rgw: Update buffer size for HMAC signature and improve signature max size calculation

author Edwin Rodriguez <edwin.rodriguez1@ibm.com>

Thu, 7 Aug 2025 16:00:01 +0000 (12:00 -0400)

committer Edwin Rodriguez <edwin.rodriguez1@ibm.com>

Thu, 16 Oct 2025 21:32:50 +0000 (17:32 -0400)
author Edwin Rodriguez <edwin.rodriguez1@ibm.com>
Thu, 7 Aug 2025 16:00:01 +0000 (12:00 -0400)
committer Edwin Rodriguez <edwin.rodriguez1@ibm.com>
Thu, 16 Oct 2025 21:32:50 +0000 (17:32 -0400)
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc

index 3cee81c97d2e20f9924f9a0e4694d6b9db64dda7..b1cec840b86c85498a38b673d025a472cb316c5b 100644 (file)
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1024,12 +1024,13 @@ get_v2_signature(CephContext* const cct,
  
    const auto digest = calc_hmac_sha1(secret_key, string_to_sign);
  
-  /* 64 is really enough */;
-  char buf[64];
-  const int ret = ceph_armor(std::begin(buf),
-                             std::begin(buf) + 64,
-                             reinterpret_cast<const char *>(digest.v),
-                             reinterpret_cast<const char *>(digest.v + digest.SIZE));
+  /* Sized for signature */;
+  char buf[AWSEngine::VersionAbstractor::SIGNATURE_MAX_SIZE];
+  const int ret = ceph_armor(
+      std::begin(buf),
+      std::begin(buf) + AWSEngine::VersionAbstractor::SIGNATURE_MAX_SIZE,
+      reinterpret_cast<const char*>(digest.v),
+      reinterpret_cast<const char*>(digest.v + digest.SIZE));
    if (ret < 0) {
      ldout(cct, 10) << "ceph_armor failed" << dendl;
      throw ret;
diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h

index 337f9f4d11a44c5ed62bf91fdef5a6cf9e818104..c3213a9dfca13acc95c43f84c49e4955a7bee052 100644 (file)
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -939,13 +939,14 @@ public:
      static constexpr size_t DIGEST_SIZE_V2 = CEPH_CRYPTO_HMACSHA1_DIGESTSIZE;
      static constexpr size_t DIGEST_SIZE_V4 = CEPH_CRYPTO_HMACSHA256_DIGESTSIZE;
  
+  public:
+
      /* Knowing the signature max size allows us to employ the sstring, and thus
       * avoid dynamic allocations. The multiplier comes from representing digest
       * in the base64-encoded form. */
      static constexpr size_t SIGNATURE_MAX_SIZE = \
        std::max(DIGEST_SIZE_V2, DIGEST_SIZE_V4) * 2 + sizeof('\0');
  
-  public:
      virtual ~VersionAbstractor() {};
  
      using access_key_id_t = std::string_view;
author	Edwin Rodriguez <edwin.rodriguez1@ibm.com>
	Thu, 7 Aug 2025 16:00:01 +0000 (12:00 -0400)
committer	Edwin Rodriguez <edwin.rodriguez1@ibm.com>
	Thu, 16 Oct 2025 21:32:50 +0000 (17:32 -0400)
src/rgw/rgw_auth_s3.cc		patch \| blob \| history
src/rgw/rgw_rest_s3.h		patch \| blob \| history