2367319 – [rgw][cksum] failure to compute/verify checksums with recent aws-go-sdk-v2 versions

Bug 2367319 - [rgw][cksum] failure to compute/verify checksums with recent aws-go-sdk-v2 versions

Summary: [rgw][cksum] failure to compute/verify checksums with recent aws-go-sdk-v2 ve...

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	8.1
Assignee:	Matt Benjamin (redhat)
QA Contact:	Hemanth Sai
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2351689
TreeView+	depends on / blocked

Reported:	2025-05-19 16:08 UTC by Matt Benjamin (redhat)
Modified:	2025-06-11 14:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ceph-19.2.1-205.el9cp
Doc Type:	Bug Fix
Doc Text:	.Ceph Object Gateway now recognizes additional checksums from their checksum-type specific headers and trailers Previously, the `aws-sdk-go-v2` checksum behavior differed from other SDKs, as it did not send either `x-amz-checksum-algorithm` or `x-amz-sdk-checksum` and never included `x-amz-decoded-content-length`, despite AWS documentation requiring it. As a result, additional checksums were not recognized when sent, and some AWS-chunked requests failed an assertion check for decoded content length with an `InvalidArgument` error. With this fix, Ceph Object Gateway can now recognize additional checksums from their checksum-type specific header or trailer. Ceph Object Gateway no longer tests and asserts for decoded content length, as it is unnecessary due to chunk signature calculations.
Clone Of:
Environment:
Last Closed:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	71183	None	None	None	2025-05-19 16:08:26 UTC
Github	ceph ceph pull 63326	None	open	rgw: recognize checksum from x-amz-checksum-{type} alone	2025-05-19 16:08:26 UTC
Red Hat Issue Tracker	RHCEPH-11434	None	None	None	2025-05-19 16:09:12 UTC

Description Matt Benjamin (redhat) 2025-05-19 16:08:26 UTC

Description of problem:

Several upload requests are handled incorrectly (no checksum is generated or validated) when sent with the aws-sdk-go-v2, due to issues with checksum recognition.

In addition, in one scenario an upload fails due to an assertion failure (the golang sdk v2 does not send an x-amz-decoded-content-length header as required here [1] in some aws-chunked transfers with a trailing checksum).

Comment 1 Storage PM bot 2025-05-19 16:08:38 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Note You need to log in before you can comment on or make changes to this bug.