From b9a03d195290763bf5754c15a7cfd2bf7cb52cdf Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@redhat.com>
Date: Thu, 17 Jul 2025 12:41:41 -0400
Subject: [PATCH] rgw: DeleteObject supports sigv4 with Transfer-Encoding:
 chunked

we don't expect a request body for DeleteObject, so hadn't implemented
its check for the payload hash against the x-amz-content-sha256 header

Fixes: https://tracker.ceph.com/issues/71607

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---
 src/rgw/rgw_rest_s3.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index ac1b1e3f54fe..082144d08332 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3741,7 +3741,9 @@ int RGWDeleteObj_ObjStore_S3::get_params(optional_yield y)
     bypass_governance_mode = boost::algorithm::iequals(bypass_gov_decoded, "true");
   }
 
-  return 0;
+  // we're not reading any request body, so this should just match
+  // the sha256 hash of an empty buffer
+  return do_aws4_auth_completion();
 }
 
 void RGWDeleteObj_ObjStore_S3::send_response()
@@ -6447,6 +6449,7 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
         case RGW_OP_INIT_MULTIPART: // in case that Init Multipart uses CHUNK encoding
         case RGW_OP_COMPLETE_MULTIPART:
         case RGW_OP_SET_BUCKET_VERSIONING:
+        case RGW_OP_DELETE_OBJ:
         case RGW_OP_DELETE_MULTI_OBJ:
         case RGW_OP_ADMIN_SET_METADATA:
         case RGW_OP_SYNC_DATALOG_NOTIFY:
-- 
2.47.3