mirrors
/
Xray-core
mirror of https://github.com/XTLS/Xray-core.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

fix: Replace "math/rand" with "crypto/rand" in padding generation(#2032) (#1337) 

Co-authored-by: NaLan ZeYu <nalanzeyu@gmail.com>
This commit is contained in:
degfw 2022-11-14 14:24:24 +00:00 committed by GitHub
parent aa846b8420
commit d3efd2d24f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/crypto/auth.go
View File

@ -2,8 +2,8 @@ package crypto
import (
"crypto/cipher"
"crypto/rand"
"io"
"math/rand"
"github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/buf"
@ -265,7 +265,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) {
return nil, err
}
if paddingSize > 0 {
// With size of the chunk and padding length encrypted, the content of padding doesn't matter much.
// These paddings will send in clear text.
// To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used.
paddingBytes := eb.Extend(paddingSize)
common.Must2(rand.Read(paddingBytes))
}