Skip to content

Releases: bricke/Qt-AES

2.1 Release

25 Mar 20:34
@bricke bricke
v2.1.0
405da29
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2.1 Release Latest
Latest

New features

  • Padding::NONE — CFB and OFB modes can now operate as true stream ciphers without block alignment. Arbitrary-length plaintext is supported; no padding is added or expected. ECB and CBC with NONE on non-block-aligned input return an empty result and set ok = false.

Performance

  • byteXor() and expandKey() O(n²) → O(n) — both functions used QByteArray::insert() in tight loops, shifting all subsequent bytes on every iteration. Both now pre-allocate to the final size and write via direct indexing.

Security fixes

  • AES-NI secureZero used wrong size — key material was always zeroed to 240 bytes regardless of key size. It now correctly zeros 176, 208, or 240 bytes for AES-128, AES-192, and AES-256 respectively.

Refactoring

  • AES-NI encode/decode: eliminated redundant expKey stack buffer copy — expandedKey.constData() is passed directly.
  • OFB and CTR software paths extracted into shared xcryptOFB / xcryptCTR helpers.
  • AES per-level param structs replaced with a single kAesParams lookup table.
  • All C-style (quint8) casts replaced with static_cast<quint8>.

Testing & CI

  • OpenSSL interop cross-check — new CI workflow (ci-openssl-crosscheck.yml) validates byte-for-byte compatibility between Qt-AES and OpenSSL EVP in both directions (Qt→OpenSSL and OpenSSL→Qt) for all 5 modes × 3 key sizes using NIST SP 800-38A vectors.
  • Windows CI matrix expanded to include Qt 5.15.2.
  • Fuzzing CI action upgraded.

Documentation

  • README reorganised into docs/ subdirectory (api-reference, examples, getting-started, aesni, testing).
  • OpenSSL CLI interoperability examples added (Qt→OpenSSL and OpenSSL→Qt for CBC, CFB, OFB).
  • New Best Practices section: random IV generation, IV storage alongside ciphertext, PBKDF2 key derivation, ECB warning.
Assets 2
Loading

2.0 Release

11 Mar 05:24
@bricke bricke
v2.0.0
ec2a595

Choose a tag to compare

View all tags
2.0 Release

This release is a significant overhaul covering new cipher modes, hardware acceleration, correctness fixes, and API cleanup. Review the breaking changes before upgrading.

Breaking changes

  • printArray() removed — this debug helper has been removed from the public API.
  • expandKey() instance method moved to private — use the static QAESEncryption::ExpandKey() for advanced key schedule inspection.
  • AES192::expandedKey corrected from 209 to 208 bytes ((Nr+1)×Nb×4 = 13×16 = 208). This was a latent bug in the AES-192 key schedule size.

New features

  • CTR mode — streaming cipher mode added for all key sizes (AES-128/192/256), with AES-NI hardware acceleration on x86/x86-64.
  • AES-NI acceleration for CFB and OFB — all five cipher modes (ECB, CBC, CFB, OFB, CTR) are now hardware-accelerated when QTAES_ENABLE_AESNI=ON.
  • bool *ok error reporting — encode(), decode(), and removePadding() (both instance and static variants) now accept an optional bool *ok = nullptr parameter that is set to false on
    invalid key/IV size or malformed PKCS7 padding. Existing code requires no changes.

Security fixes

  • PKCS7 padding validation — removePadding() now validates that all padding bytes match the padding length value. Previously, invalid padding could silently produce wrong output.
  • Secure memory zeroing — sensitive key material (expanded key schedules) is now zeroed with a volatile write to prevent dead-store elimination by the compiler.

Correctness fixes

  • Software CFB loop refactored — the previous implementation had a structurally incorrect pre-loop pattern. The loop now correctly feeds the ciphertext block back as the next IV
    (C[i] → feedback), matching NIST SP 800-38A §6.3.
  • Thread safety — m_state member removed; all mutable state during encode()/decode() is now stack-local, making instances safe to use concurrently from multiple threads without a
    mutex.

Testing & CI

  • NIST SP 800-38A known-answer vectors added for CFB128 (F.3.13/F.3.14), CTR (F.5.1–F.5.6), and AES-NI paths for all modes.
  • Sanitizer CI (QTAES_ENABLE_SANITIZERS=ON) — AddressSanitizer + UBSan workflow runs on every push.
  • libFuzzer fuzz target (QTAES_ENABLE_FUZZING=ON) — exercises all mode/key-size/padding combinations; checks crash-freedom and PKCS7/CTR round-trip correctness. Runs weekly on CI.
Loading

1.2 Release

16 Dec 15:37
@bricke bricke
1.2
845e3b4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.2 Release
  • New padding types
  • CMake support
  • Added new Modes
Loading

1.1 Release

30 Mar 16:31
@bricke bricke
1.1
a74a46e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.1 Release
  • Added padding types
  • Compatibility Qt5.5
  • Improved Performances
Loading

1.0 RC

11 Jul 16:44
@bricke bricke
v1.0
3350cf1

Choose a tag to compare

View all tags
1.0 RC
  • Added CFB mode
Loading

1.0 Beta

07 Jul 18:26
@bricke bricke
v1.0-beta
72bd2df

Choose a tag to compare

View all tags
1.0 Beta Pre-release
Pre-release
  • Support for 128-192-256 bit keys
  • Support for ECB and CBC mode encryption
  • Static access
  • Instance access
Loading