From 82a7aa9e3eabfde4a82046d78aad2dadbfc0d8e1 Mon Sep 17 00:00:00 2001 From: Marcus Watts Date: Wed, 28 Jun 2017 04:03:39 -0400 Subject: [PATCH] Fix s3 object uploads with chunked transfers and v4 signatures. With aws-sdk-java 1.11, large uploads use chunked transfer by default, and v4 signatures are the default. The java sdk uses a slightly different string "AWS4-HMAC-SHA256-PAYLOAD" when constructing the per-chunk signature than ceph was using. This same string also appears in a current copy of s3-api.pdf , so it must be the more correct value. Fixes: http://tracker.ceph.com/issues/20447 Signed-off-by: Marcus Watts --- src/rgw/rgw_auth_s3.cc | 2 +- src/rgw/rgw_auth_s3.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc index 0788974635df..15f2ec3ebe6b 100644 --- a/src/rgw/rgw_auth_s3.cc +++ b/src/rgw/rgw_auth_s3.cc @@ -909,7 +909,7 @@ std::string AWSv4ComplMulti::calc_chunk_signature(const std::string& payload_hash) const { const auto string_to_sign = string_join_reserve("\n", - AWS4_HMAC_SHA256_STR, + AWS4_HMAC_SHA256_PAYLOAD_STR, date, credential_scope, prev_chunk_signature, diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h index b5fc2919213d..97caf8027363 100644 --- a/src/rgw/rgw_auth_s3.h +++ b/src/rgw/rgw_auth_s3.h @@ -316,6 +316,7 @@ namespace auth { namespace s3 { static constexpr char AWS4_HMAC_SHA256_STR[] = "AWS4-HMAC-SHA256"; +static constexpr char AWS4_HMAC_SHA256_PAYLOAD_STR[] = "AWS4-HMAC-SHA256-PAYLOAD"; static constexpr char AWS4_EMPTY_PAYLOAD_HASH[] = \ "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"; -- 2.47.3