CopyObject must preserve checksums and encrypt them if required (#21399)

2026-02-05 02:10:14 -05:00 · 2025-06-25 17:08:54 +02:00
parent a65292cab1
commit 2718d9a430
12 changed files with 396 additions and 21 deletions
--- a/cmd/object-api-utils.go
+++ b/cmd/object-api-utils.go
@@ -1096,6 +1096,16 @@ func NewPutObjReader(rawReader *hash.Reader) *PutObjReader {
 	return &PutObjReader{Reader: rawReader, rawReader: rawReader}
 }

+// RawServerSideChecksumResult returns the ServerSideChecksumResult from the
+// underlying rawReader, since the PutObjReader might be encrypted data and
+// thus any checksum from that would be incorrect.
+func (p *PutObjReader) RawServerSideChecksumResult() *hash.Checksum {
+	if p.rawReader != nil {
+		return p.rawReader.ServerSideChecksumResult
+	}
+	return nil
+}
+
 func sealETag(encKey crypto.ObjectKey, md5CurrSum []byte) []byte {
 	var emptyKey [32]byte
 	if bytes.Equal(encKey[:], emptyKey[:]) {