copy object encryption fixes - copy_part_enc with sse-c; use correct copysource values

copy_part w/ sse-c: use the correct copysource attributes for sse-c

XXX fixup merge w/ previous

Resolves: rhbz#2394511

Fixes: https://tracker.ceph.com/issues/23264
Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit 29871b4c88a60c98062d7acac64b07b21199cf24)

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 0657c7a9f115523132a4347043d0da6a97b0c048..ed120006136c169b062166e79048017cd4ec6c4f 100644 (file)
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -1333,7 +1333,7 @@ int rgw_s3_prepare_decrypt(RGWDecryptContext &cb, optional_yield y,
 
     if (nullptr == req_cust_alg)  {
       ldpp_dout(cb.dpp, 5) << "ERROR: Request for SSE-C encrypted object missing "
-                       << "x-amz-server-side-encryption-customer-algorithm"
+                       << cb.sse_ca
                        << dendl;
       cb.error_message = "Requests specifying Server Side Encryption with Customer "
                        "provided keys must provide a valid encryption algorithm.";
@@ -1523,7 +1523,6 @@ int rgw_s3_prepare_decrypt(req_state* s,
                        std::map<std::string, std::string>& crypt_http_responses)
 {
   // RGWDecryptContext cb(s);
-  int res = 0;
   std::string stored_mode = get_str_attribute(attrs, RGW_ATTR_CRYPT_MODE);
   ldpp_dout(s, 15) << "Encryption mode: " << stored_mode << dendl;
   if (stored_mode == "SSE-C-AES256") {

diff --git a/src/rgw/rgw_crypt.h b/src/rgw/rgw_crypt.h
index 8cec301aa3ddf97be6a83ef24bba13675ccf3849..831bbf1c778089c49df993e7d69f38e01f14860c 100644 (file)
--- a/src/rgw/rgw_crypt.h
+++ b/src/rgw/rgw_crypt.h
@@ -174,7 +174,6 @@ struct RGWDecryptContext {
        sse_c_key("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY"),
        sse_c_md5("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5") {
   };
-#if 0
   RGWDecryptContext(req_state *s, bool customer_side) : dpp(s), cct(s->cct),
         error_message(s->err.message),
        get_or_head(s->op == OP_GET || s->op == OP_HEAD),
@@ -184,7 +183,6 @@ struct RGWDecryptContext {
        sse_c_key("HTTP_X_AMZ_COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY"),
        sse_c_md5("HTTP_X_AMZ_COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5") {
   };
-#endif
   RGWDecryptContext(const DoutPrefixProvider* _dpp, CephContext* _cct,
             std::string &_error_message,
             bool _get_or_head, bool _secure_channel,

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 823d9690e79dd297e4839e5dfaf23ff7433ce978..a6ecb68c7a4b36a0b11f983c8de15331f05ae098 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2974,9 +2974,10 @@ int RGWPutObj_ObjStore_S3::get_decrypt_filter(
     bufferlist* manifest_bl)
 {
   std::map<std::string, std::string> crypt_http_responses_unused;
+  RGWDecryptContext dctx { s, true };
 
   std::unique_ptr<BlockCrypt> block_crypt;
-  int res = rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
+  int res = rgw_s3_prepare_decrypt(dctx, s->yield, attrs, &block_crypt,
                                    crypt_http_responses_unused);
   if (res < 0) {
     return res;