diff options
| author | Tobias Fella <fella@posteo.de> | 2022-05-20 12:41:06 +0200 |
|---|---|---|
| committer | Tobias Fella <fella@posteo.de> | 2022-05-20 12:44:53 +0200 |
| commit | 44f34c60fe1f1dde859655bbda86221b6cec4811 (patch) | |
| tree | c295f816a4c81ef1a73f47ddbfad1f256d2cac65 /lib | |
| parent | a8076b9a2394150e11381dc8fc2e3af2bbd03f39 (diff) | |
| download | libquotient-44f34c60fe1f1dde859655bbda86221b6cec4811.tar.gz libquotient-44f34c60fe1f1dde859655bbda86221b6cec4811.zip | |
Truncate ciphertext buffer to actual size during file encryption
The ciphertext for AES CTR is exactly as large as the plaintext (not
necessarily a multiple of the blocksize!). By truncating the ciphertext,
we do not send bytes that will be decrypted to gibberish.
As a side node, we probably do not need to initialize the ciphertext
buffer larger than the plaintext size at all, but the OpenSSL docs are a
bit vague about that.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/events/encryptedfile.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/events/encryptedfile.cpp b/lib/events/encryptedfile.cpp index 9cc3a0c8..140dca7f 100644 --- a/lib/events/encryptedfile.cpp +++ b/lib/events/encryptedfile.cpp @@ -67,6 +67,7 @@ std::pair<EncryptedFile, QByteArray> EncryptedFile::encryptFile(const QByteArray QByteArray cipherText(plainText.size() + EVP_MAX_BLOCK_LENGTH - 1, '\0'); EVP_EncryptInit_ex(ctx, EVP_aes_256_ctr(), nullptr, reinterpret_cast<const unsigned char*>(k.data()),reinterpret_cast<const unsigned char*>(iv.data())); EVP_EncryptUpdate(ctx, reinterpret_cast<unsigned char*>(cipherText.data()), &length, reinterpret_cast<const unsigned char*>(plainText.data()), plainText.size()); + cipherText.resize(length); EVP_EncryptFinal_ex(ctx, reinterpret_cast<unsigned char*>(cipherText.data()) + length, &length); EVP_CIPHER_CTX_free(ctx); |