Adding a length check to seperate hex from b64 check

minio · Jun 13, 2024 · 6dadb1c · 6dadb1c
1 parent 6a02624
commit 6dadb1c
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/cmd/encryption-methods.go b/cmd/encryption-methods.go
@@ -223,13 +223,16 @@ func parseSSEKey(sseKey string, keyType sseKeyType) (
 		return
 	}
 
-	keyB, de := hex.DecodeString(encodedKey)
-	if de != nil {
-		keyB, de = base64.RawStdEncoding.DecodeString(encodedKey)
-		if de != nil {
-			err = errSSEClientKeyFormat(fmt.Sprintf("Key (%s) was neither base64 raw encoded nor hex encoded.", encodedKey)).Trace(sseKey)
-			return
-		}
+	var keyB []byte
+	var decodeError error
+	if len(encodedKey) == 64 {
+		keyB, decodeError = hex.DecodeString(encodedKey)
+	} else {
+		keyB, decodeError = base64.RawStdEncoding.DecodeString(encodedKey)
+	}
+
+	if decodeError != nil {
+		err = errSSEClientKeyFormat(fmt.Sprintf("Key (%s) was neither base64 raw encoded nor hex encoded.", encodedKey)).Trace(sseKey)
 	}
 
 	key = string(keyB)