(*SSES3Key); ok {
 				// Calculate chunk-specific IV using base IV and chunk offset
 				baseIV := encSpec.DestinationIV
-				if len(baseIV) > 0 {
+				if len(baseIV) == 0 {
+					return nil, fmt.Errorf("SSE-S3 encryption requires DestinationIV to be set for chunk at offset %d", offset)
+				}
 				chunkIV, _ := calculateIVWithOffset(baseIV, offset)
 				// Create chunk key with the chunk-specific IV
 				chunkSSEKey := &SSES3Key{
@ -526,7 +528,6 @@ func (scm *StreamingCopyManager) createChunkFromData(data []byte, offset int64,
 			}
 		}
 	}
-	}

 	// Set file ID
 	if err := scm.s3a.setChunkFileId(chunk, assignResult); err != nil {