Checksum verification fails for composite checkum types

[marack]

Describe the bug

S3 GetObject fails with a "Response checksums mismatch" error when the target object has a "Composite" checksum type. The only way to successfully retrieve such an object seems to be by setting checksum validation to "WHEN_REQUIRED".

There is a TODO comment in the source where the error is generated that suggests support for these checksums may not be implemented at all: https://github.com/aws/aws-sdk-cpp/blame/5849c282350f3ed1667b8dcd0c34c1259a026928/src/aws-cpp-sdk-core/include/smithy/client/features/ChecksumInterceptor.h#L174

Note that composite checksums end in a dash and number as mentioned in the comment. See also: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html?icmpid=docs_amazons3_console#ChecksumTypes)

The boto3 API defaults to using mutli-part uploads for files > 8MB, resulting in a Composite checksum by default. However the C++ API does not seems to support these, but defaults to attempting to verify them anyway.

This seems like a problematic situation where PutObject issued via boto3 will succeed, but then a matching GetObject via C++ will fail even though both calls are issued using the default request parameters.

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

S3 GetObject on an object with a Composite checksum type should succeed

Current Behavior

S3 GetObject on an object with a Composite checksum fails with an error "Response checksums mismatch".

Reproduction Steps

Upload a file to S3 using boto3 python API. File must be > 8MB to trigger use of Composite checksum using default settings.

import boto3
s3 = boto3.client('s3')
s3.upload_file('test.data', 'my-bucket', 'test.data')

Now try to dowload the same file with C++ API

#include <aws/core/Aws.h>
#include <aws/s3/S3Client.h>
#include <aws/s3/model/GetObjectRequest.h>
#include <aws/s3/model/GetObjectResult.h>
#include <iostream>

int main(int argc, char const* argv[])
{
  Aws::InitAPI({});

  Aws::Client::ClientConfiguration config;
  // uncomment the below line to make test pass (but should not be needed and is not recommended)
  //config.checksumConfig.responseChecksumValidation = Aws::Client::ResponseChecksumValidation::WHEN_REQUIRED;

  auto client = Aws::S3::S3Client{config};

  auto req = Aws::S3::Model::GetObjectRequest{};
  req.SetBucket("my-bucket");
  req.SetKey("test.data");

  auto res = client.GetObject(req);
  if (res.IsSuccess())
    std::cout << "Success!\n";
  else
    std::cerr << "Failure: " << res.GetError().GetMessage() << "\n";

  return 0;
}

Possible Solution

No response

Additional Information/Context

No response

AWS CPP SDK version used

1.11.613

Compiler and Version used

gcc (GCC) 15.1.1 20250521 (Red Hat 15.1.1-2)

Operating System and version

Fedora release 42 (Adams)

[sbiscigl]

Hey @marack you are right, thats not the intended behavior. Looks like that todo goes back to the original implementation of flex checksums. Put out a PR to fix this to align with how other SDKs behave.

[sbiscigl]

PR has been merged and is availible in main will be tagged tomorrow with the release of 1.11.615

[sbiscigl]

released and tagged, give a shout if you see anything else

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.