crypto: add support for KMS key versions

This commit adds support for KMS master key versions. Now, MinIO stores any key version information returned by the KMS as part of the object metadata. The key version identifies a particular master key within a master key ring. When encrypting/ generating a DEK, MinIO has to remember the key version - similar to the key name. When decrypting a DEK, MinIO sends the key version to the KMS such that the KMS can identify the exact key version that should be used to decrypt the object. Existing objects don't have a key version. Hence, this field will be empty. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2026-02-11 05:10:16 -05:00 · 2025-05-05 22:35:43 +02:00
42 changed files with 377 additions and 329 deletions
--- a/.github/workflows/go-fips.yml
+++ b/.github/workflows/go-fips.yml
@@ -0,0 +1,59 @@
+name: FIPS Build Test
+
+on:
+  pull_request:
+    branches:
+      - master
+
+# This ensures that previous jobs for the PR are canceled when the PR is
+# updated.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Go BoringCrypto ${{ matrix.go-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.24.x]
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Setup dockerfile for build test
+        run: |
+          GO_VERSION=$(go version | cut -d ' ' -f 3 | sed 's/go//')
+          echo Detected go version $GO_VERSION
+          cat > Dockerfile.fips.test <<EOF
+          FROM golang:${GO_VERSION}
+          COPY . /minio
+          WORKDIR /minio
+          ENV GOEXPERIMENT=boringcrypto
+          RUN make
+          EOF
+
+      - name: Build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: Dockerfile.fips.test
+          push: false
+          load: true
+          tags: minio/fips-test:latest
+
+      # This should fail if grep returns non-zero exit
+      - name: Test binary
+        run: |
+          docker run --rm minio/fips-test:latest ./minio --version
+          docker run --rm -i minio/fips-test:latest /bin/bash -c 'go tool nm ./minio | grep FIPS | grep -q FIPS'
--- a/README.fips.md
+++ b/README.fips.md
@@ -0,0 +1,7 @@
+# MinIO FIPS Builds
+
+MinIO creates FIPS builds using a patched version of the Go compiler (that uses BoringCrypto, from BoringSSL, which is [FIPS 140-2 validated](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2964.pdf)) published by the Golang Team [here](https://github.com/golang/go/tree/dev.boringcrypto/misc/boring).
+
+MinIO FIPS executables are available at <http://dl.min.io> - they are only published for `linux-amd64` architecture as binary files with the suffix `.fips`. We also publish corresponding container images to our official image repositories.
+
+We are not making any statements or representations about the suitability of this code or build in relation to the FIPS 140-2 standard. Interested users will have to evaluate for themselves whether this is useful for their own purposes.
--- a/README.md
+++ b/README.md
@@ -34,9 +34,7 @@ You can also connect using any S3-compatible tool, such as the MinIO Client `mc`
 [Test using MinIO Client `mc`](#test-using-minio-client-mc) for more information on using the `mc` commandline tool. For application developers,
 see <https://min.io/docs/minio/linux/developers/minio-drivers.html> to view MinIO SDKs for supported languages.

-> [!NOTE]
-> To deploy MinIO on with persistent storage, you must map local persistent directories from the host OS to the container using the `podman -v` option.
-> For example, `-v /mnt/data:/data` maps the host OS drive at `/mnt/data` to `/data` on the container.
+> NOTE: To deploy MinIO on with persistent storage, you must map local persistent directories from the host OS to the container using the `podman -v` option. For example, `-v /mnt/data:/data` maps the host OS drive at `/mnt/data` to `/data` on the container.

 ## macOS

@@ -53,8 +51,7 @@ brew install minio/stable/minio
 minio server /data
 ```

-> [!NOTE]
-> If you previously installed minio using `brew install minio` then it is recommended that you reinstall minio from `minio/stable/minio` official repo instead.
+> NOTE: If you previously installed minio using `brew install minio` then it is recommended that you reinstall minio from `minio/stable/minio` official repo instead.

 ```sh
 brew uninstall minio
@@ -101,8 +98,7 @@ The MinIO deployment starts using default root credentials `minioadmin:minioadmi

 You can also connect using any S3-compatible tool, such as the MinIO Client `mc` commandline tool. See [Test using MinIO Client `mc`](#test-using-minio-client-mc) for more information on using the `mc` commandline tool. For application developers, see <https://min.io/docs/minio/linux/developers/minio-drivers.html> to view MinIO SDKs for supported languages.

-> [!NOTE]
-> Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html#) for more complete documentation.
+> NOTE: Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html#) for more complete documentation.

 ## Microsoft Windows

@@ -122,8 +118,7 @@ The MinIO deployment starts using default root credentials `minioadmin:minioadmi

 You can also connect using any S3-compatible tool, such as the MinIO Client `mc` commandline tool. See [Test using MinIO Client `mc`](#test-using-minio-client-mc) for more information on using the `mc` commandline tool. For application developers, see <https://min.io/docs/minio/linux/developers/minio-drivers.html> to view MinIO SDKs for supported languages.

-> [!NOTE]
-> Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html#) for more complete documentation.
+> NOTE: Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html#) for more complete documentation.

 ## Install from Source

@@ -137,8 +132,7 @@ The MinIO deployment starts using default root credentials `minioadmin:minioadmi

 You can also connect using any S3-compatible tool, such as the MinIO Client `mc` commandline tool. See [Test using MinIO Client `mc`](#test-using-minio-client-mc) for more information on using the `mc` commandline tool. For application developers, see <https://min.io/docs/minio/linux/developers/minio-drivers.html> to view MinIO SDKs for supported languages.

-> [!NOTE]
-> Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html) for more complete documentation.
+> NOTE: Standalone MinIO servers are best suited for early development and evaluation. Certain features such as versioning, object locking, and bucket replication require distributed deploying MinIO with Erasure Coding. For extended development and production, deploy MinIO with Erasure Coding enabled - specifically, with a *minimum* of 4 drives per MinIO server. See [MinIO Erasure Code Overview](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html) for more complete documentation.

 MinIO strongly recommends *against* using compiled-from-source MinIO servers for production environments.

@@ -176,8 +170,7 @@ This command gets the active zone(s). Now, apply port rules to the relevant zone
 firewall-cmd --zone=public --add-port=9000/tcp --permanent
 ```

-> [!NOTE]
-> `permanent` makes sure the rules are persistent across firewall start, restart or reload. Finally reload the firewall for changes to take effect.
+Note that `permanent` makes sure the rules are persistent across firewall start, restart or reload. Finally reload the firewall for changes to take effect.

 ```sh
 firewall-cmd --reload
@@ -206,8 +199,7 @@ service iptables restart

 MinIO Server comes with an embedded web based object browser. Point your web browser to <http://127.0.0.1:9000> to ensure your server has started successfully.

-> [!NOTE]
-> MinIO runs console on random port by default, if you wish to choose a specific port use `--console-address` to pick a specific interface and port.
+> NOTE: MinIO runs console on random port by default, if you wish to choose a specific port use `--console-address` to pick a specific interface and port.

 ### Things to consider

@@ -229,8 +221,7 @@ For example, consider a MinIO deployment behind a proxy `https://minio.example.n

 Upgrades require zero downtime in MinIO, all upgrades are non-disruptive, all transactions on MinIO are atomic. So upgrading all the servers simultaneously is the recommended way to upgrade MinIO.

-> [!NOTE]
-> requires internet access to update directly from <https://dl.min.io>, optionally you can host any mirrors at <https://my-artifactory.example.com/minio/>
+> NOTE: requires internet access to update directly from <https://dl.min.io>, optionally you can host any mirrors at <https://my-artifactory.example.com/minio/>

 - For deployments that installed the MinIO server binary by hand, use [`mc admin update`](https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-update.html)

--- a/cmd/api-headers.go
+++ b/cmd/api-headers.go
@@ -23,7 +23,6 @@ import (
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
-	"mime"
 	"net/http"
 	"strconv"
 	"strings"
@@ -169,32 +168,6 @@ func setObjectHeaders(ctx context.Context, w http.ResponseWriter, objInfo Object
 			if !stringsHasPrefixFold(k, userMetadataPrefix) {
 				continue
 			}
-			// check the doc https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingMetadata.html
-			// For metadata values like "ö", "ÄMÄZÕÑ S3", and "öha, das sollte eigentlich
-			// funktionieren", tested against a real AWS S3 bucket, S3 may encode incorrectly. For
-			// example, "ö" was encoded as =?UTF-8?B?w4PCtg==?=, producing invalid UTF-8 instead
-			// of =?UTF-8?B?w7Y=?=. This mirrors errors like the ä½ in another string.
-			//
-			// S3 uses B-encoding (Base64) for non-ASCII-heavy metadata and Q-encoding
-			// (quoted-printable) for mostly ASCII strings. Long strings are split at word
-			// boundaries to fit RFC 2047’s 75-character limit, ensuring HTTP parser
-			// compatibility.
-			//
-			// However, this splitting increases header size and can introduce errors, unlike Go’s
-			// mime package in MinIO, which correctly encodes strings with fixed B/Q encodings,
-			// avoiding S3’s heuristic-driven issues.
-			//
-			// For MinIO developers, decode S3 metadata with mime.WordDecoder, validate outputs,
-			// report encoding bugs to AWS, and use ASCII-only metadata to ensure reliable S3 API
-			// compatibility.
-			if needsMimeEncoding(v) {
-				// see https://github.com/golang/go/blob/release-branch.go1.24/src/net/mail/message.go#L325
-				if strings.ContainsAny(v, "\"#$%&'(),.:;<>@[]^`{|}~") {
-					v = mime.BEncoding.Encode("UTF-8", v)
-				} else {
-					v = mime.QEncoding.Encode("UTF-8", v)
-				}
-			}
 			w.Header()[strings.ToLower(k)] = []string{v}
 			isSet = true
 			break
@@ -256,14 +229,3 @@ func setObjectHeaders(ctx context.Context, w http.ResponseWriter, objInfo Object

 	return nil
 }
-
-// needsEncoding reports whether s contains any bytes that need to be encoded.
-// see mime.needsEncoding
-func needsMimeEncoding(s string) bool {
-	for _, b := range s {
-		if (b < ' ' || b > '~') && b != '\t' {
-			return true
-		}
-	}
-	return false
-}
--- a/cmd/api-router.go
+++ b/cmd/api-router.go
@@ -387,11 +387,6 @@ func registerAPIRouter(router *mux.Router) {
 			HeadersRegexp(xhttp.AmzSnowballExtract, "true").
 			HandlerFunc(s3APIMiddleware(api.PutObjectExtractHandler, traceHdrsS3HFlag))

-		// AppendObject to be rejected
-		router.Methods(http.MethodPut).Path("/{object:.+}").
-			HeadersRegexp(xhttp.AmzWriteOffsetBytes, "").
-			HandlerFunc(s3APIMiddleware(errorResponseHandler))
-
 		// PutObject
 		router.Methods(http.MethodPut).Path("/{object:.+}").
 			HandlerFunc(s3APIMiddleware(api.PutObjectHandler, traceHdrsS3HFlag))
--- a/cmd/bucket-metadata.go
+++ b/cmd/bucket-metadata.go
@@ -38,6 +38,7 @@ import (
 	"github.com/minio/minio/internal/bucket/versioning"
 	"github.com/minio/minio/internal/crypto"
 	"github.com/minio/minio/internal/event"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/kms"
 	"github.com/minio/minio/internal/logger"
 	"github.com/minio/pkg/v3/policy"
@@ -554,8 +555,8 @@ func encryptBucketMetadata(ctx context.Context, bucket string, input []byte, kms
 	outbuf := bytes.NewBuffer(nil)
 	objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
 	sealedKey := objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, "")
-	crypto.S3.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey)
-	_, err = sio.Encrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20})
+	crypto.S3.CreateMetadata(metadata, key, sealedKey)
+	_, err = sio.Encrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20, CipherSuites: fips.DARECiphers()})
 	if err != nil {
 		return output, metabytes, err
 	}
@@ -589,6 +590,6 @@ func decryptBucketMetadata(input []byte, bucket string, meta map[string]string,
 	}

 	outbuf := bytes.NewBuffer(nil)
-	_, err = sio.Decrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20})
+	_, err = sio.Decrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20, CipherSuites: fips.DARECiphers()})
 	return outbuf.Bytes(), err
 }
--- a/cmd/data-scanner.go
+++ b/cmd/data-scanner.go
@@ -332,7 +332,7 @@ func scanDataFolder(ctx context.Context, disks []StorageAPI, drive *xlStorage, c
 	}

 	var skipHeal atomic.Bool
-	if !globalIsErasure || cache.Info.SkipHealing {
+	if globalIsErasure || cache.Info.SkipHealing {
 		skipHeal.Store(true)
 	}

--- a/cmd/encryption-v1.go
+++ b/cmd/encryption-v1.go
@@ -37,6 +37,7 @@ import (
 	"github.com/minio/kms-go/kes"
 	"github.com/minio/minio/internal/crypto"
 	"github.com/minio/minio/internal/etag"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/hash"
 	"github.com/minio/minio/internal/hash/sha256"
 	xhttp "github.com/minio/minio/internal/http"
@@ -292,7 +293,7 @@ func rotateKey(ctx context.Context, oldKey []byte, newKeyID string, newKey []byt
 			return err
 		}
 		sealedKey = objectKey.Seal(newKey.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, object)
-		crypto.S3.CreateMetadata(metadata, newKey.KeyID, newKey.Ciphertext, sealedKey)
+		crypto.S3.CreateMetadata(metadata, newKey, sealedKey)
 		return nil
 	case crypto.S3KMS:
 		if GlobalKMS == nil {
@@ -332,7 +333,7 @@ func rotateKey(ctx context.Context, oldKey []byte, newKeyID string, newKey []byt
 		}

 		sealedKey := objectKey.Seal(newKey.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3KMS.String(), bucket, object)
-		crypto.S3KMS.CreateMetadata(metadata, newKey.KeyID, newKey.Ciphertext, sealedKey, cryptoCtx)
+		crypto.S3KMS.CreateMetadata(metadata, newKey, sealedKey, cryptoCtx)
 		return nil
 	case crypto.SSEC:
 		sealedKey, err := crypto.SSEC.ParseMetadata(metadata)
@@ -375,7 +376,7 @@ func newEncryptMetadata(ctx context.Context, kind crypto.Type, keyID string, key

 		objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
 		sealedKey = objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, object)
-		crypto.S3.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey)
+		crypto.S3.CreateMetadata(metadata, key, sealedKey)
 		return objectKey, nil
 	case crypto.S3KMS:
 		if GlobalKMS == nil {
@@ -408,7 +409,7 @@ func newEncryptMetadata(ctx context.Context, kind crypto.Type, keyID string, key

 		objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
 		sealedKey = objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3KMS.String(), bucket, object)
-		crypto.S3KMS.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey, cryptoCtx)
+		crypto.S3KMS.CreateMetadata(metadata, key, sealedKey, cryptoCtx)
 		return objectKey, nil
 	case crypto.SSEC:
 		objectKey := crypto.GenerateKey(key, rand.Reader)
@@ -426,7 +427,7 @@ func newEncryptReader(ctx context.Context, content io.Reader, kind crypto.Type,
 		return nil, crypto.ObjectKey{}, err
 	}

-	reader, err := sio.EncryptReader(content, sio.Config{Key: objectEncryptionKey[:], MinVersion: sio.Version20})
+	reader, err := sio.EncryptReader(content, sio.Config{Key: objectEncryptionKey[:], MinVersion: sio.Version20, CipherSuites: fips.DARECiphers()})
 	if err != nil {
 		return nil, crypto.ObjectKey{}, crypto.ErrInvalidCustomerKey
 	}
@@ -569,6 +570,7 @@ func newDecryptReaderWithObjectKey(client io.Reader, objectEncryptionKey []byte,
 	reader, err := sio.DecryptReader(client, sio.Config{
 		Key:            objectEncryptionKey,
 		SequenceNumber: seqNumber,
+		CipherSuites:   fips.DARECiphers(),
 	})
 	if err != nil {
 		return nil, crypto.ErrInvalidCustomerKey
@@ -1060,7 +1062,7 @@ func metadataEncrypter(key crypto.ObjectKey) objectMetaEncryptFn {
 		var buffer bytes.Buffer
 		mac := hmac.New(sha256.New, key[:])
 		mac.Write([]byte(baseKey))
-		if _, err := sio.Encrypt(&buffer, bytes.NewReader(data), sio.Config{Key: mac.Sum(nil)}); err != nil {
+		if _, err := sio.Encrypt(&buffer, bytes.NewReader(data), sio.Config{Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()}); err != nil {
 			logger.CriticalIf(context.Background(), errors.New("unable to encrypt using object key"))
 		}
 		return buffer.Bytes()
@@ -1083,7 +1085,7 @@ func (o *ObjectInfo) metadataDecrypter(h http.Header) objectMetaDecryptFn {
 		}
 		mac := hmac.New(sha256.New, key)
 		mac.Write([]byte(baseKey))
-		return sio.DecryptBuffer(nil, input, sio.Config{Key: mac.Sum(nil)})
+		return sio.DecryptBuffer(nil, input, sio.Config{Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()})
 	}
 }

--- a/cmd/ftp-server.go
+++ b/cmd/ftp-server.go
@@ -75,7 +75,6 @@ func startFTPServer(args []string) {
 		portRange     string
 		tlsPrivateKey string
 		tlsPublicCert string
-		forceTLS      bool
 	)

 	var err error
@@ -104,11 +103,6 @@ func startFTPServer(args []string) {
 			tlsPrivateKey = tokens[1]
 		case "tls-public-cert":
 			tlsPublicCert = tokens[1]
-		case "force-tls":
-			forceTLS, err = strconv.ParseBool(tokens[1])
-			if err != nil {
-				logger.Fatal(fmt.Errorf("invalid arguments passed to --ftp=%s (%v)", arg, err), "unable to start FTP server")
-			}
 		}
 	}

@@ -135,10 +129,6 @@ func startFTPServer(args []string) {

 	tls := tlsPrivateKey != "" && tlsPublicCert != ""

-	if forceTLS && !tls {
-		logger.Fatal(fmt.Errorf("invalid TLS arguments provided. force-tls, but missing private key --ftp=\"tls-private-key=path/to/private.key\""), "unable to start FTP server")
-	}
-
 	name := "MinIO FTP Server"
 	if tls {
 		name = "MinIO FTP(Secure) Server"
@@ -157,7 +147,6 @@ func startFTPServer(args []string) {
 		Logger:         &minioLogger{},
 		PassivePorts:   portRange,
 		PublicIP:       publicIP,
-		ForceTLS:       forceTLS,
 	})
 	if err != nil {
 		logger.Fatal(err, "unable to initialize FTP server")
--- a/cmd/grid.go
+++ b/cmd/grid.go
@@ -22,7 +22,7 @@ import (
 	"crypto/tls"
 	"sync/atomic"

-	"github.com/minio/minio/internal/crypto"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/grid"
 	xhttp "github.com/minio/minio/internal/http"
 	"github.com/minio/minio/internal/rest"
@@ -52,8 +52,8 @@ func initGlobalGrid(ctx context.Context, eps EndpointServerPools) error {
 			newCachedAuthToken(),
 			&tls.Config{
 				RootCAs:          globalRootCAs,
-				CipherSuites:     crypto.TLSCiphers(),
-				CurvePreferences: crypto.TLSCurveIDs(),
+				CipherSuites:     fips.TLSCiphers(),
+				CurvePreferences: fips.TLSCurveIDs(),
 			}),
 		Local:        local,
 		Hosts:        hosts,
@@ -85,8 +85,8 @@ func initGlobalLockGrid(ctx context.Context, eps EndpointServerPools) error {
 			newCachedAuthToken(),
 			&tls.Config{
 				RootCAs:          globalRootCAs,
-				CipherSuites:     crypto.TLSCiphers(),
-				CurvePreferences: crypto.TLSCurveIDs(),
+				CipherSuites:     fips.TLSCiphers(),
+				CurvePreferences: fips.TLSCurveIDs(),
 			}, grid.RouteLockPath),
 		Local:        local,
 		Hosts:        hosts,
--- a/cmd/handler-utils.go
+++ b/cmd/handler-utils.go
@@ -25,7 +25,6 @@ import (
 	"net/textproto"
 	"regexp"
 	"strings"
-	"sync/atomic"

 	"github.com/minio/madmin-go/v3"
 	"github.com/minio/minio/internal/auth"
@@ -428,31 +427,9 @@ func errorResponseHandler(w http.ResponseWriter, r *http.Request) {
 			HTTPStatusCode: http.StatusUpgradeRequired,
 		}, r.URL)
 	default:
-		defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
-		defer atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
-
-		// When we are not running in S3 Express mode, generate appropriate error
-		// for x-amz-write-offset HEADER specified.
-		if _, ok := r.Header[xhttp.AmzWriteOffsetBytes]; ok {
-			tc, ok := r.Context().Value(mcontext.ContextTraceKey).(*mcontext.TraceCtxt)
-			if ok {
-				tc.FuncName = "s3.AppendObject"
-				tc.ResponseRecorder.LogErrBody = true
-			}
-
-			writeErrorResponse(r.Context(), w, getAPIError(ErrNotImplemented), r.URL)
-			return
-		}
-
-		tc, ok := r.Context().Value(mcontext.ContextTraceKey).(*mcontext.TraceCtxt)
-		if ok {
-			tc.FuncName = "s3.ValidRequest"
-			tc.ResponseRecorder.LogErrBody = true
-		}
-
 		writeErrorResponse(r.Context(), w, APIError{
 			Code: "BadRequest",
-			Description: fmt.Sprintf("An unsupported API call for method: %s at '%s'",
+			Description: fmt.Sprintf("An error occurred when parsing the HTTP request %s at '%s'",
 				r.Method, r.URL.Path),
 			HTTPStatusCode: http.StatusBadRequest,
 		}, r.URL)
--- a/cmd/kms-handlers.go
+++ b/cmd/kms-handlers.go
@@ -280,6 +280,7 @@ func (a kmsAPIHandlers) KMSKeyStatusHandler(w http.ResponseWriter, r *http.Reque
 	// 2. Verify that we can indeed decrypt the (encrypted) key
 	decryptedKey, err := GlobalKMS.Decrypt(ctx, &kms.DecryptRequest{
 		Name:           key.KeyID,
+		Version:        key.Version,
 		Ciphertext:     key.Ciphertext,
 		AssociatedData: kmsContext,
 	})
--- a/cmd/object-multipart-handlers.go
+++ b/cmd/object-multipart-handlers.go
@@ -42,6 +42,7 @@ import (
 	"github.com/minio/minio/internal/crypto"
 	"github.com/minio/minio/internal/etag"
 	"github.com/minio/minio/internal/event"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/handlers"
 	"github.com/minio/minio/internal/hash"
 	"github.com/minio/minio/internal/hash/sha256"
@@ -526,8 +527,9 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt

 		partEncryptionKey := objectEncryptionKey.DerivePartKey(uint32(partID))
 		encReader, err := sio.EncryptReader(reader, sio.Config{
-			Key:   partEncryptionKey[:],
-			Nonce: &nonce,
+			Key:          partEncryptionKey[:],
+			CipherSuites: fips.DARECiphers(),
+			Nonce:        &nonce,
 		})
 		if err != nil {
 			writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
@@ -823,8 +825,9 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
 			copy(nonce[:], tmp[:12])

 			reader, err = sio.EncryptReader(in, sio.Config{
-				Key:   partEncryptionKey[:],
-				Nonce: &nonce,
+				Key:          partEncryptionKey[:],
+				CipherSuites: fips.DARECiphers(),
+				Nonce:        &nonce,
 			})
 			if err != nil {
 				writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
--- a/cmd/update.go
+++ b/cmd/update.go
@@ -50,13 +50,8 @@ const (
 	updateTimeout     = 10 * time.Second
 )

-var (
-	// Newer official download info URLs appear earlier below.
-	minioReleaseInfoURL = MinioReleaseURL + "minio.sha256sum"
-
-	// For windows our files have .exe additionally.
-	minioReleaseWindowsInfoURL = MinioReleaseURL + "minio.exe.sha256sum"
-)
+// For windows our files have .exe additionally.
+var minioReleaseWindowsInfoURL = MinioReleaseURL + "minio.exe.sha256sum"

 // minioVersionToReleaseTime - parses a standard official release
 // MinIO version string.
--- a/cmd/update_fips.go
+++ b/cmd/update_fips.go
@@ -0,0 +1,24 @@
+//go:build fips
+// +build fips
+
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cmd
+
+// Newer official download info URLs appear earlier below.
+var minioReleaseInfoURL = MinioReleaseURL + "minio.fips.sha256sum"
--- a/cmd/update_nofips.go
+++ b/cmd/update_nofips.go
@@ -0,0 +1,24 @@
+//go:build !fips
+// +build !fips
+
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cmd
+
+// Newer official download info URLs appear earlier below.
+var minioReleaseInfoURL = MinioReleaseURL + "minio.sha256sum"
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -52,7 +52,7 @@ import (
 	"github.com/minio/minio/internal/config/api"
 	xtls "github.com/minio/minio/internal/config/identity/tls"
 	"github.com/minio/minio/internal/config/storageclass"
-	"github.com/minio/minio/internal/crypto"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/handlers"
 	"github.com/minio/minio/internal/hash"
 	xhttp "github.com/minio/minio/internal/http"
@@ -612,8 +612,8 @@ func NewInternodeHTTPTransport(maxIdleConnsPerHost int) func() http.RoundTripper
 		LookupHost:       globalDNSCache.LookupHost,
 		DialTimeout:      rest.DefaultTimeout,
 		RootCAs:          globalRootCAs,
-		CipherSuites:     crypto.TLSCiphers(),
-		CurvePreferences: crypto.TLSCurveIDs(),
+		CipherSuites:     fips.TLSCiphers(),
+		CurvePreferences: fips.TLSCurveIDs(),
 		EnableHTTP2:      false,
 		TCPOptions:       globalTCPOptions,
 	}.NewInternodeHTTPTransport(maxIdleConnsPerHost)
@@ -626,8 +626,8 @@ func NewHTTPTransportWithClientCerts(clientCert, clientKey string) http.RoundTri
 		LookupHost:       globalDNSCache.LookupHost,
 		DialTimeout:      defaultDialTimeout,
 		RootCAs:          globalRootCAs,
-		CipherSuites:     crypto.TLSCiphersBackwardCompatible(),
-		CurvePreferences: crypto.TLSCurveIDs(),
+		CipherSuites:     fips.TLSCiphersBackwardCompatible(),
+		CurvePreferences: fips.TLSCurveIDs(),
 		TCPOptions:       globalTCPOptions,
 		EnableHTTP2:      false,
 	}
@@ -665,8 +665,8 @@ func NewHTTPTransportWithTimeout(timeout time.Duration) *http.Transport {
 		DialTimeout:      defaultDialTimeout,
 		RootCAs:          globalRootCAs,
 		TCPOptions:       globalTCPOptions,
-		CipherSuites:     crypto.TLSCiphersBackwardCompatible(),
-		CurvePreferences: crypto.TLSCurveIDs(),
+		CipherSuites:     fips.TLSCiphersBackwardCompatible(),
+		CurvePreferences: fips.TLSCurveIDs(),
 		EnableHTTP2:      false,
 	}.NewHTTPTransportWithTimeout(timeout)
 }
@@ -677,8 +677,8 @@ func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
 	return xhttp.ConnSettings{
 		LookupHost:       globalDNSCache.LookupHost,
 		RootCAs:          globalRootCAs,
-		CipherSuites:     crypto.TLSCiphersBackwardCompatible(),
-		CurvePreferences: crypto.TLSCurveIDs(),
+		CipherSuites:     fips.TLSCiphersBackwardCompatible(),
+		CurvePreferences: fips.TLSCurveIDs(),
 		TCPOptions:       globalTCPOptions,
 		EnableHTTP2:      false,
 	}.NewRemoteTargetHTTPTransport(insecure)
@@ -986,11 +986,11 @@ func newTLSConfig(getCert certs.GetCertificateFunc) *tls.Config {
 	}

 	if secureCiphers := env.Get(api.EnvAPISecureCiphers, config.EnableOn) == config.EnableOn; secureCiphers {
-		tlsConfig.CipherSuites = crypto.TLSCiphers()
+		tlsConfig.CipherSuites = fips.TLSCiphers()
 	} else {
-		tlsConfig.CipherSuites = crypto.TLSCiphersBackwardCompatible()
+		tlsConfig.CipherSuites = fips.TLSCiphersBackwardCompatible()
 	}
-	tlsConfig.CurvePreferences = crypto.TLSCurveIDs()
+	tlsConfig.CurvePreferences = fips.TLSCurveIDs()
 	return tlsConfig
 }

--- a/go.mod
+++ b/go.mod
@@ -51,12 +51,12 @@ require (
 	github.com/lithammer/shortuuid/v4 v4.2.0
 	github.com/miekg/dns v1.1.65
 	github.com/minio/cli v1.24.2
-	github.com/minio/console v1.7.7-0.20250516212319-220a55500cc3
+	github.com/minio/console v1.7.6
 	github.com/minio/csvparser v1.0.0
 	github.com/minio/dnscache v0.1.1
 	github.com/minio/dperf v0.6.3
 	github.com/minio/highwayhash v1.0.3
-	github.com/minio/kms-go/kes v0.3.1
+	github.com/minio/kms-go/kes v0.3.2-0.20250505160844-240efef6bb74
 	github.com/minio/kms-go/kms v0.5.1-0.20250225090116-4e64ce8d0f35
 	github.com/minio/madmin-go/v3 v3.0.109
 	github.com/minio/minio-go/v7 v7.0.91
@@ -212,7 +212,7 @@ require (
 	github.com/minio/colorjson v1.0.8 // indirect
 	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/filepath v1.0.0 // indirect
-	github.com/minio/mc v0.0.0-20250313080218-cf909e1063a9 // indirect
+	github.com/minio/mc v0.0.0-20250312172924-c1d5d4cbb4ca // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/websocket v1.6.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -421,8 +421,8 @@ github.com/minio/cli v1.24.2 h1:J+fCUh9mhPLjN3Lj/YhklXvxj8mnyE/D6FpFduXJ2jg=
 github.com/minio/cli v1.24.2/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY=
 github.com/minio/colorjson v1.0.8 h1:AS6gEQ1dTRYHmC4xuoodPDRILHP/9Wz5wYUGDQfPLpg=
 github.com/minio/colorjson v1.0.8/go.mod h1:wrs39G/4kqNlGjwqHvPlAnXuc2tlPszo6JKdSBCLN8w=
-github.com/minio/console v1.7.7-0.20250516212319-220a55500cc3 h1:8lBrtntYnTIkiyDkfgPr1/HgpDeGHFpACnG9OVdZFW0=
-github.com/minio/console v1.7.7-0.20250516212319-220a55500cc3/go.mod h1:Jxp/p3RZctdaavbfRrIirQLMPlZ4IFEjInE9lzDtFjI=
+github.com/minio/console v1.7.6 h1:E0jq9nYMeW7z4iJtJ6vDt2hk4Jin0zcyAzRcTlaUO44=
+github.com/minio/console v1.7.6/go.mod h1:gM4B3/7sqP17owJaoThmeDkfaDEQNZ1mjGU5DSwRReo=
 github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/csvparser v1.0.0 h1:xJEHcYK8ZAjeW4hNV9Zu30u+/2o4UyPnYgyjWp8b7ZU=
@@ -436,14 +436,14 @@ github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEX
 github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
 github.com/minio/highwayhash v1.0.3 h1:kbnuUMoHYyVl7szWjSxJnxw11k2U709jqFPPmIUyD6Q=
 github.com/minio/highwayhash v1.0.3/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0rxU3ik1LQ=
-github.com/minio/kms-go/kes v0.3.1 h1:K3sPFAvFbJx33XlCTUBnQo8JRmSZyDvT6T2/MQ2iC3A=
-github.com/minio/kms-go/kes v0.3.1/go.mod h1:Q9Ct0KUAuN9dH0hSVa0eva45Jg99cahbZpPxeqR9rOQ=
+github.com/minio/kms-go/kes v0.3.2-0.20250505160844-240efef6bb74 h1:iUY0/rQ66zmowoB94yGBTk3I2ljOoD5jSIKwkhxkwe4=
+github.com/minio/kms-go/kes v0.3.2-0.20250505160844-240efef6bb74/go.mod h1:Q9Ct0KUAuN9dH0hSVa0eva45Jg99cahbZpPxeqR9rOQ=
 github.com/minio/kms-go/kms v0.5.1-0.20250225090116-4e64ce8d0f35 h1:ISNz42SPD+heeHhpl9bwMRRusPTCsbYKd1YoED265E0=
 github.com/minio/kms-go/kms v0.5.1-0.20250225090116-4e64ce8d0f35/go.mod h1:JFQu2srrnWxMn6KcwS5347oTwNKW7nkewgBlrodjF9k=
 github.com/minio/madmin-go/v3 v3.0.109 h1:hRHlJ6yaIB3tlIj5mz9L9mGcyLC37S9qL1WtFrRtyQ0=
 github.com/minio/madmin-go/v3 v3.0.109/go.mod h1:WOe2kYmYl1OIlY2DSRHVQ8j1v4OItARQ6jGyQqcCud8=
-github.com/minio/mc v0.0.0-20250313080218-cf909e1063a9 h1:6RyInOHKL6jz8zxcAar/h6rg/aJCxDP/uFuSNvYSuMI=
-github.com/minio/mc v0.0.0-20250313080218-cf909e1063a9/go.mod h1:h5UQZ+5Qfq6XV81E4iZSgStPZ6Hy+gMuHMkLkjq4Gys=
+github.com/minio/mc v0.0.0-20250312172924-c1d5d4cbb4ca h1:Zeu+Gbsw/yoqJofAFaU3zbIVr51j9LULUrQqKFLQnGA=
+github.com/minio/mc v0.0.0-20250312172924-c1d5d4cbb4ca/go.mod h1:h5UQZ+5Qfq6XV81E4iZSgStPZ6Hy+gMuHMkLkjq4Gys=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v6 v6.0.46/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg=
--- a/internal/config/crypto.go
+++ b/internal/config/crypto.go
@@ -27,6 +27,7 @@ import (
 	"io"

 	jsoniter "github.com/json-iterator/go"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/kms"
 	"github.com/secure-io/sio-go"
 	"github.com/secure-io/sio-go/sioutil"
@@ -63,7 +64,7 @@ func DecryptBytes(k *kms.KMS, ciphertext []byte, context kms.Context) ([]byte, e
 // ciphertext.
 func Encrypt(k *kms.KMS, plaintext io.Reader, ctx kms.Context) (io.Reader, error) {
 	algorithm := sio.AES_256_GCM
-	if !sioutil.NativeAES() {
+	if !fips.Enabled && !sioutil.NativeAES() {
 		algorithm = sio.ChaCha20Poly1305
 	}

@@ -91,6 +92,7 @@ func Encrypt(k *kms.KMS, plaintext io.Reader, ctx kms.Context) (io.Reader, error
 	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	metadata, err := json.Marshal(encryptedObject{
 		KeyID:     key.KeyID,
+		Version:   key.Version,
 		KMSKey:    key.Ciphertext,
 		Algorithm: algorithm,
 		Nonce:     nonce,
@@ -144,9 +146,13 @@ func Decrypt(k *kms.KMS, ciphertext io.Reader, associatedData kms.Context) (io.R
 	if err := json.Unmarshal(metadataBuffer, &metadata); err != nil {
 		return nil, err
 	}
+	if fips.Enabled && metadata.Algorithm != sio.AES_256_GCM {
+		return nil, fmt.Errorf("config: unsupported encryption algorithm: %q is not supported in FIPS mode", metadata.Algorithm)
+	}

 	key, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
 		Name:           metadata.KeyID,
+		Version:        metadata.Version,
 		Ciphertext:     metadata.KMSKey,
 		AssociatedData: associatedData,
 	})
@@ -164,8 +170,9 @@ func Decrypt(k *kms.KMS, ciphertext io.Reader, associatedData kms.Context) (io.R
 }

 type encryptedObject struct {
-	KeyID  string `json:"keyid"`
-	KMSKey []byte `json:"kmskey"`
+	KeyID   string `json:"keyid"`
+	Version string `json:"version"`
+	KMSKey  []byte `json:"kmskey"`

 	Algorithm sio.Algorithm `json:"algorithm"`
 	Nonce     []byte        `json:"nonce"`
--- a/internal/config/etcd/etcd.go
+++ b/internal/config/etcd/etcd.go
@@ -24,7 +24,7 @@ import (
 	"time"

 	"github.com/minio/minio/internal/config"
-	"github.com/minio/minio/internal/crypto"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/pkg/v3/env"
 	xnet "github.com/minio/pkg/v3/net"
 	clientv3 "go.etcd.io/etcd/client/v3"
@@ -165,8 +165,8 @@ func LookupConfig(kvs config.KVS, rootCAs *x509.CertPool) (Config, error) {
 			MinVersion:               tls.VersionTLS12,
 			NextProtos:               []string{"http/1.1", "h2"},
 			ClientSessionCache:       tls.NewLRUClientSessionCache(64),
-			CipherSuites:             crypto.TLSCiphersBackwardCompatible(),
-			CurvePreferences:         crypto.TLSCurveIDs(),
+			CipherSuites:             fips.TLSCiphersBackwardCompatible(),
+			CurvePreferences:         fips.TLSCurveIDs(),
 		}
 		// This is only to support client side certificate authentication
 		// https://coreos.com/etcd/docs/latest/op-guide/security.html
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@@ -26,7 +26,7 @@ import (

 	"github.com/minio/madmin-go/v3"
 	"github.com/minio/minio/internal/config"
-	"github.com/minio/minio/internal/crypto"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/pkg/v3/ldap"
 )

@@ -197,7 +197,7 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
 			MinVersion:         tls.VersionTLS12,
 			NextProtos:         []string{"h2", "http/1.1"},
 			ClientSessionCache: tls.NewLRUClientSessionCache(100),
-			CipherSuites:       crypto.TLSCiphersBackwardCompatible(), // Contains RSA key exchange
+			CipherSuites:       fips.TLSCiphersBackwardCompatible(), // Contains RSA key exchange
 			RootCAs:            rootCAs,
 		},
 	}
--- a/internal/config/identity/openid/ecdsa-sha3_contrib.go
+++ b/internal/config/identity/openid/ecdsa-sha3_contrib.go
@@ -11,6 +11,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+//go:build !fips
+// +build !fips
+
 package openid

 import (
@@ -19,7 +22,7 @@ import (
 	"github.com/golang-jwt/jwt/v4"

 	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
-	_ "golang.org/x/crypto/sha3"
+	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
 )

 // Specific instances for EC256 and company
--- a/internal/config/identity/openid/rsa-sha3_contrib.go
+++ b/internal/config/identity/openid/rsa-sha3_contrib.go
@@ -12,6 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+//go:build !fips
+// +build !fips
+
 package openid

 import (
@@ -20,7 +23,7 @@ import (
 	"github.com/golang-jwt/jwt/v4"

 	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
-	_ "golang.org/x/crypto/sha3"
+	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
 )

 // Specific instances for RS256 and company
--- a/internal/crypto/key.go
+++ b/internal/crypto/key.go
@@ -27,6 +27,7 @@ import (
 	"io"
 	"path"

+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/hash/sha256"
 	"github.com/minio/minio/internal/logger"
 	"github.com/minio/sio"
@@ -97,7 +98,7 @@ func (key ObjectKey) Seal(extKey []byte, iv [32]byte, domain, bucket, object str
 	mac.Write([]byte(SealAlgorithm))
 	mac.Write([]byte(path.Join(bucket, object))) // use path.Join for canonical 'bucket/object'
 	mac.Sum(sealingKey[:0])
-	if n, err := sio.Encrypt(&encryptedKey, bytes.NewReader(key[:]), sio.Config{Key: sealingKey[:]}); n != 64 || err != nil {
+	if n, err := sio.Encrypt(&encryptedKey, bytes.NewReader(key[:]), sio.Config{Key: sealingKey[:], CipherSuites: fips.DARECiphers()}); n != 64 || err != nil {
 		logger.CriticalIf(context.Background(), errors.New("Unable to generate sealed key"))
 	}
 	sealedKey := SealedKey{
@@ -122,12 +123,12 @@ func (key *ObjectKey) Unseal(extKey []byte, sealedKey SealedKey, domain, bucket,
 		mac.Write([]byte(domain))
 		mac.Write([]byte(SealAlgorithm))
 		mac.Write([]byte(path.Join(bucket, object))) // use path.Join for canonical 'bucket/object'
-		unsealConfig = sio.Config{MinVersion: sio.Version20, Key: mac.Sum(nil)}
+		unsealConfig = sio.Config{MinVersion: sio.Version20, Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()}
 	case InsecureSealAlgorithm:
 		sha := sha256.New()
 		sha.Write(extKey)
 		sha.Write(sealedKey.IV[:])
-		unsealConfig = sio.Config{MinVersion: sio.Version10, Key: sha.Sum(nil)}
+		unsealConfig = sio.Config{MinVersion: sio.Version10, Key: sha.Sum(nil), CipherSuites: fips.DARECiphers()}
 	}

 	if out, err := sio.DecryptBuffer(key[:0], sealedKey.Key[:], unsealConfig); len(out) != 32 || err != nil {
@@ -158,7 +159,7 @@ func (key ObjectKey) SealETag(etag []byte) []byte {
 	var buffer bytes.Buffer
 	mac := hmac.New(sha256.New, key[:])
 	mac.Write([]byte("SSE-etag"))
-	if _, err := sio.Encrypt(&buffer, bytes.NewReader(etag), sio.Config{Key: mac.Sum(nil)}); err != nil {
+	if _, err := sio.Encrypt(&buffer, bytes.NewReader(etag), sio.Config{Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()}); err != nil {
 		logger.CriticalIf(context.Background(), errors.New("Unable to encrypt ETag using object key"))
 	}
 	return buffer.Bytes()
@@ -174,5 +175,5 @@ func (key ObjectKey) UnsealETag(etag []byte) ([]byte, error) {
 	}
 	mac := hmac.New(sha256.New, key[:])
 	mac.Write([]byte("SSE-etag"))
-	return sio.DecryptBuffer(make([]byte, 0, len(etag)), etag, sio.Config{Key: mac.Sum(nil)})
+	return sio.DecryptBuffer(make([]byte, 0, len(etag)), etag, sio.Config{Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()})
 }
--- a/internal/crypto/metadata.go
+++ b/internal/crypto/metadata.go
@@ -48,6 +48,12 @@ const (
 	// the KMS.
 	MetaDataEncryptionKey = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key"

+	// MetaKeyVersion is the version of the KMS master key used to generate/encrypt
+	// the data encryption key (DEK). When a MinKMS master key is "rotated", it
+	// adds another key version. MinIO has to remember which key version has been
+	// used to encrypt an object.
+	MetaKeyVersion = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Version"
+
 	// MetaSsecCRC is the encrypted checksum of the SSE-C encrypted object.
 	MetaSsecCRC = "X-Minio-Replication-Ssec-Crc"

@@ -108,6 +114,7 @@ func RemoveInternalEntries(metadata map[string]string) {
 	delete(metadata, MetaSealedKeyS3)
 	delete(metadata, MetaSealedKeyKMS)
 	delete(metadata, MetaKeyID)
+	delete(metadata, MetaKeyVersion)
 	delete(metadata, MetaDataEncryptionKey)
 	delete(metadata, MetaSsecCRC)
 }
@@ -150,6 +157,9 @@ func IsEncrypted(metadata map[string]string) (Type, bool) {
 	if _, ok := metadata[MetaKeyID]; ok {
 		return nil, true
 	}
+	if _, ok := metadata[MetaKeyVersion]; ok {
+		return nil, true
+	}
 	if _, ok := metadata[MetaDataEncryptionKey]; ok {
 		return nil, true
 	}
--- a/internal/crypto/metadata_test.go
+++ b/internal/crypto/metadata_test.go
@@ -23,6 +23,7 @@ import (
 	"encoding/hex"
 	"testing"

+	"github.com/minio/minio/internal/kms"
 	"github.com/minio/minio/internal/logger"
 )

@@ -306,7 +307,7 @@ var s3CreateMetadataTests = []struct {
 	SealedDataKey []byte
 	SealedKey     SealedKey
 }{
-	{KeyID: "", SealedDataKey: nil, SealedKey: SealedKey{Algorithm: SealAlgorithm}},
+	{KeyID: "foo", SealedDataKey: make([]byte, 32), SealedKey: SealedKey{Algorithm: SealAlgorithm}},
 	{KeyID: "my-minio-key", SealedDataKey: make([]byte, 48), SealedKey: SealedKey{Algorithm: SealAlgorithm}},
 	{KeyID: "cafebabe", SealedDataKey: make([]byte, 48), SealedKey: SealedKey{Algorithm: SealAlgorithm}},
 	{KeyID: "deadbeef", SealedDataKey: make([]byte, 32), SealedKey: SealedKey{IV: [32]byte{0xf7}, Key: [64]byte{0xea}, Algorithm: SealAlgorithm}},
@@ -316,7 +317,7 @@ func TestS3CreateMetadata(t *testing.T) {
 	defer func(l bool) { logger.DisableLog = l }(logger.DisableLog)
 	logger.DisableLog = true
 	for i, test := range s3CreateMetadataTests {
-		metadata := S3.CreateMetadata(nil, test.KeyID, test.SealedDataKey, test.SealedKey)
+		metadata := S3.CreateMetadata(nil, kms.DEK{KeyID: test.KeyID, Ciphertext: test.SealedDataKey}, test.SealedKey)
 		keyID, kmsKey, sealedKey, err := S3.ParseMetadata(metadata)
 		if err != nil {
 			t.Errorf("Test %d: failed to parse metadata: %v", i, err)
@@ -344,7 +345,7 @@ func TestS3CreateMetadata(t *testing.T) {
 			t.Errorf("Expected '%s' panic for invalid seal algorithm but got '%s'", logger.ErrCritical, err)
 		}
 	}()
-	_ = S3.CreateMetadata(nil, "", []byte{}, SealedKey{Algorithm: InsecureSealAlgorithm})
+	_ = S3.CreateMetadata(nil, kms.DEK{}, SealedKey{Algorithm: InsecureSealAlgorithm})
 }

 var ssecCreateMetadataTests = []struct {
--- a/internal/crypto/sse-kms.go
+++ b/internal/crypto/sse-kms.go
@@ -136,20 +136,15 @@ func (s3 ssekms) UnsealObjectKey(k *kms.KMS, metadata map[string]string, bucket,
 // the modified metadata. If the keyID and the kmsKey is not empty it encodes
 // both into the metadata as well. It allocates a new metadata map if metadata
 // is nil.
-func (ssekms) CreateMetadata(metadata map[string]string, keyID string, kmsKey []byte, sealedKey SealedKey, ctx kms.Context) map[string]string {
+func (ssekms) CreateMetadata(metadata map[string]string, dek kms.DEK, sealedKey SealedKey, ctx kms.Context) map[string]string {
 	if sealedKey.Algorithm != SealAlgorithm {
 		logger.CriticalIf(context.Background(), Errorf("The seal algorithm '%s' is invalid for SSE-S3", sealedKey.Algorithm))
 	}
-
-	// There are two possibilities:
-	// - We use a KMS -> There must be non-empty key ID and a KMS data key.
-	// - We use a K/V -> There must be no key ID and no KMS data key.
-	// Otherwise, the caller has passed an invalid argument combination.
-	if keyID == "" && len(kmsKey) != 0 {
-		logger.CriticalIf(context.Background(), errors.New("The key ID must not be empty if a KMS data key is present"))
+	if dek.KeyID == "" {
+		logger.CriticalIf(context.Background(), errors.New("The key ID must not be empty"))
 	}
-	if keyID != "" && len(kmsKey) == 0 {
-		logger.CriticalIf(context.Background(), errors.New("The KMS data key must not be empty if a key ID is present"))
+	if len(dek.Ciphertext) == 0 {
+		logger.CriticalIf(context.Background(), errors.New("The DEK must not be empty"))
 	}

 	if metadata == nil {
@@ -159,13 +154,18 @@ func (ssekms) CreateMetadata(metadata map[string]string, keyID string, kmsKey []
 	metadata[MetaAlgorithm] = sealedKey.Algorithm
 	metadata[MetaIV] = base64.StdEncoding.EncodeToString(sealedKey.IV[:])
 	metadata[MetaSealedKeyKMS] = base64.StdEncoding.EncodeToString(sealedKey.Key[:])
+	metadata[MetaKeyID] = dek.KeyID
+	metadata[MetaDataEncryptionKey] = base64.StdEncoding.EncodeToString(dek.Ciphertext)
+
 	if len(ctx) > 0 {
-		b, _ := ctx.MarshalText()
+		b, err := ctx.MarshalText()
+		if err != nil {
+			logger.CriticalIf(context.Background(), Errorf("crypto: failed to marshal KMS context: %v", err))
+		}
 		metadata[MetaContext] = base64.StdEncoding.EncodeToString(b)
 	}
-	if len(kmsKey) > 0 && keyID != "" { // We use a KMS -> Store key ID and sealed KMS data key.
-		metadata[MetaKeyID] = keyID
-		metadata[MetaDataEncryptionKey] = base64.StdEncoding.EncodeToString(kmsKey)
+	if dek.Version != "" {
+		metadata[MetaKeyVersion] = dek.Version
 	}
 	return metadata
 }
--- a/internal/crypto/sse-s3.go
+++ b/internal/crypto/sse-s3.go
@@ -119,20 +119,15 @@ func (s3 sses3) UnsealObjectKeys(ctx context.Context, k *kms.KMS, metadata []map
 // the modified metadata. If the keyID and the kmsKey is not empty it encodes
 // both into the metadata as well. It allocates a new metadata map if metadata
 // is nil.
-func (sses3) CreateMetadata(metadata map[string]string, keyID string, kmsKey []byte, sealedKey SealedKey) map[string]string {
+func (sses3) CreateMetadata(metadata map[string]string, dek kms.DEK, sealedKey SealedKey) map[string]string {
 	if sealedKey.Algorithm != SealAlgorithm {
 		logger.CriticalIf(context.Background(), Errorf("The seal algorithm '%s' is invalid for SSE-S3", sealedKey.Algorithm))
 	}
-
-	// There are two possibilities:
-	// - We use a KMS -> There must be non-empty key ID and a KMS data key.
-	// - We use a K/V -> There must be no key ID and no KMS data key.
-	// Otherwise, the caller has passed an invalid argument combination.
-	if keyID == "" && len(kmsKey) != 0 {
-		logger.CriticalIf(context.Background(), errors.New("The key ID must not be empty if a KMS data key is present"))
+	if dek.KeyID == "" {
+		logger.CriticalIf(context.Background(), errors.New("The key ID must not be empty"))
 	}
-	if keyID != "" && len(kmsKey) == 0 {
-		logger.CriticalIf(context.Background(), errors.New("The KMS data key must not be empty if a key ID is present"))
+	if len(dek.Ciphertext) == 0 {
+		logger.CriticalIf(context.Background(), errors.New("The DEK must not be empty"))
 	}

 	if metadata == nil {
@@ -142,9 +137,10 @@ func (sses3) CreateMetadata(metadata map[string]string, keyID string, kmsKey []b
 	metadata[MetaAlgorithm] = sealedKey.Algorithm
 	metadata[MetaIV] = base64.StdEncoding.EncodeToString(sealedKey.IV[:])
 	metadata[MetaSealedKeyS3] = base64.StdEncoding.EncodeToString(sealedKey.Key[:])
-	if len(kmsKey) > 0 && keyID != "" { // We use a KMS -> Store key ID and sealed KMS data key.
-		metadata[MetaKeyID] = keyID
-		metadata[MetaDataEncryptionKey] = base64.StdEncoding.EncodeToString(kmsKey)
+	metadata[MetaKeyID] = dek.KeyID
+	metadata[MetaDataEncryptionKey] = base64.StdEncoding.EncodeToString(dek.Ciphertext)
+	if dek.Version != "" {
+		metadata[MetaKeyVersion] = dek.Version
 	}
 	return metadata
 }
--- a/internal/crypto/sse.go
+++ b/internal/crypto/sse.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"net/http"

+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/ioutil"
 	"github.com/minio/minio/internal/logger"
 	"github.com/minio/sio"
@@ -100,7 +101,7 @@ func unsealObjectKey(clientKey []byte, metadata map[string]string, bucket, objec
 // EncryptSinglePart encrypts an io.Reader which must be the
 // body of a single-part PUT request.
 func EncryptSinglePart(r io.Reader, key ObjectKey) io.Reader {
-	r, err := sio.EncryptReader(r, sio.Config{MinVersion: sio.Version20, Key: key[:]})
+	r, err := sio.EncryptReader(r, sio.Config{MinVersion: sio.Version20, Key: key[:], CipherSuites: fips.DARECiphers()})
 	if err != nil {
 		logger.CriticalIf(context.Background(), errors.New("Unable to encrypt io.Reader using object key"))
 	}
@@ -122,7 +123,7 @@ func DecryptSinglePart(w io.Writer, offset, length int64, key ObjectKey) io.Writ
 	const PayloadSize = 1 << 16 // DARE 2.0
 	w = ioutil.LimitedWriter(w, offset%PayloadSize, length)

-	decWriter, err := sio.DecryptWriter(w, sio.Config{Key: key[:]})
+	decWriter, err := sio.DecryptWriter(w, sio.Config{Key: key[:], CipherSuites: fips.DARECiphers()})
 	if err != nil {
 		logger.CriticalIf(context.Background(), errors.New("Unable to decrypt io.Writer using object key"))
 	}
--- a/internal/etag/etag.go
+++ b/internal/etag/etag.go
@@ -117,6 +117,7 @@ import (
 	"strconv"
 	"strings"

+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/minio/internal/hash/sha256"
 	xhttp "github.com/minio/minio/internal/http"
 	"github.com/minio/sio"
@@ -345,7 +346,8 @@ func Decrypt(key []byte, etag ETag) (ETag, error) {

 	plaintext := make([]byte, 0, 16)
 	etag, err := sio.DecryptBuffer(plaintext, etag, sio.Config{
-		Key: decryptionKey,
+		Key:          decryptionKey,
+		CipherSuites: fips.DARECiphers(),
 	})
 	if err != nil {
 		return nil, err
--- a/internal/crypto/crypto.go
+++ b/internal/crypto/crypto.go
@@ -15,7 +15,22 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package crypto
+// Package fips provides functionality to configure cryptographic
+// implementations compliant with FIPS 140.
+//
+// FIPS 140 [1] is a US standard for data processing that specifies
+// requirements for cryptographic modules. Software that is "FIPS 140
+// compliant" must use approved cryptographic primitives only and that
+// are implemented by a FIPS 140 certified cryptographic module.
+//
+// So, FIPS 140 requires that a certified implementation of e.g. AES
+// is used to implement more high-level cryptographic protocols.
+// It does not require any specific security criteria for those
+// high-level protocols. FIPS 140 focuses only on the implementation
+// and usage of the most low-level cryptographic building blocks.
+//
+// [1]: https://en.wikipedia.org/wiki/FIPS_140
+package fips

 import (
 	"crypto/tls"
@@ -23,13 +38,40 @@ import (
 	"github.com/minio/sio"
 )

+// Enabled indicates whether cryptographic primitives,
+// like AES or SHA-256, are implemented using a FIPS 140
+// certified module.
+//
+// If FIPS-140 is enabled no non-NIST/FIPS approved
+// primitives must be used.
+const Enabled = enabled
+
 // DARECiphers returns a list of supported cipher suites
 // for the DARE object encryption.
-func DARECiphers() []byte { return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305} }
+func DARECiphers() []byte {
+	if Enabled {
+		return []byte{sio.AES_256_GCM}
+	}
+	return []byte{sio.AES_256_GCM, sio.CHACHA20_POLY1305}
+}

 // TLSCiphers returns a list of supported TLS transport
 // cipher suite IDs.
+//
+// The list contains only ciphers that use AES-GCM or
+// (non-FIPS) CHACHA20-POLY1305 and ellitpic curve key
+// exchange.
 func TLSCiphers() []uint16 {
+	if Enabled {
+		return []uint16{
+			tls.TLS_AES_128_GCM_SHA256, // TLS 1.3
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		}
+	}
 	return []uint16{
 		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
 		tls.TLS_AES_128_GCM_SHA256,
@@ -50,6 +92,24 @@ func TLSCiphers() []uint16 {
 // ciphers for backward compatibility. In particular, AES-CBC
 // and non-ECDHE ciphers.
 func TLSCiphersBackwardCompatible() []uint16 {
+	if Enabled {
+		return []uint16{
+			tls.TLS_AES_128_GCM_SHA256, // TLS 1.3
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2 ECDHE GCM
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS 1.2 ECDHE CBC
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // TLS 1.2 non-ECDHE
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		}
+	}
 	return []uint16{
 		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
 		tls.TLS_AES_128_GCM_SHA256,
@@ -74,5 +134,10 @@ func TLSCiphersBackwardCompatible() []uint16 {
 // TLSCurveIDs returns a list of supported elliptic curve IDs
 // in preference order.
 func TLSCurveIDs() []tls.CurveID {
-	return []tls.CurveID{tls.CurveP256, tls.X25519, tls.CurveP384, tls.CurveP521}
+	var curves []tls.CurveID
+	if !Enabled {
+		curves = append(curves, tls.X25519) // Only enable X25519 in non-FIPS mode
+	}
+	curves = append(curves, tls.CurveP256, tls.CurveP384, tls.CurveP521)
+	return curves
 }
--- a/internal/fips/fips.go
+++ b/internal/fips/fips.go
@@ -0,0 +1,25 @@
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+//go:build fips && linux && amd64
+// +build fips,linux,amd64
+
+package fips
+
+import _ "crypto/tls/fipsonly"
+
+const enabled = true
--- a/internal/fips/no_fips.go
+++ b/internal/fips/no_fips.go
@@ -0,0 +1,23 @@
+// Copyright (c) 2015-2021 MinIO, Inc.
+//
+// This file is part of MinIO Object Storage stack
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+//go:build !fips
+// +build !fips
+
+package fips
+
+const enabled = false
--- a/internal/http/headers.go
+++ b/internal/http/headers.go
@@ -181,9 +181,6 @@ const (
 	AmzChecksumTypeFullObject = "FULL_OBJECT"
 	AmzChecksumTypeComposite  = "COMPOSITE"

-	// S3 Express API related constant reject it.
-	AmzWriteOffsetBytes = "x-amz-write-offset-bytes"
-
 	// Post Policy related
 	AmzMetaUUID = "X-Amz-Meta-Uuid"
 	AmzMetaName = "X-Amz-Meta-Name"
--- a/internal/kms/conn.go
+++ b/internal/kms/conn.go
@@ -19,11 +19,8 @@ package kms

 import (
 	"context"
-	"encoding"
-	"encoding/json"
 	"strconv"

-	jsoniter "github.com/json-iterator/go"
 	"github.com/minio/madmin-go/v3"
 )

@@ -121,47 +118,7 @@ type Status struct {
 // storage.
 type DEK struct {
 	KeyID      string // Name of the master key
-	Version    int    // Version of the master key (MinKMS only)
+	Version    string // Version of the master key
 	Plaintext  []byte // Paintext of the data encryption key
 	Ciphertext []byte // Ciphertext of the data encryption key
 }
-
-var (
-	_ encoding.TextMarshaler   = (*DEK)(nil)
-	_ encoding.TextUnmarshaler = (*DEK)(nil)
-)
-
-// MarshalText encodes the DEK's key ID and ciphertext
-// as JSON.
-func (d DEK) MarshalText() ([]byte, error) {
-	type JSON struct {
-		KeyID      string `json:"keyid"`
-		Version    uint32 `json:"version,omitempty"`
-		Ciphertext []byte `json:"ciphertext"`
-	}
-	return json.Marshal(JSON{
-		KeyID:      d.KeyID,
-		Version:    uint32(d.Version),
-		Ciphertext: d.Ciphertext,
-	})
-}
-
-// UnmarshalText tries to decode text as JSON representation
-// of a DEK and sets DEK's key ID and ciphertext to the
-// decoded values.
-//
-// It sets DEK's plaintext to nil.
-func (d *DEK) UnmarshalText(text []byte) error {
-	type JSON struct {
-		KeyID      string `json:"keyid"`
-		Version    uint32 `json:"version"`
-		Ciphertext []byte `json:"ciphertext"`
-	}
-	var v JSON
-	json := jsoniter.ConfigCompatibleWithStandardLibrary
-	if err := json.Unmarshal(text, &v); err != nil {
-		return err
-	}
-	d.KeyID, d.Version, d.Plaintext, d.Ciphertext = v.KeyID, int(v.Version), nil, v.Ciphertext
-	return nil
-}
--- a/internal/kms/dek_test.go
+++ b/internal/kms/dek_test.go
@@ -1,79 +0,0 @@
-// Copyright (c) 2015-2021 MinIO, Inc.
-//
-// This file is part of MinIO Object Storage stack
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package kms
-
-import (
-	"bytes"
-	"encoding/base64"
-	"testing"
-)
-
-var dekEncodeDecodeTests = []struct {
-	Key DEK
-}{
-	{
-		Key: DEK{},
-	},
-	{
-		Key: DEK{
-			Plaintext:  nil,
-			Ciphertext: mustDecodeB64("eyJhZWFkIjoiQUVTLTI1Ni1HQ00tSE1BQy1TSEEtMjU2IiwiaXYiOiJ3NmhLUFVNZXVtejZ5UlVZL29pTFVBPT0iLCJub25jZSI6IktMSEU3UE1jRGo2N2UweHkiLCJieXRlcyI6Ik1wUkhjQWJaTzZ1Sm5lUGJGcnpKTkxZOG9pdkxwTmlUcTNLZ0hWdWNGYkR2Y0RlbEh1c1lYT29zblJWVTZoSXIifQ=="),
-		},
-	},
-	{
-		Key: DEK{
-			Plaintext:  mustDecodeB64("GM2UvLXp/X8lzqq0mibFC0LayDCGlmTHQhYLj7qAy7Q="),
-			Ciphertext: mustDecodeB64("eyJhZWFkIjoiQUVTLTI1Ni1HQ00tSE1BQy1TSEEtMjU2IiwiaXYiOiJ3NmhLUFVNZXVtejZ5UlVZL29pTFVBPT0iLCJub25jZSI6IktMSEU3UE1jRGo2N2UweHkiLCJieXRlcyI6Ik1wUkhjQWJaTzZ1Sm5lUGJGcnpKTkxZOG9pdkxwTmlUcTNLZ0hWdWNGYkR2Y0RlbEh1c1lYT29zblJWVTZoSXIifQ=="),
-		},
-	},
-	{
-		Key: DEK{
-			Version:    3,
-			Plaintext:  mustDecodeB64("GM2UvLXp/X8lzqq0mibFC0LayDCGlmTHQhYLj7qAy7Q="),
-			Ciphertext: mustDecodeB64("eyJhZWFkIjoiQUVTLTI1Ni1HQ00tSE1BQy1TSEEtMjU2IiwiaXYiOiJ3NmhLUFVNZXVtejZ5UlVZL29pTFVBPT0iLCJub25jZSI6IktMSEU3UE1jRGo2N2UweHkiLCJieXRlcyI6Ik1wUkhjQWJaTzZ1Sm5lUGJGcnpKTkxZOG9pdkxwTmlUcTNLZ0hWdWNGYkR2Y0RlbEh1c1lYT29zblJWVTZoSXIifQ=="),
-		},
-	},
-}
-
-func TestEncodeDecodeDEK(t *testing.T) {
-	for i, test := range dekEncodeDecodeTests {
-		text, err := test.Key.MarshalText()
-		if err != nil {
-			t.Fatalf("Test %d: failed to marshal DEK: %v", i, err)
-		}
-
-		var key DEK
-		if err = key.UnmarshalText(text); err != nil {
-			t.Fatalf("Test %d: failed to unmarshal DEK: %v", i, err)
-		}
-		if key.Plaintext != nil {
-			t.Fatalf("Test %d: unmarshaled DEK contains non-nil plaintext", i)
-		}
-		if !bytes.Equal(key.Ciphertext, test.Key.Ciphertext) {
-			t.Fatalf("Test %d: ciphertext mismatch: got %x - want %x", i, key.Ciphertext, test.Key.Ciphertext)
-		}
-	}
-}
-
-func mustDecodeB64(s string) []byte {
-	b, err := base64.StdEncoding.DecodeString(s)
-	if err != nil {
-		panic(err)
-	}
-	return b
-}
--- a/internal/kms/kes.go
+++ b/internal/kms/kes.go
@@ -206,6 +206,7 @@ func (c *kesConn) GenerateKey(ctx context.Context, req *GenerateKeyRequest) (DEK
 		KeyID:      name,
 		Plaintext:  dek.Plaintext,
 		Ciphertext: dek.Ciphertext,
+		Version:    dek.Version,
 	}, nil
 }

@@ -235,7 +236,7 @@ func (c *kesConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, err
 		return nil, err
 	}

-	plaintext, err := c.client.Decrypt(context.Background(), req.Name, req.Ciphertext, aad)
+	plaintext, err := c.client.Decrypt(ctx, req.Name, req.Version, req.Ciphertext, aad)
 	if err != nil {
 		if errors.Is(err, kes.ErrKeyNotFound) {
 			return nil, ErrKeyNotFound
--- a/internal/kms/kms.go
+++ b/internal/kms/kms.go
@@ -22,6 +22,7 @@ import (
 	"errors"
 	"net/http"
 	"slices"
+	"strconv"
 	"sync/atomic"
 	"time"

@@ -90,7 +91,7 @@ type DecryptRequest struct {
 	// Version is the version of the master used for
 	// decryption. If empty, the latest key version
 	// is used.
-	Version int
+	Version string

 	// Ciphertext is the encrypted data that gets
 	// decrypted.
@@ -383,7 +384,7 @@ func (c *kmsConn) GenerateKey(ctx context.Context, req *GenerateKeyRequest) (DEK

 	return DEK{
 		KeyID:      name,
-		Version:    resp[0].Version,
+		Version:    strconv.Itoa(resp[0].Version),
 		Plaintext:  resp[0].Plaintext,
 		Ciphertext: resp[0].Ciphertext,
 	}, nil
@@ -395,9 +396,17 @@ func (c *kmsConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, err
 		return nil, err
 	}

+	version := 1
+	if req.Version != "" {
+		if version, err = strconv.Atoi(req.Version); err != nil {
+			return nil, err
+		}
+	}
+
 	ciphertext, _ := parseCiphertext(req.Ciphertext)
 	resp, err := c.client.Decrypt(ctx, c.enclave, &kms.DecryptRequest{
 		Name:           req.Name,
+		Version:        version,
 		Ciphertext:     ciphertext,
 		AssociatedData: aad,
 	})
--- a/internal/kms/secret-key.go
+++ b/internal/kms/secret-key.go
@@ -154,7 +154,6 @@ func (s secretKey) GenerateKey(_ context.Context, req *GenerateKeyRequest) (DEK,
 	ciphertext = append(ciphertext, random...)
 	return DEK{
 		KeyID:      req.Name,
-		Version:    0,
 		Plaintext:  plaintext,
 		Ciphertext: ciphertext,
 	}, nil
--- a/internal/kms/stub.go
+++ b/internal/kms/stub.go
@@ -103,7 +103,7 @@ func (s StubKMS) GenerateKey(_ context.Context, req *GenerateKeyRequest) (DEK, e
 	}
 	return DEK{
 		KeyID:      req.Name,
-		Version:    0,
+		Version:    "0",
 		Plaintext:  []byte("stubplaincharswhichare32bytelong"),
 		Ciphertext: []byte("stubplaincharswhichare32bytelong"),
 	}, nil
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@@ -75,10 +75,7 @@ var matchingFuncNames = [...]string{
 var (
 	quietFlag, jsonFlag, anonFlag bool
 	// Custom function to format error
-	// can be registered by RegisterError
-	errorFmtFunc = func(introMsg string, err error, jsonFlag bool) string {
-		return fmt.Sprintf("msg: %s\n err:%s", introMsg, err)
-	}
+	errorFmtFunc func(string, error, bool) string
 )

 // EnableQuiet - turns quiet option on.