From d3efd2d24fdd833f33ae13a6e4979cf4c85951ae Mon Sep 17 00:00:00 2001
From: degfw <51269503+degfw@users.noreply.github.com>
Date: Mon, 14 Nov 2022 14:24:24 +0000
Subject: [PATCH] fix: Replace "math/rand" with "crypto/rand" in padding
 generation(#2032) (#1337)

Co-authored-by: NaLan ZeYu <nalanzeyu@gmail.com>
---
 common/crypto/auth.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/crypto/auth.go b/common/crypto/auth.go
index 8c659ff0..88de851e 100644
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -2,8 +2,8 @@ package crypto
 
 import (
 	"crypto/cipher"
+	"crypto/rand"
 	"io"
-	"math/rand"
 
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
@@ -265,7 +265,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) {
 		return nil, err
 	}
 	if paddingSize > 0 {
-		// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
+		// These paddings will send in clear text.
+		// To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used.
 		paddingBytes := eb.Extend(paddingSize)
 		common.Must2(rand.Read(paddingBytes))
 	}