Skip to content

2.1 Release

Latest

Choose a tag to compare

@bricke bricke released this 25 Mar 20:34
405da29

New features

  • Padding::NONE — CFB and OFB modes can now operate as true stream ciphers without block alignment. Arbitrary-length plaintext is supported; no padding is added or expected. ECB and CBC with NONE on non-block-aligned input return an empty result and set ok = false.

Performance

  • byteXor() and expandKey() O(n²) → O(n) — both functions used QByteArray::insert() in tight loops, shifting all subsequent bytes on every iteration. Both now pre-allocate to the final size and write via direct indexing.

Security fixes

  • AES-NI secureZero used wrong size — key material was always zeroed to 240 bytes regardless of key size. It now correctly zeros 176, 208, or 240 bytes for AES-128, AES-192, and AES-256 respectively.

Refactoring

  • AES-NI encode/decode: eliminated redundant expKey stack buffer copy — expandedKey.constData() is passed directly.
  • OFB and CTR software paths extracted into shared xcryptOFB / xcryptCTR helpers.
  • AES per-level param structs replaced with a single kAesParams lookup table.
  • All C-style (quint8) casts replaced with static_cast<quint8>.

Testing & CI

  • OpenSSL interop cross-check — new CI workflow (ci-openssl-crosscheck.yml) validates byte-for-byte compatibility between Qt-AES and OpenSSL EVP in both directions (Qt→OpenSSL and OpenSSL→Qt) for all 5 modes × 3 key sizes using NIST SP 800-38A vectors.
  • Windows CI matrix expanded to include Qt 5.15.2.
  • Fuzzing CI action upgraded.

Documentation

  • README reorganised into docs/ subdirectory (api-reference, examples, getting-started, aesni, testing).
  • OpenSSL CLI interoperability examples added (Qt→OpenSSL and OpenSSL→Qt for CBC, CFB, OFB).
  • New Best Practices section: random IV generation, IV storage alongside ciphertext, PBKDF2 key derivation, ECB warning.