Mirrors/overte-Armored-Dragon
3
0
Fork 0
mirror of https://github.com/Armored-Dragon/overte.git synced 2025-03-11 16:13:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

security image bug

Browse source
This commit is contained in:
David Kelly 2017-08-25 10:29:40 -07:00
parent c5fbd5a2a5
commit c316e50f0f
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
interface/src/commerce/Wallet.cpp
View file

@ -220,8 +220,8 @@ static const unsigned char IVEC[16] = "IAmAnIVecYay123";
void initializeAESKeys(unsigned char* ivec, unsigned char* ckey, const QByteArray& salt) {
// first ivec
memcpy(ivec, IVEC, 16);
auto hash = QCryptographicHash::hash(salt, QCryptographicHash::Md5);
memcpy(ckey, hash.data(), 16);
auto hash = QCryptographicHash::hash(salt, QCryptographicHash::Sha256);
memcpy(ckey, hash.data(), 32);
}
void Wallet::setPassphrase(const QString& passphrase) {
@ -238,7 +238,7 @@ bool Wallet::encryptFile(const QString& inputFilePath, const QString& outputFile
// a constant. We can review this later - there are ways to generate keys
// from a password that may be better.
unsigned char ivec[16];
unsigned char ckey[16];
unsigned char ckey[32];
initializeAESKeys(ivec, ckey, _salt);
@ -292,7 +292,7 @@ bool Wallet::encryptFile(const QString& inputFilePath, const QString& outputFile
bool Wallet::decryptFile(const QString& inputFilePath, unsigned char** outputBufferPtr, int* outputBufferSize) {
unsigned char ivec[16];
unsigned char ckey[16];
unsigned char ckey[32];
initializeAESKeys(ivec, ckey, _salt);
// read encrypted file
@ -331,7 +331,6 @@ bool Wallet::decryptFile(const QString& inputFilePath, unsigned char** outputBuf
*outputBufferSize += tempSize;
*outputBufferPtr = outputBuffer;
qCDebug(commerce) << "decrypted buffer size" << *outputBufferSize;
delete[] outputBuffer;
return true;
}