From: Marcus Watts Date: Wed, 28 Jun 2017 08:03:39 +0000 (-0400) Subject: Fix s3 object uploads with chunked transfers and v4 signatures. X-Git-Tag: v12.1.1~171^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=82a7aa9e3eabfde4a82046d78aad2dadbfc0d8e1;p=ceph.git Fix s3 object uploads with chunked transfers and v4 signatures. With aws-sdk-java 1.11, large uploads use chunked transfer by default, and v4 signatures are the default. The java sdk uses a slightly different string "AWS4-HMAC-SHA256-PAYLOAD" when constructing the per-chunk signature than ceph was using. This same string also appears in a current copy of s3-api.pdf , so it must be the more correct value. Fixes: http://tracker.ceph.com/issues/20447 Signed-off-by: Marcus Watts --- diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc index 0788974635df..15f2ec3ebe6b 100644 --- a/src/rgw/rgw_auth_s3.cc +++ b/src/rgw/rgw_auth_s3.cc @@ -909,7 +909,7 @@ std::string AWSv4ComplMulti::calc_chunk_signature(const std::string& payload_hash) const { const auto string_to_sign = string_join_reserve("\n", - AWS4_HMAC_SHA256_STR, + AWS4_HMAC_SHA256_PAYLOAD_STR, date, credential_scope, prev_chunk_signature, diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h index b5fc2919213d..97caf8027363 100644 --- a/src/rgw/rgw_auth_s3.h +++ b/src/rgw/rgw_auth_s3.h @@ -316,6 +316,7 @@ namespace auth { namespace s3 { static constexpr char AWS4_HMAC_SHA256_STR[] = "AWS4-HMAC-SHA256"; +static constexpr char AWS4_HMAC_SHA256_PAYLOAD_STR[] = "AWS4-HMAC-SHA256-PAYLOAD"; static constexpr char AWS4_EMPTY_PAYLOAD_HASH[] = \ "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";