From c32f699105bf88388c7352b6c65c1f25d33fc2ef Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 22 Feb 2024 04:24:11 -0800
Subject: [PATCH] turn-off md5sum for SSE-KMS/SSE-C as optimization for
 multipart (#19106)

only enable md5sum if explicitly asked by the client, otherwise
its not necessary to compute md5sum when SSE-KMS/SSE-C is enabled.

this is continuation of #17958
---
 cmd/object-multipart-handlers.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/object-multipart-handlers.go b/cmd/object-multipart-handlers.go
index 0062bcbc7..d7fb86213 100644
--- a/cmd/object-multipart-handlers.go
+++ b/cmd/object-multipart-handlers.go
@@ -729,13 +729,20 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
 		sha256hex = ""
 	}
 
+	var forceMD5 []byte
+	// Optimization: If SSE-KMS and SSE-C did not request Content-Md5. Use uuid as etag. Optionally enable this also
+	// for server that is started with `--no-compat`.
+	if !etag.ContentMD5Requested(r.Header) && (crypto.S3KMS.IsEncrypted(mi.UserDefined) || crypto.SSEC.IsRequested(r.Header) || !globalServerCtxt.StrictS3Compat) {
+		forceMD5 = mustGetUUIDBytes()
+	}
+
 	hashReader, err := hash.NewReaderWithOpts(ctx, reader, hash.Options{
 		Size:       size,
 		MD5Hex:     md5hex,
 		SHA256Hex:  sha256hex,
 		ActualSize: actualSize,
 		DisableMD5: false,
-		ForceMD5:   nil,
+		ForceMD5:   forceMD5,
 	})
 	if err != nil {
 		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)