randomize padding when encrypting - warp-vpn - point to point VPN implementation

commit f77cdbc47350a36c0f1c5e5fd86f0aa71fa4c0b2
parent 959abd7829076e77c211a7c554ccb8d2b2f483a5
Author: sin <sin@2f30.org>
Date:   Thu, 24 Mar 2016 18:07:43 +0000

randomize padding when encrypting

Diffstat:
M stun.c  | 9 +++++++++

1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/stun.c b/stun.c
@@ -117,6 +117,12 @@ padto(int len, int blocksize)
 }
 
 int
+padlen(int len, int blocksize)
+{
+	return padto(len, blocksize) - len;
+}
+
+int
 prepkey(unsigned char *pw, int pwlen)
 {
 	int ret, nrounds = 5;
@@ -356,6 +362,9 @@ writenet(int fd, unsigned char *buf, int len)
 {
 	unsigned char encbuf[MTU + AES_BLOCK_SIZE + HDRLEN];
 
+	if (padlen(len, AES_BLOCK_SIZE) > 0)
+		arc4random_buf(&encbuf[HDRLEN + len],
+	                       padlen(len, AES_BLOCK_SIZE));
 	aesenc(&enc, &encbuf[HDRLEN], buf, padto(len, AES_BLOCK_SIZE));
 	pack16(encbuf, len);
 	len = padto(len, AES_BLOCK_SIZE) + HDRLEN;

	warp-vpn point to point VPN implementation
	git clone git://git.2f30.org/warp-vpn
	Log \| Files \| Refs \| README