fix

2026-03-17 14:24:08 +00:00 · 2026-01-17 16:42:09 +08:00
parent 6ae884c571
commit 31ac6c20a5
4 changed files with 5 additions and 38 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -121,7 +121,7 @@
                "rust"
            ],
        },
-                {
+        {
            "name": "Debug executable target/debug/rustfs with sse",
            "type":  "lldb",
            "request": "launch",
--- a/crates/kms/src/service.rs
+++ b/crates/kms/src/service.rs
@@ -274,6 +274,8 @@ impl ObjectEncryptionService {
        let mut context = encryption_context.cloned().unwrap_or_default();
        context.insert("bucket".to_string(), bucket.to_string());
        context.insert("object_key".to_string(), object_key.to_string());
+        // Backward compatibility: also include legacy "object" context key
+        context.insert("object".to_string(), object_key.to_string());
        context.insert("algorithm".to_string(), algorithm.as_str().to_string());

        // Auto-create key for SSE-S3 if it doesn't exist
--- a/rustfs/Cargo.toml
+++ b/rustfs/Cargo.toml
@@ -116,7 +116,7 @@ md5.workspace = true
 mime_guess = { workspace = true }
 moka = { workspace = true }
 pin-project-lite.workspace = true
- rust-embed = { workspace = true, features = ["interpolate-folder-path"] }
+rust-embed = { workspace = true, features = ["interpolate-folder-path"] }
 s3s.workspace = true
 shadow-rs = { workspace = true, features = ["build", "metadata"] }
 sysinfo = { workspace = true, features = ["multithread"] }
--- a/rustfs/src/storage/sse.rs
+++ b/rustfs/src/storage/sse.rs
@@ -987,7 +987,7 @@ impl TestSseDekProvider {
            std::process::exit(1);
        }

-        Self { master_key: master_key }
+        Self { master_key }
    }

    // Simple encryption of DEK
@@ -1428,41 +1428,6 @@ pub fn generate_ssec_nonce(bucket: &str, key: &str) -> [u8; 12] {
    nonce
 }

-/// Apply SSE-C encryption to a reader
-///
-/// **DEPRECATED**: Use `apply_encryption()` instead for unified API
-pub fn apply_ssec_encryption<R>(reader: R, validated: &ValidatedSsecParams, bucket: &str, key: &str) -> Box<EncryptReader<R>>
-where
-    R: Reader + 'static,
-{
-    let nonce = generate_ssec_nonce(bucket, key);
-    Box::new(EncryptReader::new(reader, validated.key_bytes, nonce))
-}
-
-/// Apply SSE-C decryption to a reader
-///
-/// **DEPRECATED**: Use `apply_decryption()` instead for unified API
-pub fn apply_ssec_decryption<R>(reader: R, validated: &ValidatedSsecParams, bucket: &str, key: &str) -> Box<DecryptReader<R>>
-where
-    R: Reader + 'static,
-{
-    let nonce = generate_ssec_nonce(bucket, key);
-    Box::new(DecryptReader::new(reader, validated.key_bytes, nonce))
-}
-
-/// Store SSE-C metadata in object metadata
-///
-/// Stores the algorithm and key MD5 for later validation during GetObject.
-/// Note: The encryption key itself is NEVER stored.
-pub fn store_ssec_metadata(metadata: &mut HashMap<String, String>, validated: &ValidatedSsecParams, original_size: i64) {
-    metadata.insert("x-amz-server-side-encryption-customer-algorithm".to_string(), validated.algorithm.clone());
-    metadata.insert("x-amz-server-side-encryption-customer-key-md5".to_string(), validated.key_md5.clone());
-    metadata.insert(
-        "x-amz-server-side-encryption-customer-original-size".to_string(),
-        original_size.to_string(),
-    );
-}
-
 /// Verify SSE-C key matches the stored metadata
 ///
 /// Used during GetObject to ensure the client provided the correct key.