You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
New features
Padding::NONE — CFB and OFB modes can now operate as true stream ciphers without block alignment. Arbitrary-length plaintext is supported; no padding is added or expected. ECB and CBC with NONE on non-block-aligned input return an empty result and set ok = false.
Performance
byteXor() and expandKey() O(n²) → O(n) — both functions used QByteArray::insert() in tight loops, shifting all subsequent bytes on every iteration. Both now pre-allocate to the final size and write via direct indexing.
Security fixes
AES-NI secureZero used wrong size — key material was always zeroed to 240 bytes regardless of key size. It now correctly zeros 176, 208, or 240 bytes for AES-128, AES-192, and AES-256 respectively.
OFB and CTR software paths extracted into shared xcryptOFB / xcryptCTR helpers.
AES per-level param structs replaced with a single kAesParams lookup table.
All C-style (quint8) casts replaced with static_cast<quint8>.
Testing & CI
OpenSSL interop cross-check — new CI workflow (ci-openssl-crosscheck.yml) validates byte-for-byte compatibility between Qt-AES and OpenSSL EVP in both directions (Qt→OpenSSL and OpenSSL→Qt) for all 5 modes × 3 key sizes using NIST SP 800-38A vectors.
Windows CI matrix expanded to include Qt 5.15.2.
Fuzzing CI action upgraded.
Documentation
README reorganised into docs/ subdirectory (api-reference, examples, getting-started, aesni, testing).
OpenSSL CLI interoperability examples added (Qt→OpenSSL and OpenSSL→Qt for CBC, CFB, OFB).
New Best Practices section: random IV generation, IV storage alongside ciphertext, PBKDF2 key derivation, ECB warning.