From: Marcus Watts <mwatts@redhat.com>
Date: Wed, 17 Sep 2025 21:11:33 +0000 (-0400)
Subject: copy object encryption fixes - copy_part_enc with sse-c; use correct copysource values
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7da35da23dbe4fa89a66311517848eb3ce9feb96;p=ceph-ci.git

copy object encryption fixes - copy_part_enc with sse-c; use correct copysource values

copy_part w/ sse-c: use the correct copysource attributes for sse-c

XXX fixup merge w/ previous

Resolves: rhbz#2394511

Fixes: https://tracker.ceph.com/issues/23264

Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit 29871b4c88a60c98062d7acac64b07b21199cf24)
---

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 0657c7a9f11..ed120006136 100644
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -1333,7 +1333,7 @@ int rgw_s3_prepare_decrypt(RGWDecryptContext &cb, optional_yield y,
 
     if (nullptr == req_cust_alg)  {
       ldpp_dout(cb.dpp, 5) << "ERROR: Request for SSE-C encrypted object missing "
-                       << "x-amz-server-side-encryption-customer-algorithm"
+                       << cb.sse_ca
                        << dendl;
       cb.error_message = "Requests specifying Server Side Encryption with Customer "
                        "provided keys must provide a valid encryption algorithm.";
@@ -1523,7 +1523,6 @@ int rgw_s3_prepare_decrypt(req_state* s,
                        std::map<std::string, std::string>& crypt_http_responses)
 {
   // RGWDecryptContext cb(s);
-  int res = 0;
   std::string stored_mode = get_str_attribute(attrs, RGW_ATTR_CRYPT_MODE);
   ldpp_dout(s, 15) << "Encryption mode: " << stored_mode << dendl;
   if (stored_mode == "SSE-C-AES256") {
diff --git a/src/rgw/rgw_crypt.h b/src/rgw/rgw_crypt.h
index 8cec301aa3d..831bbf1c778 100644
--- a/src/rgw/rgw_crypt.h
+++ b/src/rgw/rgw_crypt.h
@@ -174,7 +174,6 @@ struct RGWDecryptContext {
 	sse_c_key("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY"),
 	sse_c_md5("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5") {
   };
-#if 0
   RGWDecryptContext(req_state *s, bool customer_side) : dpp(s), cct(s->cct),
         error_message(s->err.message),
 	get_or_head(s->op == OP_GET || s->op == OP_HEAD),
@@ -184,7 +183,6 @@ struct RGWDecryptContext {
 	sse_c_key("HTTP_X_AMZ_COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY"),
 	sse_c_md5("HTTP_X_AMZ_COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5") {
   };
-#endif
   RGWDecryptContext(const DoutPrefixProvider* _dpp, CephContext* _cct,
             std::string &_error_message,
             bool _get_or_head, bool _secure_channel,
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 823d9690e79..a6ecb68c7a4 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2974,9 +2974,10 @@ int RGWPutObj_ObjStore_S3::get_decrypt_filter(
     bufferlist* manifest_bl)
 {
   std::map<std::string, std::string> crypt_http_responses_unused;
+  RGWDecryptContext dctx { s, true };
 
   std::unique_ptr<BlockCrypt> block_crypt;
-  int res = rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
+  int res = rgw_s3_prepare_decrypt(dctx, s->yield, attrs, &block_crypt,
                                    crypt_http_responses_unused);
   if (res < 0) {
     return res;