From: Matthew N. Heler <matthew.heler@hotmail.com>
Date: Sun, 29 Mar 2026 18:48:01 +0000 (-0500)
Subject: rgw: use stored plaintext size for AEAD segment validation
X-Git-Tag: v21.0.1~125^2~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e7925772ee957f6fb60ed3cff4ec95aea8b88e9b;p=ceph.git

rgw: use stored plaintext size for AEAD segment validation

The SLO/DLO size check was converting encrypted size to plaintext
via rgw_get_aead_decrypted_size(), which overestimates for multipart
objects without CRYPT_PARTS. Use the stored CRYPT_ORIGINAL_SIZE
attr instead, it's exact and already in the attrs.

Signed-off-by: Matthew N. Heler <matthew.heler@hotmail.com>
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 8a316cdba91..7a80eb9479b 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -2048,15 +2048,14 @@ int RGWGetObj::read_user_manifest_part(rgw::sal::Bucket* bucket,
   }
   else
   {
-    /**
-     * For AEAD encryption, the on-disk size includes authentication tags,
-     * but the bucket index stores plaintext size. Convert encrypted size
-     * to plaintext for comparison against the index entry.
+    /*
+     * AEAD on-disk size includes auth tags; use the stored plaintext
+     * size for comparison against the bucket index entry.
      */
     uint64_t obj_size = part->get_size();
-    uint64_t decrypted_size = 0;
-    if (rgw_get_aead_decrypted_size(this, part->get_attrs(), obj_size, &decrypted_size)) {
-      obj_size = decrypted_size;
+    uint64_t original_size = 0;
+    if (rgw_get_aead_original_size(this, part->get_attrs(), &original_size)) {
+      obj_size = original_size;
     }
     if (obj_size != ent.meta.size) {
       // hmm.. something wrong, object not as expected, abort!