gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3306abae107b1f54ae682759e7d6d533e09d60b5
seaweedFS/weed/s3api
History
Chris Lu c2bfd7b524 fix: honor SSE-C chunk offsets in decryption for large chunked uploads (#8216) 
* fix: honor SSE-C chunk offsets in decryption for large chunked uploads

Fixes issue #8215 where SSE-C decryption for large objects could corrupt
data by ignoring per-chunk PartOffset values.

Changes:
- Add TestSSECLargeObjectChunkReassembly unit test to verify correct
  decryption of 19MB object split into 8MB chunks using PartOffset
- Update decryptSSECChunkView and createMultipartSSECDecryptedReaderDirect
  to extract PartOffset from SSE-C metadata and pass to
  CreateSSECDecryptedReaderWithOffset for offset-aware decryption
- Fix createCTRStreamWithOffset to use calculateIVWithOffset for proper
  block-aligned counter advancement, matching SSE-KMS/S3 behavior
- Update comments to clarify SSE-C IV handling uses per-chunk offsets
  (unlike base IV approach used by KMS/S3)

All tests pass: go test ./weed/s3api ✓

* fix: close chunkReader on error paths in createMultipartSSECDecryptedReader

Address resource leak issue reported in PR #8216: ensure chunkReader is
properly closed before returning on all error paths, including:
- DeserializeSSECMetadata failures
- IV decoding errors
- Invalid PartOffset values
- SSE-C reader creation failures
- Missing per-chunk metadata

This prevents leaking network connections and file handles during
SSE-C multipart decryption error scenarios.

* docs: clarify SSE-C IV handling in decryptSSECChunkView comment

Replace misleading warning 'Do NOT call calculateIVWithOffset' with
accurate explanation that:
- CreateSSECDecryptedReaderWithOffset internally uses calculateIVWithOffset
  to advance the CTR counter to reach PartOffset
- calculateIVWithOffset is applied only to the per-part IV, NOT to derive
  a global base IV for all parts
- This differs fundamentally from SSE-KMS/SSE-S3 which use base IV +
  calculateIVWithOffset(ChunkOffset)

This clarifies the IV advancement mechanism while contrasting it with
the base IV approach used by other encryption schemes.
2026-02-04 22:57:41 -08:00
..
cors
go fmt
2026-01-28 14:34:07 -08:00
iceberg
Fix: filer not yet available in s3.configure (#8198)
2026-02-03 17:43:58 -08:00
policy
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
policy_engine
s3: allow single Statement object in policy document (#8212)
2026-02-04 16:23:20 -08:00
s3_constants
filer: auto clean empty implicit s3 folders (#8051)
2026-01-17 22:10:15 -08:00
s3_objectlock
fix: admin UI bucket deletion with filer group configured (#7735)
2025-12-13 19:04:12 -08:00
s3bucket
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3err
store S3 storage class in extended atrributes #7961 (#7962)
2026-01-04 11:24:43 -08:00
s3tables
s3tables: redesign Iceberg REST Catalog using iceberg-go and automate integration tests (#8197)
2026-02-03 15:30:04 -08:00
AmazonS3.xsd
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
auth_credentials_subscribe.go
Refactor Admin UI to use unified IAM storage and add MultipleFileStore (#8101)
2026-01-23 20:12:59 -08:00
auth_credentials_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_credentials_trust.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
auth_credentials.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_security_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_signature_v2_test.go
fix(s3api): fix AWS Signature V2 format and validation (#7488)
2025-11-26 12:24:02 -08:00
auth_signature_v2.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_signature_v4_sts_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_signature_v4_test.go
s3api: fix S3 Tables auth to allow auto-hashing of body (#8170)
2026-01-30 12:02:18 -08:00
auth_signature_v4.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_sts_identity_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
auth_sts_v4_test.go
Fix AWS SDK Signature V4 with STS credentials (issue #7941) (#7944)
2026-01-03 10:09:59 -08:00
auto_signature_v4_test.go
feat(iam): add SetUserStatus and UpdateAccessKey actions (#7750)
2025-12-14 18:48:39 -08:00
bucket_metadata_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
bucket_metadata.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
bucket_size_metrics.go
Make lock_manager.RenewInterval configurable in LiveLock (#7830)
2025-12-20 15:25:47 -08:00
chunked_bug_reproduction_test.go
S3 API: unsigned streaming (no cred) but chunks contain signatures (#7118)
2025-08-11 10:31:01 -07:00
chunked_reader_v4_test.go
IAM: Add Service Account Support (#7744) (#7901)
2025-12-29 20:17:23 -08:00
chunked_reader_v4.go
s3: support STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER for signed chunked uploads with checksums (#7623)
2025-12-04 14:51:37 -08:00
custom_types.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
filer_multipart_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
filer_multipart.go
fix: reduce N+1 queries in S3 versioned object list operations (#7814)
2025-12-18 17:44:27 -08:00
filer_util_tags.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
filer_util.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
object_lock_utils.go
Fix SeaweedFS S3 bucket extended attributes handling (#7854)
2025-12-22 23:19:50 -08:00
README.txt
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3_action_resolver.go
Add AWS IAM integration tests and refactor admin authorization (#8098)
2026-01-23 16:41:51 -08:00
s3_bucket_encryption.go
fix: CORS wildcard subdomain matching cache race condition (#7736)
2025-12-13 14:33:46 -08:00
s3_content_encoding_test.go
S3: Fix Content-Encoding header not preserved (#7894) (#7895)
2025-12-27 12:25:33 -08:00
s3_end_to_end_test.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
s3_error_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_existing_object_tag_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3_granular_action_security_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_iam_middleware.go
Add AWS IAM integration tests and refactor admin authorization (#8098)
2026-01-23 16:41:51 -08:00
s3_iam_role_selection_test.go
S3 API: Advanced IAM System (#7160)
2025-08-30 11:15:48 -07:00
s3_iam_simple_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3_jwt_auth_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3_list_parts_action_test.go
S3: add context aware action resolution (#7479)
2025-11-13 16:10:46 -08:00
s3_metadata_util.go
s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)
2025-12-26 13:21:15 -08:00
s3_multipart_iam_test.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
s3_multipart_iam.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_policy_templates_test.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_policy_templates.go
S3: Enforce bucket policy (#7471)
2025-11-12 22:14:50 -08:00
s3_presigned_url_iam_test.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
s3_presigned_url_iam.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3_sse_bucket_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c_range_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_c_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_c.go
fix: honor SSE-C chunk offsets in decryption for large chunked uploads (#8216)
2026-02-04 22:57:41 -08:00
s3_sse_copy_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_ctr_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_error_test.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_http_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_kms_utils.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3_sse_kms.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3_sse_metadata.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_multipart_test.go
fix: honor SSE-C chunk offsets in decryption for large chunked uploads (#8216)
2026-02-04 22:57:41 -08:00
s3_sse_s3_integration_test.go
go fmt
2025-10-27 23:04:55 -07:00
s3_sse_s3_multipart_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_sse_s3_test.go
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
2025-11-28 13:28:17 -08:00
s3_sse_s3.go
Explicit IAM gRPC APIs for S3 Server (#8126)
2026-01-26 13:38:15 -08:00
s3_sse_test_utils_test.go
S3 API: Fix SSE-S3 decryption on object download (#7366)
2025-10-23 20:10:12 -07:00
s3_sse_utils.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3_token_differentiation_test.go
fix: comprehensive go vet error fixes and add CI enforcement (#7861)
2025-12-23 14:48:50 -08:00
s3_validation_utils.go
go fmt
2025-10-27 23:04:55 -07:00
s3api_acl_helper_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_acl_helper.go
Add Kafka Gateway (#7231)
2025-10-13 18:05:17 -07:00
s3api_acp.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_auth.go
Fix critical authentication bypass vulnerability (#7912) (#7915)
2025-12-30 12:40:59 -08:00
s3api_bucket_config.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3api_bucket_cors_handlers.go
S3: add fallback for CORS (#7404)
2025-10-29 13:43:27 -07:00
s3api_bucket_handlers_object_lock_config.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_bucket_handlers_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_bucket_handlers.go
logging and debugging
2026-02-04 12:44:52 -08:00
s3api_bucket_metadata_test.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_bucket_policy_arn_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3api_bucket_policy_engine.go
Implement IAM propagation to S3 servers (#8130)
2026-01-26 22:59:43 -08:00
s3api_bucket_policy_handlers.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
s3api_bucket_tagging_handlers.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_circuit_breaker_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_circuit_breaker.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_conditional_headers_test.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_copy_size_calculation.go
S3 API: Add SSE-S3 (#7151)
2025-08-22 01:15:42 -07:00
s3api_copy_validation.go
S3 API: Add SSE-KMS (#7144)
2025-08-21 08:28:07 -07:00
s3api_domain_test.go
fix: Use a mixed of virtual and path styles within a single subdomain (#7357)
2025-10-24 01:45:22 -07:00
s3api_embedded_iam_test.go
Implement IAM propagation to S3 servers (#8130)
2026-01-26 22:59:43 -08:00
s3api_embedded_iam.go
Implement IAM propagation to S3 servers (#8130)
2026-01-26 22:59:43 -08:00
s3api_encrypted_volume_copy_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_governance_permissions_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_handlers.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_implicit_directory_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_key_rotation.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_list_normalization_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_nextmarker_test.go
fix: S3 listing NextMarker missing intermediate directory component (#8089)
2026-01-22 16:56:35 -08:00
s3api_object_handlers_acl.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_object_handlers_copy_test.go
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
2025-11-28 13:28:17 -08:00
s3api_object_handlers_copy_unified.go
s3api: ensure MD5 is calculated or reused during CopyObject (#8163)
2026-01-29 12:53:38 -08:00
s3api_object_handlers_copy.go
s3api: ensure MD5 is calculated or reused during CopyObject (#8163)
2026-01-29 12:53:38 -08:00
s3api_object_handlers_delete.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_legal_hold.go
adjust logs
2026-01-17 18:40:48 -08:00
s3api_object_handlers_list_directory_test.go
fix: directory incorrectly listed as object in S3 ListObjects (#7939)
2026-01-02 15:52:37 -08:00
s3api_object_handlers_list_test.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_object_handlers_list_versioned_test.go
Fix: trim prefix slash in ListObjectVersionsHandler (#7919)
2025-12-30 14:54:37 -08:00
s3api_object_handlers_list.go
logging and debugging
2026-02-04 12:44:52 -08:00
s3api_object_handlers_multipart.go
s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)
2025-12-26 13:21:15 -08:00
s3api_object_handlers_postpolicy_test.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_postpolicy.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_put_test.go
check errors
2025-11-21 14:48:41 -08:00
s3api_object_handlers_put.go
Fix S3 conditional writes with versioning (Issue #8073) (#8080)
2026-01-21 16:36:18 -08:00
s3api_object_handlers_retention.go
refactor (#6999)
2025-07-19 00:49:56 -07:00
s3api_object_handlers_tagging.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_object_handlers_test.go
Support multiple filers for S3 and IAM servers with automatic failover (#7550)
2025-11-26 11:29:55 -08:00
s3api_object_handlers.go
fix: honor SSE-C chunk offsets in decryption for large chunked uploads (#8216)
2026-02-04 22:57:41 -08:00
s3api_object_lock_fix_test.go
Fix get object lock configuration handler (#6996)
2025-07-18 02:19:50 -07:00
s3api_object_lock_headers_test.go
Test object lock and retention (#6997)
2025-07-18 22:25:58 -07:00
s3api_object_ownership_test.go
s3: implement Bucket Owner Enforced for object ownership (#7913)
2025-12-29 23:54:00 -08:00
s3api_object_retention_test.go
S3: S3 Object Retention API to include XML namespace support (#7517)
2025-11-20 11:42:22 -08:00
s3api_object_retention.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_object_versioning.go
s3api: fix ListObjectVersions inconsistency with delimiters (#8210)
2026-02-04 14:33:46 -08:00
s3api_policy.go
[s3] Put bucket lifecycle configuration (#5510)
2024-04-27 07:39:22 -07:00
s3api_put_handlers.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_put_object_helper_test.go
Add credential storage (#6938)
2025-07-02 18:03:17 -07:00
s3api_put_object_helper.go
s3api: remove redundant auth verification in getRequestDataReader (#7685)
2025-12-09 10:24:35 -08:00
s3api_remote_storage_test.go
fix: S3 remote storage cold-cache read fails with 'size reported but no content available' (#7817)
2025-12-18 21:19:44 -08:00
s3api_server_grpc.go
adjust logs and errors
2026-01-27 07:45:24 -08:00
s3api_server_routing_test.go
Implement IAM propagation to S3 servers (#8130)
2026-01-26 22:59:43 -08:00
s3api_server.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
s3api_sosapi_test.go
s3: Add SOSAPI support for Veeam integration (#7899)
2025-12-28 14:07:58 -08:00
s3api_sosapi.go
s3: Add SOSAPI support for Veeam integration (#7899)
2025-12-28 14:07:58 -08:00
s3api_sse_chunk_metadata_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_sse_decrypt_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_sse_s3_upload_test.go
S3: Directly read write volume servers (#7481)
2025-11-18 23:18:35 -08:00
s3api_status_handlers.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_streaming_copy.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_sts.go
Add AssumeRole and AssumeRoleWithLDAPIdentity STS actions (#8003)
2026-01-12 10:45:24 -08:00
s3api_tables.go
s3api: allow empty region and account id in s3tables ARN (#8171)
2026-01-30 13:15:39 -08:00
s3api_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_version_id_test.go
chore: execute goimports to format the code (#7983)
2026-01-07 13:06:08 -08:00
s3api_version_id.go
Refactor: Replace removeDuplicateSlashes with NormalizeObjectKey (#7873)
2025-12-24 19:07:08 -08:00
s3api_xsd_generated_helper.go
add s3test for sql (#5718)
2024-07-04 11:00:41 -07:00
s3api_xsd_generated.go
fix ListAllMyBucketsResult xmlns
2025-08-14 20:38:03 -07:00
stats.go
Populate bucket_traffic_received_bytes_total metric (#7249)
2025-09-17 19:04:51 -07:00
tags_test.go
tag parsing decode url encoded
2025-07-28 02:49:43 -07:00
tags.go
Add s3tables shell and admin UI (#8172)
2026-01-30 22:57:05 -08:00

README.txt 

see https://blog.aqwari.net/xml-schema-go/

1. go get aqwari.net/xml/cmd/xsdgen
2. Add EncodingType element for ListBucketResult in AmazonS3.xsd
3. xsdgen -o s3api_xsd_generated.go -pkg s3api AmazonS3.xsd
4. Remove empty Grantee struct in s3api_xsd_generated.go
5. Remove xmlns: sed s'/http:\/\/s3.amazonaws.com\/doc\/2006-03-01\/\ //' s3api_xsd_generated.go
Reference in New Issue View Git Blame Copy Permalink