From d3efd2d24fdd833f33ae13a6e4979cf4c85951ae Mon Sep 17 00:00:00 2001 From: degfw <51269503+degfw@users.noreply.github.com> Date: Mon, 14 Nov 2022 14:24:24 +0000 Subject: [PATCH] fix: Replace "math/rand" with "crypto/rand" in padding generation(#2032) (#1337) Co-authored-by: NaLan ZeYu --- common/crypto/auth.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/crypto/auth.go b/common/crypto/auth.go index 8c659ff0..88de851e 100644 --- a/common/crypto/auth.go +++ b/common/crypto/auth.go @@ -2,8 +2,8 @@ package crypto import ( "crypto/cipher" + "crypto/rand" "io" - "math/rand" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -265,7 +265,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) { return nil, err } if paddingSize > 0 { - // With size of the chunk and padding length encrypted, the content of padding doesn't matter much. + // These paddings will send in clear text. + // To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used. paddingBytes := eb.Extend(paddingSize) common.Must2(rand.Read(paddingBytes)) }